VirtualLarry
No Lifer
- Aug 25, 2001
- 56,343
- 10,046
- 126
Well, that technique isn't exactly perfect, if you need computations in real-time.
It sounds more like this:
Code:
if (x < 0) x = 0;is affected, rather than:
Code:
if (x < 0) y = 0;At least that's the way I read it. Could be wrong. But even if I'm right, that's... still really bad.
Update from Toms. AMD confirms their CPUs are not effected by Spoiler. They also say that Cofee Lake and upcoming Intel CPUs are still vulnerable.
https://www.tomshardware.com/news/amd-processor-intel-spoiler-vulnerability,38841.html
https://www.tomshardware.com/news/amd-processor-intel-spoiler-vulnerability,38841.html
DrMrLordX
Lifer
- Apr 27, 2000
- 21,634
- 10,849
- 136
Yes. And this advice will be permanent, btw. Spectre 1 is the only one of these new vulns that cannot be fixed without throwing away almost all of the performance of modern CPUs.
And the scope isn't if statements in general, it's specifically using control flow alone to guard data that is not supposed to be accessible. A good example of this would be the javascript engine in browsers doing a boundary check on array access. Traditionally, this might be something like:
Code:
int checked_get(size_t len, size_t index, int *array){
if (index < len) return array[index];
//if index > len, and that is rare in the program, the wrong value past the end of the array is speculatively returned.
//since this was supposed to prevent a javascript program accessing things like cryptographical keys that can reside
//in the same address space, this is a problem.
//something else to deal with overflow
}In the brave new world, this is not safe, and cannot be made safe by changes to cpus alone. Note that if statements are not the only flow control that is affected, things like Liskov substitution has also been successfully attacked. (That is, using multiple different subclasses of a superclass with different implementations, and leaking information by tricking the cpu to speculatively use the wrong subclass on the data of a different subclass.)
In the future, to protect data that is not supposed to be available, you need to use arithmetic or non-control-flow logic operations. Modifying our earlier example:
Code:
int checked_get(size_t len, size_t index, int *array){
//make bitmask. works if len is a power of two
size_t mask = len + len -1;
if (index < len) return array[index & mask];
// this way, if index is greater than len, it will speculatively return the wrong value but from inside the values you could access anyway.
// no protection boundary is violated.
//something else to deal with overflow
}In principle, this was one of the transformations that was actually done to make javascript safe again.
In future, this might mean we will get things like new, fast boundary checking instructions that do the above (or something else safe) that can be used instead. Even a fast scalar max() implemented as a single-cycle instruction that depended on both values and outputted the larger one would do the trick. But the primary problem, that you can leak data from speculative contexts using the cache, and that control flow is no longer a safe way to enforce protection boundaries, cannot and will not be fixed, and affects all fast CPUs going forward.
Last edited:
moinmoin
Diamond Member
- Jun 1, 2017
- 4,952
- 7,665
- 136
You state this as something universally true. Is it? What's included as a "fast CPU" in this context, e.g. all modern ARM cores as well? Anything with any form of speculative execution?
Basically everything that combines branch prediction and a cache. This includes all the fast arm cores.
amd6502
Senior member
- Apr 21, 2017
- 971
- 360
- 136
The existential crisis for modern CPUs (not just x86) continues. This latest one in the news is x86 specific though towards core series. I don't know anything about it. If anyone is up for it, it looks like some very deep reading that's going to take a chunk of time https://arxiv.org/pdf/1903.00446.pdf . https://www.guru3d.com/news-story/intel-procs-again-hit-by-massive-vulnerability-called-spoler.html
amd6502
Senior member
- Apr 21, 2017
- 971
- 360
- 136
I'm new to this one; from browsing the article for 90 minutes but not really understanding most the details, it doesn't seem too bad in itself. It seems like it would take a very large amount of work to make practical real life use of it. The snooping on timings almost universal in the unpatched exploits. Webassembly seems like a bad idea that's going to be exploited very badly anyways.
My take is web apps will just have to be trusted to do a good job on security, and sandbox javascript as best as they can with timer functions that output with increasing noise for scripts that make excessive frequent calls.
https://www.phoronix.com/scan.php?page=article&item=intel-cascadelake-linux&num=6
Looks like the hardware mitigations in Cascade Lake are actual mitigations and not just microcode, as evidenced by the context switch benchmark.
Looks like the hardware mitigations in Cascade Lake are actual mitigations and not just microcode, as evidenced by the context switch benchmark.
UsandThem
Elite Member
- May 4, 2000
- 16,068
- 7,380
- 146
Yet another variation / vulnerability:
https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/
https://www.zdnet.com/article/intel-cpus-impacted-by-new-zombieload-side-channel-attack/
Looks like the new architecture changes cover this new attack. Older CPUs have received / will receive microcode updates.
Edit: I'm just quoting the zdnet article. If you disagree with it, take it up with them, not me, lol.
Edit: I'm just quoting the zdnet article. If you disagree with it, take it up with them, not me, lol.
Last edited:
Yet again, AMD not affected, but sure, 9% performance decrease will surely not be "noticeable." Ryzen was tied with Intel at launch, and now between Meltdown, Spectre, L1TF, and this new Zombie(!) exploit, Ryzen is 30% higher IPC than Coffee or whatever Lake.
Toms reporting that intel is recommending turning off hyperthreading altogether to avoid issues:
https://www.tomshardware.com/news/intel-disable-hyper-threading-spectre-attack,39333.html
https://www.tomshardware.com/news/intel-disable-hyper-threading-spectre-attack,39333.html
Fanatical Meat
Lifer
- Feb 4, 2009
- 34,576
- 15,790
- 136
Turning off HT doesn't stop ZombieLoad though.
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
DrMrLordX
Lifer
- Apr 27, 2000
- 21,634
- 10,849
- 136
Just another reason for people to get off those Skylake-SP systems. It'll be interesting to see what they buy as replacements.
I know, right? People are so touchy sometimes.
It also looks like Intel abused the process of responsible disclosure for economic reasons. Wasting security researchers time, trying to "gift" them money instead of a proper bug bounty and also trying to delay release to the public. It think it reflects badly on them, security researchers will probably not put up with that again.
Wired:
Translated from the NL interview:
Sources:
https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/
https://www.nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208
Edit:
Wired:
Translated from the NL interview:
Sources:
https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/
https://www.nrc.nl/nieuws/2019/05/14/hackers-mikken-op-het-intel-hart-a3960208
Edit:
Last edited:
Hans de Vries
Senior member
Last edited:
ok, so we get another patches and whatever.....
Intel has like 90+% of CPUs used in the computer world, it is logical the researchers focused on them
any info if researchers plan to exploit EPYCs, power, apple axx etc CPUs?
they work by logical algoritms all, so can be broken...
Intel has like 90+% of CPUs used in the computer world, it is logical the researchers focused on them
any info if researchers plan to exploit EPYCs, power, apple axx etc CPUs?
they work by logical algoritms all, so can be broken...
I wouldn't be surprised if the bribing they are talking about was so that they can move the remaining stock of Skylake-SP, assuming Cascade Lake is unaffected.
That's the confusing thing about this. Are they talking about the microcode changes Intel's done so far or the hardware fixes?
That's the confusing thing about this. Are they talking about the microcode changes Intel's done so far or the hardware fixes?
DrMrLordX
Lifer
- Apr 27, 2000
- 21,634
- 10,849
- 136
Ugh. More vulnerable? Is there any more data on that?
The main difference between 8th and 9th gen chips is the hardware mitigations (wrt Spectre/Meltdown). So the hardware mitigations may introduce new flaws.
Seems like Intel's whitepaper and the actual security researchers are not on the same page for this vulnerability. That's really not a good look for intel.
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 10K
-
Discussion Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)- Started by Vattila
- Replies: 13K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 7K
-
Facebook
Twitter