Software Mitigation of RISC-V Spectre Attacks

TL;DR

This paper introduces low-overhead software mitigations for Spectre attacks on RISC-V, demonstrating their effectiveness and integration into the LLVM toolchain, addressing a critical security gap in emerging architectures.

Contribution

It proposes the first software mitigations for Spectre-RSB on RISC-V and adapts existing Spectre-BTI mitigations, enabling practical defense in open-source toolchains.

Findings

Mitigations effectively prevent Spectre attacks on RISC-V

Mitigations are compatible with LLVM and practical to implement

All tools and data are publicly available for reproducibility

Abstract

Speculative attacks are still an active threat today that, even if initially focused on the x86 platform, reach across all modern hardware architectures. RISC-V is a newly proposed open instruction set architecture that has seen traction from both the industry and academia in recent years. In this paper we focus on the RISC-V cores where speculation is enabled and, as we show, where Spectre attacks are as effective as on x86. Even though RISC-V hardware mitigations were proposed in the past, they have not yet passed the prototype phase. Instead, we propose low-overhead software mitigations for Spectre-BTI, inspired from those used on the x86 architecture, and for Spectre-RSB, to our knowledge the first such mitigation to be proposed. We show that these mitigations work in practice and that they can be integrated in the LLVM toolchain. For transparency and reproducibility, all our programs and data are made publicly available online.