Making a Hash Of AMD’s L1D cache way predictor

The Theme For The Recent Past: Trimming A Bit Of Time At The Cost Of Security
Yet another architectural vulnerability has been discovered, shortly on the heels of the Intel, which effects many recent AMD processors. Scott posted details on AMD’s initial reply on the Take A Way vulnerability, which at this current moment there is no patch forthcoming. If you are curious exactly what this vulnerability is, now that the hype has died down somewhat you can take a look at The Register’s overview of it and the processors involved here.
In a nutshell it is part of AMD’s cache prediction technique which relies on a hash function to store the location of the cache the processor will access first when carrying out an instruction. Researchers reverse engineered how the hash is created, which allows them to read which location the processor will hit and use that knowledge to create a cache collision. That in turn can allow a variety of nasty things to happen, or at the very least slow down the efficiency of your L1 cache. The research suggests this attack can be carried out remotely, but compared to some of the other architectural flaws discovered over the past couple of years it is unlikely to be used as an attack vector. We will keep an eye on AMD to see what, if any, mitigation arrives.
The two attacks are called Collide+Probe and Load+Reload, in reference to the operations involved. The former exploits cache tag collisions while the latter exploits the way predictor's behavior for virtual addresses are mapped to the same physical address.