Announcement

Collapse
No announcement yet.

Security Researchers Detail New "BlindSide" Speculative Execution Attack

Collapse
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • angrypie
    replied
    Originally posted by CochainComplex View Post
    so where are the non speculative CPU's? is it still possible or will this push us back to pre-P4 era (performancewise)?
    In-order designs with today's performance won't be possible unless we break the memory wall.

    On the other hand, with the performance impact of mitigating those flaws we'd be better off with an overclocked 486 + modern extensions.

    Leave a comment:

  • ed31337
    replied
    Originally posted by xfcemint View Post
    I wonder how many more years before the CPU manufacturers realize that they can offer a user-controlled option to disable speculation (a so-called "chicken bit") and carve out a niche marked there of customers who value additional security.
    Don't we already have something like that with chips that employ ARM's big.LITTLE architecture?
    Last edited by ed31337; 11 September 2020, 08:21 PM.

    Leave a comment:

  • Amaranth
    replied
    Originally posted by xfcemint View Post
    Also, speculation is safe if done just on registers and a few buffers close to the ALU. The problem with current CPUs is that manufacturers are relentlessly and dangerously speculating on every shit they can think of to get out that last 1% performance. Than the CPU looks good on benchmarks when it is released.
    One of the variants of Spectre is called Rogue System Register Read so I wouldn't be so sure registers are safe. On top of that the Cortex-A57 at least is vulnerable to Spectre-3a as well which is basically "meltdown but for registers".
    • Likes 2

    Leave a comment:

  • bison
    replied
    Originally posted by xfcemint View Post

    Nope, you are wrong. OOO does not require speculation. OOO is perfectly safe, at least as far as we currently know .
    I wonder how many more years it will be until the realization comes: "We need to give up on speculation."
    • Likes 4

    Leave a comment:

  • elatllat
    replied
    So The Odroid C4 running RedoxOS would be the most secure, performant option. Amazon/Apple/Microsoft all have custom ARM chips and more money than everyone else, it would be nice if they stepped in and fixed this mess. (Intel and AMD can't be botherd apparently)
    • Likes 2

    Leave a comment:

  • Charlie68
    replied
    Originally posted by Vistaus View Post
    An attack that works on an AMD CPU? Is this fake news or what? 'Cause everyone, esp. on this site, keeps saying AMD is 100% safe against this kind of stuff...
    Who said it ? Claiming that AMD CPUs have fewer speculative vulnerabilities than Intel does not mean that they are 100% secure. There is nothing 100% certain in life, let alone in software-hardware.
    Next time you hear someone talking about 100% secure software or hardware, just tell them they don't understand shit.
    • Likes 5

    Leave a comment:

  • Teggs
    replied
    Extra points for the researchers actually testing on AMD for once.

    Originally posted by onlyLinuxLuvUBack View Post
    intel swiss-lake...
    Haha. But I don't think anyone outside the United States will get that joke.
    • Likes 3

    Leave a comment:

  • Jabberwocky
    replied
    Originally posted by starshipeleven View Post
    Are ARM immune or did they just not test them? Because they do speculative execution too
    They were not tested (only Intel and AMD)

    Cortex-A53 (2012) and newer A55 (2017) uses in order execution pipelines. The A53 is used in Raspberry Pi 3 (and 3+).

    Cortex-A72 and newer versions (all the way to A77) uses a "out-of-order, speculative issue 3-way superscalar execution pipeline". The A72 is used in Raspberry Pi 4.

    Hopefully the Raspberry Pi Foundation learns it's from this. ARM at least announces vulnerabilities while Raspberry Pi Foundation just ignores it. This is the ONLY post made by them and not updated after the release of the Raspberry Pi 4... "Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown" -- https://www.raspberrypi.org/blog/why...e-or-meltdown/
    • Likes 5

    Leave a comment:

  • milkylainen
    replied
    Took some serious effort though. 200+ seconds.

    Leave a comment:

  • bison
    replied
    Originally posted by Raka555 View Post
    Can we get a 5Ghz Cortex-A53, please...
    That would be excellent.

    I wonder how many more years it will be until the realization comes: "We need to give up on OoO execution."
    • Likes 6

    Leave a comment:

Previous 1 2 3 4 template Next
Working...
X