General Store: Speculative Address Translation in x86 Processors

Abstract

The Spectre family of attacks exploits speculative execution to access secret data and transmit it across isolation boundaries using a microarchitectural covert channel. Whereas prior work has predominantly examined the use of speculative loads for constructing such channels, we investigate speculative stores and flush operations across a wide range of Intel and AMD processors. We find that speculative memory operations either update the data cache or initiate page table walks. Depending on the microarchitecture, the walk may complete and update the TLB or be aborted after populating data caches, leaving clear microarchitectural traces of the translation. We further characterize the effects of page table attributes, memory fences, and cache-coherence states on this behavior. Building on these findings, we introduce a covert channel that leverages only the page table walk activity of speculative stores to encode information, without relying on store-induced cache fills. Finally, we demonstrate that Speculative Load Hardening (SLH)---a widely deployed Spectre-v1 mitigation in LLVM---does not prevent speculative store-based leakage of register values, consistent with its threat model and design assumptions.