Recently came across the SERIALIZE instruction.
Serializes instruction execution. Before the next instruction is fetched and executed, the SERIALIZE instruction ensures that all modifications to flags, registers, and memory by previous instructions are completed, draining all buffered writes to memory.
Here's a sample masm64 program that has a Secret Key
. Before accessing the key, it surrounds the sensitive code with SERIALIZE
calls to hopefully prevent any kind of Speculative Execution.
option casemap:none
includelib kernel32.lib
includelib libcmt.lib
.data
sensitiveData db "My Secret Key", 0
.code
main proc
SERIALIZE
lea eax, [sensitiveData]
SERIALIZE
ret
main endp
end
Question
Can SERIALIZE
be used to mitigate Speculative Execution vulnerabilities such as Meltdown?
Update
Just found this article that explains this new instruction.
Linux Kernel Prepping To Make Use Of Intel's New SERIALIZE Instruction
... a patch series was sent out by an Intel Linux engineer for making use of the Intel SERIALIZE instruction within the kernel's sync_core() function. Linux's sync_core function is called for stopping the speculative execution and prefetching of modified code. ...