[forgotpw2018]

Didn't know that. The chipmaking business is insular and pretty incestuous, I wonder if the same engineers built both speculative execution units.

I've got a friend in CPU design and he's only got about 50 companies he can work for in the world where he could do the same job he does now

[TomV1971]

There are only so many ways to accelerate a CPU by speculating.

I’ve written RTL that speculatively fetches data from memory in order to avoid bubbles in a pipeline. Not a CPU, but the concept is exactly the same.

If somebody had assigned me to a CPU project without guidance from a security architect and ask me to speculate reads, I’d probably have done the same as Intel.

The chance that the same guy did both CPUs is small. It’s just that it’s not an unreasonable way of doing thing if you’re not familiar with these kind of attack.

[pwg]

In the never ending quest for yet more performance out of memory systems that are ever slower than the CPU's, this is likely exactly how it happened. The speculative reads, because they were speculative, were likely viewed as harmless (because the instruction that generated the read would never be committed if the speculation missed anyway, so CPU state (registers/flags) would not be changed improperly).

And if anyone even considered the results of the reads, they likely saw them as nothing more than free cache pre-fetch instructions that would enhance performance should the speculative path turn out to be the correct path after-all.

And because the push was for yet more performance, free cache pre-fetch operations were likely viewed as a great bonus.

[bonzini]

Actually, what I heard through the grapevine is that it became vulnerable after an engineer retired.