In another process? That's the thing - how does this cross the process boundary?

I believe it is constrained to the same process.

I weighted my options since AMD is so sure about this and it hasn't been exploited in AMD platforms, I will skip the patches suggested by Suse. It's not a real fix and they actually don't know if this can be implemented in AMD.

can someone test if disabling branch prediction hurts cpu mining??

I've heard back from AMD.... At least this PR person is saying: . “Disabling branch prediction” is definitely not an accurate description and we are working to address with SUSE now.

spectre requires shared memory mapping. most software can not be affected

yes as I understand it's not actually disabling it just exposing it??

Microsoft released a powershell script to check if you have the meltdown/spectre updates https://support.microsoft.com/en-us/...erabilities-in

What updates are needed on LInux
kernel > 4.14.11, 4.15rc6 (check)
updated ucode intel, ucode amd, kernel firmware (check)

what else is necessary?

Spectre does not require shared memory mappings and is not limited to just within the current process. Spectre is an attack which tricks the victim into speculatively executing code within its own memory domain in a way that allows the attacker to figure out the contents of memory in the Victim's domain. The attacker accomplishes this by passing data to the victim through normal APIs and by massaging data and branch caches such that it can detect whether the speculative execution occurred or not via timing.

So there are only really three requirements for a Spectre attack: (1) A normal API / IPC mechanism to communicate with the victim, and (2) Knowledge of code paths in the victim that might be vulnerable to speculative execution based on arguments and data the Attacker supplies through the API / IPC mechanism, and (3) That the code the victim winds up executing speculatively can be leveraged by the attacker's arguments to address any memory location within the Victim's address space.

The most common spectre attack that we are likely to see in the near future will be a Javascript attack against the browser. This is indeed an attack that stays within the process. It's the easiest Spectre attack vector so that is what we are likely to see first. But Spectre itself is not limited to just the current process.

If you use chrome, use the experimental --site-per-process option to reduce the impact.

-Matt

Back to typewriter then.



Your main issue is that you are using Ubuntu, please stop.