Speculation is fundamental to achieving high CPU performance, yet it enables vulnerabilities such as Spectre attacks, which remain a significant challenge to mitigate without incurring substantial performance overheads. These attacks typically unfold in three steps: they speculatively access sensitive data (access), alter the cache state (transmit), and then utilize a cache timing attack (e.g., Flush+Reload) to extract the secret (receive). Most Spectre attacks exploit a cache timing side channel during the transmit and receive steps. Our key observation is that Spectre attacks do not require the transmit instruction to complete before mis-prediction is detected and mis-speculated instructions are squashed. Instead, it suffices for the instruction to execute and dispatch a request to the memory hierarchy. Responses from memory that arrive after squashing occurs still alter the cache state, including those related to mis-speculated memory accesses. We therefore propose a novel mitigation technique, Cancellable Memory Requests (CMR), that cancels mis-speculated memory requests. Immediately upon squashing, a cancellation is sent to the cache hierarchy, propagating downstream and preventing any changes to caches that have not yet received a response. This reduces the likelihood of cache state changes, thereby reducing the likelihood of Spectre attacks succeeding. We implement CMR on gem5 and show that it thwarts practical Spectre attacks, and has near-zero performance overheads. We show that CMR can completely thwart Spectre attacks in four real-world processors with realistic system configurations.

翻译：推测执行是实现高CPU性能的基础，但它也催生了诸如Spectre攻击等漏洞。这些攻击在不对性能造成显著开销的情况下进行缓解，仍然是一个重大挑战。Spectre攻击通常分为三个步骤：推测性地访问敏感数据（访问阶段）、改变缓存状态（传输阶段），然后利用缓存计时攻击（例如Flush+Reload）来提取秘密信息（接收阶段）。大多数Spectre攻击在传输和接收阶段利用缓存计时侧信道。我们的关键观察是，Spectre攻击并不要求在检测到错误预测并清除错误推测指令之前完成传输指令的执行。相反，只要指令执行并向内存层次结构发出请求就足够了。在清除操作发生后到达的内存响应仍然会改变缓存状态，包括那些与错误推测内存访问相关的响应。因此，我们提出了一种新颖的缓解技术——可取消内存请求（CMR），用于取消错误推测的内存请求。在清除操作发生时，立即向缓存层次结构发送取消请求，该请求向下游传播，防止任何尚未收到响应的缓存发生状态改变。这降低了缓存状态改变的可能性，从而降低了Spectre攻击成功的可能性。我们在gem5模拟器上实现了CMR，并证明它能够阻止实际的Spectre攻击，且性能开销近乎为零。我们进一步证明，在四种采用实际系统配置的真实处理器中，CMR能够完全阻止Spectre攻击。