Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 84 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
N

naukkis

Senior member
Jun 5, 2002
706
578
136
tamz_msc said:
Intel and AMD are looking to increase performance by looking at everything there is to improve upon in their architectures. How does non-standard use of a prefix on an operation that has been enhanced to give better performance with short strings equate to sloppy ISA extension?
Click to expand...
Well-defined ISA doesn't allow non-standard use of prefixes. It's plain stupidity to chase performance by compromising ISA.
 
  • Like
Reactions: KompuKare, moinmoin and igor_kavinski
tamz_msc

tamz_msc

Diamond Member
Jan 5, 2017
3,821
3,643
136
naukkis said:
Well-defined ISA doesn't allow non-standard use of prefixes. It's plain stupidity to chase performance by compromising ISA.
Click to expand...
Well unlike RISC-V, x86 ISA didn't evolve to its current state through an independent body overseeing the implementation and extension of the ISA.
 
N

naukkis

Senior member
Jun 5, 2002
706
578
136
tamz_msc said:
Well unlike RISC-V, x86 ISA didn't evolve to its current state through an independent body overseeing the implementation and extension of the ISA.
Click to expand...

It's not a valid point. They can have legacy support but still define new extensions to have unambiguous coding. Bugs like that are avoidable - Intel just did a lousy job. And when there is one such a bug there sure is plenty more coming.
 
  • Like
Reactions: KompuKare, moinmoin and igor_kavinski
moinmoin

moinmoin

Diamond Member
Jun 1, 2017
4,954
7,671
136
tamz_msc said:
How does non-standard use of a prefix on an operation that has been enhanced to give better performance with short strings equate to sloppy ISA extension?
Click to expand...
Is that even a question? This bug causes the CPU to go into an impossible state that shouldn't ever exist! So at some point somewhere the whole design broke apart and didn't behave as designed, because some part wasn't covered. And if that's not sloppy to you, please tell me what you consider sloppy.
 
  • Like
Reactions: igor_kavinski and Markfw
tamz_msc

tamz_msc

Diamond Member
Jan 5, 2017
3,821
3,643
136
naukkis said:
It's not a valid point. They can have legacy support but still define new extensions to have unambiguous coding. Bugs like that are avoidable - Intel just did a lousy job. And when there is one such a bug there sure is plenty more coming.
Click to expand...
Where does "legacy support" figure here? The bug is due to an unexpected behaviour with FSRM at the micro-op level. To trigger it in a way that could pose a security risk, you'll need to have access to an insider at Intel with knowledge of how the micro-ops work.
 
tamz_msc

tamz_msc

Diamond Member
Jan 5, 2017
3,821
3,643
136
moinmoin said:
Is that even a question? This bug causes the CPU to go into an impossible state that shouldn't ever exist! So at some point somewhere the whole design broke apart and didn't behave as designed, because some part wasn't covered. And if that's not sloppy to you, please tell me what you consider sloppy.
Click to expand...
Read the blog post again - the CPU can recover from such states on its own.

You want sloppy? How about this? It took Intel to find out that one of AMD's fixes for Spectre didn't actually work for four years.
 
moinmoin

moinmoin

Diamond Member
Jun 1, 2017
4,954
7,671
136
tamz_msc said:
the CPU can recover from such states on its own.
Click to expand...
That's great, and what does it do as long it didn't recover yet? And what about the DoSing possible by putting multiple cores/SMT threads into that state and causing machine check exceptions?
 
  • Like
Reactions: Markfw
I

igor_kavinski

Lifer
Jul 27, 2020
16,339
10,351
106
tamz_msc said:
You want sloppy? How about this? It took Intel to find out that one of AMD's fixes for Spectre didn't actually work for four years.
Click to expand...
AMD can be excused coz they were busy kicking Intel's butt during those four years. Thanks Intel, for doing AMD's job FOR them. Time and money well spent, for a change! Now back to making chips, Intel! You owe an 8-core Gracemont i3-N305 to every Skylake and later CPU owner to make up for the sloppy Swiss Cheese CPU design that got slower and slower over the years due to the mitigation patches.
 
  • Like
Reactions: Markfw
tamz_msc

tamz_msc

Diamond Member
Jan 5, 2017
3,821
3,643
136
igor_kavinski said:
AMD can be excused coz they were busy kicking Intel's butt during those four years. Thanks Intel, for doing AMD's job FOR them. Time and money well spent, for a change! Now back to making chips, Intel! You owe an 8-core Gracemont i3-N305 to every Skylake and later CPU owner to make up for the sloppy Swiss Cheese CPU design that got slower and slower over the years due to the mitigation patches.
Click to expand...
Skylake isn't affected by the way with Reptar.
 
tamz_msc

tamz_msc

Diamond Member
Jan 5, 2017
3,821
3,643
136
moinmoin said:
That's great, and what does it do as long it didn't recover yet? And what about the DoSing possible by putting multiple cores/SMT threads into that state and causing machine check exceptions?
Click to expand...
To do that you'll need inside knowledge of how the Intel micro-ops are decoded. Unless you kidnap an Intel engineer with knowledge of such things and tell him at gunpoint to spill the beans, nothing is going to happen.
 
N

naukkis

Senior member
Jun 5, 2002
706
578
136
tamz_msc said:
To do that you'll need inside knowledge of how the Intel micro-ops are decoded. Unless you kidnap an Intel engineer with knowledge of such things and tell him at gunpoint to spill the beans, nothing is going to happen.
Click to expand...

Are you kidding? CPU goes to unstable state - corrupting data unknown ways. Using that corruption state to actually steal privileged data is the hard part but for data integrity going into non-working state is much bigger problem.
 
  • Like
Reactions: moinmoin and igor_kavinski
tamz_msc

tamz_msc

Diamond Member
Jan 5, 2017
3,821
3,643
136
naukkis said:
Are you kidding? CPU goes to unstable state - corrupting data unknown ways. Using that corruption state to actually steal privileged data is the hard part but for data integrity going into non-working state is much bigger problem.
Click to expand...
So do MCEs never occur in VMs in the cloud? Don't all cloud providers have redundancy built-in? Doesn't there exist something called Live Migration?
 
N

naukkis

Senior member
Jun 5, 2002
706
578
136
tamz_msc said:
So do MCEs never occur in VMs in the cloud? Don't all cloud providers have redundancy built-in? Doesn't there exist something called Live Migration?
Click to expand...

Yes, that what ISA should do - give MCE when error occurs. That's not the case with that bug - cpu continues execution without notification leading possible undetected data corruption. That's the worst kind of cpu malfunctioning - actually we don't know yet if that bug can be used to modify other privileges data too. That's possible case with such kind of unexpected cpu behaviour.
 
  • Like
Reactions: moinmoin and igor_kavinski
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom