Announcement

Collapse
No announcement yet.

New Spectre Variants Discovered By Exploiting Micro-op Caches

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by ms178 View Post

    Speaking of disasters, the heating just broke in our house, warm water just trickled through the old pipe of questionable quality (40 years old, Made in the GDR). Lovely.
    That sucks. I know a bit about pipes braking. I had to replace the hot water heater 5 years ago; went all electric utilities at the same time. Luckily all of that had easy access and was quick to do. We were forced into that. A tree grew through our gas line and it was more expensive to fix than than to get new utilities. Act of God so insurance didn't cover it. Almost blew up the neighborhood...that isn't an exaggeration. Long story short: We were out of town camping when it happened so it spewed gas for hours on end until it was noticed and we were able to get in touch with friend to deal with it.

    Comment


    • #12
      I'm glad they are exposing this vulnerability properly. I wish they did the same for the keyed ring -3 remote management interfaces. Haven't heard shit about IME since Snowden moved to Russia.

      Comment


      • #13
        Originally posted by ms178 View Post

        Well, what does it bring you if you barricade the door but leave all of the windows open? But you are right, I am not running a server farm, it is just my private gaming rig. I also re-build my Kernel turning off the "avoid indirect branches" option. I know that it is dangerous, but I don't want to pay any performance penalties and hope that the industry gets their act together and designs more secure products without sacrificing performance.
        OoOE goes hand in hand with Spectre. Period. If you have brilliant ideas how to make OoOE work regardless - all CPU designers are listening to you carefully. In fact Intel, AMD, ARM and Apple will all pay you a billion of dollars to solve the issue.

        Comment


        • #14
          Originally posted by ms178 View Post
          Well, what does it bring you if you barricade the door but leave all of the windows open?
          That you don't get occasional strangers via the open door, only sneaky burglars through the window. So you can prepare and wait them with a shotgun.

          Comment


          • #15
            Originally posted by phoronix View Post
            Phoronix: New Spectre Variants Discovered By Exploiting Micro-op Caches

            University of Virginia and University of California San Diego researchers have discovered multiple new variants of Spectre attacks that are not protected by existing Spectre mitigations and could yield both Intel and AMD CPUs leaking data via micro-op caches...

            https://www.phoronix.com/scan.php?pa...Cache-Exploits
            I think somebody is soon going to suggest/prove the following general statement (if not suggested/proved already): Given enough time it is possible for a hand-crafted program or an external device to distinguish any two states inside of a CPU (outside of the hand-crafted program) that show some kind of difference in performance or power consumption - irrespective of how small, rare, intricate, unrelated or deeply hidden those two states are. Maybe it is even possible to fully reconstruct the 3D positions and charges of all gates in a CPU on a machine that isn't connected to the outside world by just observing its temperature using 3 movable temperature sensors.

            Comment


            • #16
              Originally posted by birdie View Post

              OoOE goes hand in hand with Spectre. Period. If you have brilliant ideas how to make OoOE work regardless - all CPU designers are listening to you carefully. In fact Intel, AMD, ARM and Apple will all pay you a billion of dollars to solve the issue.
              I am not a CPU designer, but isn't it a problem of speculative execution being not that speculative after all and not OoOE in general? At least to me as a layman the deterministic behavior of these speculations seems to be the root cause. Hence some randomization or encryption/decryption might be of help here [a dedicated on-chip-FPGA for that task might also help with performance?!].


              Last edited by ms178; 01 May 2021, 10:51 AM.

              Comment


              • #17
                Originally posted by ruff View Post
                That you don't get occasional strangers via the open door, only sneaky burglars through the window. So you can prepare and wait them with a shotgun.
                Don't get me wrong, I generally support the idea to make thins as hard as possible for hackers. But I don't want to pay a price in terms of huge performance losses for only a minor gain in security.

                Comment


                • #18
                  One thing to monitor closely is how hard it is to exploit the vulnerability. Because between theory and reality there might be a huge gap. Meltdown was extremely dangerous since it could enable attackers to easily steal tons of data as an astounding rate. Now for other attacks we've never seen such phenomenon, except maybe in datacenters with multiple virtual machines / containers on the same physical host. And even though the attacker must have accurate knowledge of the underlying hardware, which is often quite tough.

                  Now if we need to pay a 50% penalty to shield us again a threat that is theoretical except in very few cases I won't pay for it.

                  In the meantime on my old rig (the one that I only use occasionnally), an AMD Phenom x4 9850, the vulnerability does not exist since it does not feature a µOp cache. ;-)
                  Last edited by gojul; 01 May 2021, 11:27 AM.

                  Comment


                  • #19
                    Originally posted by ms178 View Post

                    I am not a CPU designer, but isn't it a problem of speculative execution being not that speculative after all and not OoOE in general? At least to me as a layman the deterministic behavior of these speculations seems to be the root cause. Hence some randomization or encryption/decryption might be of help here [a dedicated on-chip-FPGA for that task might also help with performance?!].
                    It's speculative, speculative means the CPU has to cache the RAM regions which, without OoOE wouldn't have been cached, and once something is cached without any applications specifically asking for it, other apps can probe the speed of access to these RAM regions and deduct the values of these RAM regions.

                    Please read on Spectre and OoOE, and you won't look stupid You can disable OoOE entirely however that will make CPUs up to a dozen times slower than they are now.

                    https://milestone-of-se.nesuke.com/e...tdown-spectre/

                    https://spectrum.ieee.org/computing/...-really-worked

                    And even the original paper: https://spectreattack.com/spectre.pdf
                    Last edited by birdie; 01 May 2021, 11:31 AM.

                    Comment


                    • #20
                      Feels like this (class of vulnerabilities) will potentially make the cloud less desirable (vs. on-premises computing) as if you don't have bad actors accessing your hardware directly, it doesn't matter if the CPU can potentially leak secrets?

                      The only reasonably safe option left seems to be non-SMT, non OoOE for cloud providers, which will likely make the cloud less suitable to certain workloads going forward?

                      We certainly get to live in interesting times...
                      Last edited by ermo; 01 May 2021, 11:36 AM.

                      Comment

                      Working...
                      X