Mill Computing, Inc. › Forums › The Mill › Architecture › Mill vs. Spectre: Performance and Security › Reply To: Mill vs. Spectre: Performance and Security
They recently discovered SplitSpectre, which is a spectre variant with a much simpler gadget.
With regular spectre, this was the gadget needed in the victim space:
if (x < array1_size)
y = array2[array1[x] * 4096];
Which is not that common.
With SplitSpectre, this is the gadget needed:
if (x < array1_size)
y = array1[x];
Which happens practically everywhere.
Access to array2 can be in the villan’s space if y is returned.
From your talk, I reckon the mill is still not affected.