Announcement

Collapse
No announcement yet.

Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Exploit is out:

    Comment


    • #32
      All this sounds to me that Intel invented Spectre of trolling, to diminish their Meltdown. Spectre as a trolling tool to save their asses as much as possible
      They are certainly relying on it very heavily for their PR spin!

      Torvalds has his say on some of the patches: https://marc.info/?l=linux-kernel&m=151502350206820&w=2

      Why is this all done without any configuration options? A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains. Maybe even a L1 I$ that is keyed by CPL. I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed. .. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind. Or is Intel basically saying "we are committed to selling you shit forever and ever, and never fixing anything"? Because if that's the case, maybe we should start looking towards the ARM64 people more. Please talk to management. Because I really see exactly two possibibilities: - Intel never intends to fix anything OR - these workarounds should have a way to disable them. Which of the two is it? Linus
      Ouch!

      Comment


      • #33
        All this sounds to me that Intel invented Spectre of trolling, to diminish their Meltdown. Spectre as a trolling tool to save their asses as much as possible ​
        They are certainly relying on it very heavily for their PR spin!

        Torvalds has his say on some of the patches: https://marc.info/?l=linux-kernel&m=...206820&w=2

        Why is this all done without any configuration options? A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains. Maybe even a L1 I$ that is keyed by CPL. I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed. .. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind. Or is Intel basically saying "we are committed to selling you shit forever and ever, and never fixing anything"? Because if that's the case, maybe we should start looking towards the ARM64 people more. Please talk to management. Because I really see exactly two possibibilities: - Intel never intends to fix anything OR - these workarounds should have a way to disable them. Which of the two is it? Linus
        Ouch!

        Comment


        • #34
          Originally posted by GunpowaderGuy View Post
          I wonder how this will affect risc V
          Don't quote me, but it's likely fine for rocket, and likely back to the drawing board for boom.

          Comment


          • #35
            Looks like the AMD exclude patch for PTI has been merged into mainline

            AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculat...

            Comment


            • #36
              That does it. My next CPU is going to be from Via.

              Comment


              • #37
                AMD released a statement with a easy to read table summing up the problems/risks.
                Google Project Zero (GPZ) Research Title Details
                Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
                Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
                Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.

                Kind regards.
                B.

                Comment


                • #38
                  So AMD have what is effectively an IPC gift from Intel, in servers at least. 5% to 15%, with some outliers at 30% and even more for heavy fast SSD users.

                  Comment


                  • #39
                    Originally posted by Spooktra View Post

                    I love how the AMD apologists are starting to come out of the woodwork all over the 'net.

                    I'm not accusing...just saying it seems like some 3 letter entity that has trouble posting a profit for more than a quarter at a time may have some extra staff out there spreading FUD.
                    Ehmm.. Try paying attention. There has always been two issues, everybody is vulnerable to the insignificant one, the dangerous one that is needs a heavy-handed performance destroying patch is Intel only.

                    Comment


                    • #40
                      Originally posted by Brutalix View Post
                      AMD released a statement with a easy to read table summing up the problems/risks.
                      Google Project Zero (GPZ) Research Title Details
                      Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
                      Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
                      Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.

                      Kind regards.
                      B.
                      Could you please give me link to original AMD statement? Cannot find it :/

                      Comment

                      Working...
                      X