Originally posted by archkde
View Post
Announcement
Collapse
No announcement yet.
AMD Details "SQUIP" Side Channel Vulnerability For Zen's Execution Unit Scheduler
Collapse
X
-
I don't like the way that AMD are responding to some of these issues.
Sure there were many BS attempts like where Intel payed off companies like CTS-Labs to beat the drum over useless AMD vulnerabilties that required physical access... but Retbleed was a legitimate issue for zen1 and zen2 and AMD said: "As of the date of this disclosure, AMD is not aware of any active exploits in the wild of AMD products relating to CVE-2017-5715". This time it is a legitimate problem for zen1, zen2 and zen3. It might not affect many use cases but just stating people should write better code to avoid a potential vulnerability is a joke. That's not the right attitude AMD!
I would like to know why the researchers did not publish non-absolutely-ideal conditions for example a threat model where co-location is not achieved and where full task-isolation mode is not enabled. IMO the report's reference to "Co-location detection on the Cloud" by Mehmet Sinan ̇Inci, Berk Gulmezoglu, Thomas Eisenbarth, Berk Sunar is not valid anymore. Operating systems have changed a lot since 2016 those methods are not applicable in 2022.
Originally posted by Linuxxx View PostI guess the only mitigation to this would be to turn off SMT entirely, which would especially impact popular chips like the Ryzen 3300X & Steam Deck's Van Gogh APU, since it would then leave them with just 4 cores & threads, which is already too low for some newer games.
Presumably that's why AMD doesn't want to take that route, similar to Intel.
Big cloud providers have already solved this problem as this is not the first time they are facing it. Also big cloud providers paid for the research, so they knew about it in 2021 already. The only people that would be really effected by this are developers who do not understand how to work around the problem and smaller cloud providers who can't afford to limit users to specific parts of the system.
This is a different problem than what Intel owners had in the past.
Turning SMT off is not the only mitigation as the report explains. Please read sections 5.1 6.1 and 6.2.
Originally posted by archkde View PostThis is yet another reminder to use mitigations=auto,nosmt if you run any untrusted code.
Originally posted by Raka555 View PostI am not really loyal to any brand, but I can't resist to point out to the AMD fanboys that we told them it will be just a matter of time before AMD vulnerabilities will be discovered.
It is not just Intel. It happens to all of them.
On the other side you have a majority used brand-Y who also provides self driving cars. The road safety organization did not investigate this brand. These self driving cars drove into other cars in a head on collision causing many casualties all over the world in multiple crashes.
Conclusion: It's not just brand-Y, all self driving cars have accidents.
Yes, it was a matter of time and more AMD vulnerabilities will come. I doubt any other brand would have as much and as serious vulnerabilities as Intel's had in the past decade.
Originally posted by Volta View Post
Nice try fanboy. It matters how many and how impactful vulnerabilities there were. AMD wins so far.
https://en.wikipedia.org/wiki/Transi..._vulnerability
- Likes 2
Comment
-
Originally posted by Mike Frett View PostEveryone is on a team. Amd/Intel, Windows/Linux, Republican/Democrat, Facebook/Twitter. It's part of human nature to join a team. Every now and then you get an oddball that wants to be Rambo.
2. I use Windows/Linux/macOS/Android daily. iOS/xBSD once in a while.
3. Why limit yourself to two ideologies?
4. I don't use social media ... I'm in that team then ;-)
Can I still be biased? Yes of course.
Tribalism and group-think are real. It's wonderful that most of us don't live in a cave and kill others as we please.
The problem we face today is that some people don't have the ability or desire to read. On the other hand some that are good at reading (mostly in management positions) have strong forms of hubris that fuels their cognitive dissonance. There are better ways to test and help people but it's extremely challenging and expensive to solve these problems.
Telling people it's ok to be wrong and motivating to lie less helps if you are able to convince.
- Likes 2
Comment
-
Originally posted by Volta View Post
Nice try fanboy. It matters how many and how impactful vulnerabilities there were. AMD wins so far.
- Likes 4
Comment
-
Originally posted by Jabberwocky View Post
Can I still be biased? Yes of course.
Tribalism and group-think are real. It's wonderful that most of us don't live in a cave and kill others as we please.
Telling people it's ok to be wrong and motivating to lie less helps if you are able to convince.
Comment
-
Originally posted by Espionage724 View PostCan you describe that firmware bug?
Comment
-
Originally posted by archkde View Post
Yes, it's pretty easy to explain. When I suspend the system while some logical CPU is offline, the firmware will put that CPU in a very shallow idle state once the system resumes again. This leads to massively increased power usage. So I have a script that enables and immediataly disables SMT again on resume, which works around the bug because Linux puts the offline CPU in the deepest idle state properly.Last edited by erniv2; 10 August 2022, 12:48 PM.
Comment
-
Originally posted by piotrj3 View Post
Because from certain point of view it does make sense, you have certain units that are existing in numbers bigger then 1 like FPU, integer operations units etc. They exist primarly to execute at the same time several operations at once if possible, but if this is not possible (or simply currently you use diffrent types of operations) .... well then those units are idle. But if you have 2 logical cores wired up to same units you could theoretically increase utilization so from same sand you can produce higher performance. if you had 4 logical cores, utilization would be even higher.
Issue with SMT/HT is exactly abusing of that timing issues, cache, and fact you are generally not improving power efficiency.
Thank you!
Originally posted by kvuj View Post
Fun fact, IBM has been offering SMT8 on their POWER CPUs for a while now.
I'm not sure what workload favors it though. It seems like hyper specialized applications like their Db2 database can make use of it. I guess that's the main benefit of having a company making the hardware and software.
Thanks!
Comment
-
Originally posted by erniv2 View Post
You do know that we are the caveman and kill each other over belive systems on a daily basis right ?
It is nowhere near what has been documented in the past. Living conditions in the past few decades are much better than it ever was.
https://en.wikipedia.org/wiki/List_o...ters_by_death_ toll
Originally posted by erniv2 View Post
If a person chooses to think that way that person will do anything to defend that build up system. 90% of the humans will do anything to defend their little world, and the 10% left over are the outcasts that get the white eyes (huh whats with that strange guy). And those 10% are constantly under bombardment of the surroundings oh come to our side.
It's not easy to educate people but that's the best way to help people progress from more savage violent ways. The big proponent of savage tribalism is usually a charismatic leader but that's true for any group e.g. Hitler, Stalin, Mao etc. not only for people that live in rural areas or tribes.
Majority of people I have met are no longer the savage cavemen that we were many years ago.
- Likes 2
Comment
Comment