Announcement

Collapse
No announcement yet.

RISC-V Enabling Generic CPU Vulnerabilities Reporting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • RISC-V Enabling Generic CPU Vulnerabilities Reporting

    Phoronix: RISC-V Enabling Generic CPU Vulnerabilities Reporting

    While RISC-V processors don't need to worry about Meltdown and Spectre or have any other severe CPU vulnerabilities at the moment, with the upcoming Linux 6.12 kernel the RISC-V code is set to enable the generic CPU vulnerabilities support...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Well, from the security point of view "Not affected" should be spelled "Not yet affected, as far as we know"...

    Comment


    • #3
      Originally posted by Pyth0n View Post
      Well, from the security point of view "Not affected" should be spelled "Not yet affected, as far as we know"...
      Eerie.

      For some positivity a reminder:

      Complexity breeds bugs, which are often security issues.

      RISC-V is simpler, even with the current set of extensions which is already on par in functionality with x86 and arm. Thus, RISC-V is less likely to suffer from bugs.

      Comment


      • #4
        Originally posted by Pyth0n View Post
        Well, from the security point of view "Not affected" should be spelled "Not yet affected, as far as we know"...
        Depends on your perspective on the matter since "Not affected" and "Not yet affected" can apply to anything in life. Take the status of the CPU being hit by a bus. Is it currently "Not affected" by being hit by a bus or is it "Not yet affected" by being hit by a bus?

        Since anything and everything applies to "Not yet affected", "Not affected" is the appropriate term.

        Also, labeling something that may never happen as "Not yet affected" is a fear mongering scare tactic and can have negative implications. It's like a school saying, "Shot Up?" "Not yet affected!". Yet, huh?

        Comment


        • #5
          While RISC-V processors don't need to worry about Meltdown and Spectre or have any other severe CPU vulnerabilities at the moment, with the upcoming Linux 6.12 kernel the RISC-V code is set to enable the generic CPU vulnerabilities support.
          This sadly is not true. Many implementations and products that are based on the open source cores from https://github.com/XUANTIE-RV and these all have problems with the floating point implementations, and the C910 cores specifically have a draft implementation of the RISC-V Vector Extension which implements a non-standard instruction that allows direct access to physical memory known as GhostWrite: https://ghostwriteattack.com


          Also any RISC-V based Out-Of-Order design, just like their Arm and x86 counterparts, are susceptible to Spectre attacks and while some have mitigations and as Pyth0n pointed out new exceptions to the Spectre mitigations are always being discovered. There are newer technologies to actually address these problems systemically, but they come at a performance cost and the implementation is expensive so no one seems to be pushing very hard for them yet.

          Either way, I see this as a positive step forward because this will make it easier for runtimes and compilers to avoid broken implementations - and that is always welcome.

          Comment


          • #6
            Originally posted by ayumu View Post
            RISC-V is simpler, even with the current set of extensions which is already on par in functionality with x86 and arm. Thus, RISC-V is less likely to suffer from bugs.
            On par in functionality is the easy part. The hard one is on par with performance. Most modern troubles origin from performance enhancements (like speculative execution, for example).

            Comment


            • #7
              Originally posted by Pyth0n View Post
              Well, from the security point of view "Not affected" should be spelled "Not yet affected, as far as we know"...
              Yeah, until another Chinese firm releases another CPU with their "slightly modified" vector instructions with incorporated loopholes, as their beautiful Peoples Government asked for

              Comment

              Working...
              X