Tweet
Originally posted by linuxgeex
View Post
-
Turning on mitigations would be cheaper, safer, faster, cooler, and quieter.
Last edited by elatllat; 12 March 2021, 08:36 PM. -
Mitigations don't work on this case. Take the test, you'll see.Originally posted by elatllat View PostComment
-
They should have posted this for CES 2021. That would have been exciting.Comment
-
I managed to make it work on AMD ryzen 3600 with unstable timers fairly consistently.Originally posted by carewolf View Post
Only thing that makes spectre hard to exploit is Firefox because of low precision timers. On firefox only 1st test can be somewhat succesful (but at much higher tries) while 2nd/3rd test for me was impossible. Edge/Chrome fail both on AMD 2nd and 3rd test.
Also if on Firefox you decrease furthermore precision of timers, you gonna make attacks reliant on performance.now() timer impossible unless you give literally hours of probing.
Comment
-
I have mitigations off and it failed. Some exploit *rolls eyes*.Comment
-
-
Turning on mitigations probably only prevents known attacks, while the other approach probably prevents more attacks.Originally posted by elatllat View Post
(personally I also have spec_store_bypass_disable=on)Comment
-
Why is this PoC exploit working on Chrome on Ubuntu, Ryzen 3700X and 4650G, with spec_store_bypass_disable=on?Comment
-
There are currently no mitigations to "turn on" for Spectre V4, other than completely disabling CPU caches on context change. Such a patch was submitted and Linus smacked the maintainer who accepted it silly because it results in about 90% performance loss, which is basically a voluntary DOS attack. So no, this doesn't impact performance more than the proposed mitigation. Read up about it.Originally posted by elatllat View PostComment
Comment