No announcement yet.

Security Researchers Detail New "BlindSide" Speculative Execution Attack

  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Took some serious effort though. 200+ seconds.


    • #22
      Originally posted by starshipeleven View Post
      Are ARM immune or did they just not test them? Because they do speculative execution too
      They were not tested (only Intel and AMD)

      Cortex-A53 (2012) and newer A55 (2017) uses in order execution pipelines. The A53 is used in Raspberry Pi 3 (and 3+).

      Cortex-A72 and newer versions (all the way to A77) uses a "out-of-order, speculative issue 3-way superscalar execution pipeline". The A72 is used in Raspberry Pi 4.

      Hopefully the Raspberry Pi Foundation learns it's from this. ARM at least announces vulnerabilities while Raspberry Pi Foundation just ignores it. This is the ONLY post made by them and not updated after the release of the Raspberry Pi 4... "Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown" --


      • #23
        Extra points for the researchers actually testing on AMD for once.

        Originally posted by onlyLinuxLuvUBack View Post
        intel swiss-lake...
        Haha. But I don't think anyone outside the United States will get that joke.


        • #24
          Originally posted by Raka555 View Post
          Can we get a 5Ghz Cortex-A53, please...
          That surely won't happen, but your general idea is sound and it is a good idea. And it is a good joke also.
          Last edited by xfcemint; 11 September 2020, 04:56 PM.


          • #25
            Originally posted by CochainComplex View Post
            so where are the non speculative CPU's? is it still possible or will this push us back to pre-P4 era (performancewise)?
            Disabling speculative execution is possible while keeping OOO intact. Estimated performance penalty for such a drastic mesure would be 5-30% (17% on average).

            The problem is that speculative execution can't be disabled at one place, the manufacturer has to change dozens of features one by one to disable SE.

            It is possible that SE can be disabled through a microcode update, but I'm not certain on that one.

            All the non-speculative CPUs are old. The lastet and the best ones are Cortex-A53 and Cortex-A55. Unfortulately, they are slow because those CPUs use an in-order architecture.


            • #26
              Originally posted by Amaranth View Post

              I don't know what the performance would look like with modern processes and clocks but architecturally this would be back to something more like the original Pentium or the early Atom designs.
              This is false. For a modern CPU, only OOO (out-of-order) is important, speculation is just a nice extra.

              Pentium and Atom can't do OOO.

              Also, speculation is safe if done just on registers and a few buffers close to the ALU. The problem with current CPUs is that manufacturers are relentlessly and dangerously speculating on every shit they can think of to get out that last 1% performance. Than the CPU looks good on benchmarks when it is released.
              Last edited by xfcemint; 11 September 2020, 04:38 PM.


              • #27
                Originally posted by bison View Post

                That would be excellent.

                I wonder how many more years it will be until the realization comes: "We need to give up on OoO execution."
                Nope, you are wrong. OOO does not require speculation. OOO is perfectly safe, at least as far as we currently know .


                • #28
                  Originally posted by Vistaus View Post
                  An attack that works on an AMD CPU? Is this fake news or what? 'Cause everyone, esp. on this site, keeps saying AMD is 100% safe against this kind of stuff...
                  Who said it ? Claiming that AMD CPUs have fewer speculative vulnerabilities than Intel does not mean that they are 100% secure. There is nothing 100% certain in life, let alone in software-hardware.
                  Next time you hear someone talking about 100% secure software or hardware, just tell them they don't understand shit.


                  • #29
                    So The Odroid C4 running RedoxOS would be the most secure, performant option. Amazon/Apple/Microsoft all have custom ARM chips and more money than everyone else, it would be nice if they stepped in and fixed this mess. (Intel and AMD can't be botherd apparently)


                    • #30
                      Originally posted by xfcemint View Post

                      Nope, you are wrong. OOO does not require speculation. OOO is perfectly safe, at least as far as we currently know .
                      I wonder how many more years it will be until the realization comes: "We need to give up on speculation."