Meltdown & Spectre – Intel, AMD and ARM CPUs vulnerable

All off topic discussions go here. Everything from the funny thing your cat did to your favorite tv shows. Non-programming computer questions are ok too.
Post Reply
User avatar
Roman
Member
Member
Posts: 568
Joined: Thu Mar 27, 2014 3:57 am
Location: Moscow, Russia
Contact:

Meltdown & Spectre – Intel, AMD and ARM CPUs vulnerable

Post by Roman »

That Intel-specific bug and now these cross-platform two... I just have no words.

https://meltdownattack.com
https://googleprojectzero.blogspot.com/ ... -side.html
In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
- Alan Kay
User avatar
~
Member
Member
Posts: 1227
Joined: Tue Mar 06, 2007 11:17 am
Libera.chat IRC: ArcheFire

Re: Meltdown & Spectre – Intel, AMD and ARM CPUs vulnerable

Post by ~ »

Roman wrote:That Intel-specific bug and now these cross-platform two... I just have no words.

https://meltdownattack.com
https://googleprojectzero.blogspot.com/ ... -side.html
In addition to violating process isolation boundaries using native code, Spectre attacks can also be used to violate browser sandboxing, by mounting them via portable JavaScript code. We wrote a JavaScript program that successfully reads data from the address space of the browser process running it.
Wouldn't it be enough to invalidate the entire cache every time we switch/enter/exit/terminate/create a process or thread? Or just disabling the CPU cache entirely for security-critical machines?

It seems to me that the intention is just having a cache that is separated for each process (instead of the existing one which is global to the CPU/computer) so there is no possibility to read leftover cached data between arbitrary processes.
YouTube:
http://youtube.com/@AltComp126

My x86 emulator/kernel project and software tools/documentation:
http://master.dl.sourceforge.net/projec ... ip?viasf=1
User avatar
iansjack
Member
Member
Posts: 4703
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: Meltdown & Spectre – Intel, AMD and ARM CPUs vulnerable

Post by iansjack »

Try that in your OS and see what happens. I'd expect a massive performance hit.
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: Meltdown & Spectre – Intel, AMD and ARM CPUs vulnerable

Post by Solar »

It's a hot topic, but please try to keep it together.

http://forum.osdev.org/viewtopic.php?f= ... ff#p281534
Every good solution is obvious once you've found it.
ggodw000
Member
Member
Posts: 396
Joined: Wed Nov 18, 2015 3:04 pm
Location: San Jose San Francisco Bay Area
Contact:

Re: Meltdown & Spectre – Intel, AMD and ARM CPUs vulnerable

Post by ggodw000 »

since this one is in ramblings, may be can be reserved for non-technical, political aspect of it.
The whole things looks like some publicity stunt.
key takeaway after spending yrs on sw industry: big issue small because everyone jumps on it and fixes it. small issue is big since everyone ignores and it causes catastrophy later. #devilisinthedetails
Post Reply