Alignment Checking & Meltdown

Written by Göran Weinholt

Here is some interesting news for compiler writers worried about Meltdown. I have previously described a way to get hardware-based type checks (think branchless car, cdr, vector-ref, etc.) using alignment checks. It now appears that this technique may be immune to Meltdown-type attacks:

Alignment Faults.

Upon detecting an unaligned memory operand, the processor can (optionally) generate an alignment check exception (#AC). We found that the results of unaligned memory accesses never reach the transient execution. We suspect that this is because #AC is generated early-on (even before the operand’s virtual address is translated to a physical one). Thus, Meltdown-AC is not possible.

A Systematic Evaluation of Transient Execution Attacks and Defenses (2018, Canella, et al.)

The kernel unfortunately can’t use it because #AC does not work at CPL=0, but for user space it could be a great way to avoid some Meltdown vulnerabilities.