CPU bug makes virtually all chips vulnerable

Discussions on more advanced topics such as monolithic vs micro-kernels, transactional memory models, and paging vs segmentation should go here. Use this forum to expand and improve the wiki!
User avatar
bluemoon
Member
Member
Posts: 1761
Joined: Wed Dec 01, 2010 3:41 am
Location: Hong Kong

Re: CPU bug makes virtually all chips vulnerable

Post by bluemoon »

Solar wrote:
Sik wrote:...I'm surprised we aren't encouraging programmers to optimize their code as much as possible for slower CPUs...
"We" are doing that. "They" aren't, because what's selling is moar features, moar eye candy, moar FPS, semi-transparent windows, inlined videos, ...
Also company more willing to add 50 middlewares to do simple things, in fact it's the "correct way" to use bloatwares in their philosophy.
Think about RN, why you want to run javascript with java glue code which in turn run inside a JVM, on a crappy mobile processor? It's crazy talk back in the old day.
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: CPU bug makes virtually all chips vulnerable

Post by Solar »

Well, to be quite honest, I vividly remember my first x86 laptop, purchased back in 1999, which had just enough CPU ooomph (PIII @ 500MHz) to play back a DVD without stuttering -- if I didn't do anything else.

(I had Amigas before, and while being fine machines in their own right, playing back DVDs was quite outside their range except for the very lastest PowerPC-driven ones.)

We do want HD quality today, going forward to 4k and 3D, and we do want it stutter-free while we're doing something else in another window.

So it's not as if all that CPU power were unnecessary if not for bloatware.

But we're getting sidetracked here. Let's keep this focussed on Meltdown / Spectre and their mitigation.
Every good solution is obvious once you've found it.
User avatar
~
Member
Member
Posts: 1228
Joined: Tue Mar 06, 2007 11:17 am
Libera.chat IRC: ArcheFire

Re: CPU bug makes virtually all chips vulnerable

Post by ~ »

Probably Meltdown/Spectre are just the beginning of a public attempt to use any measurable hardware effects as a programming language from a simple microcontroller.

If that's the case, probably using paging as a measure to leak data will only be one of the weakest ways to gather any data in a system, probably wouldn't really be the fault of the architecture implementation (beyond doing temporary operations that leave measurable traces before making sure that the operation is allowed as when loading pages before making sure that privilege access will be allowed for operands), and probably there will always be ways to determine valuable things and which will become easier as processors become more advanced.

The only task of interest here is dealing with hardware effects as if they were input/output gates to manipulate, and if electronics prove to be always suitable for observing any desired data and effects through manual analysis from software, then the best choice will definitely be to isolate a machine from code designed for that in one way or another, because there would always be a way to measure things electronically through analyzing code.

Things like this will always be usable if privileged malware is installed.
User avatar
Sik
Member
Member
Posts: 251
Joined: Wed Aug 17, 2016 4:55 am

Re: CPU bug makes virtually all chips vulnerable

Post by Sik »

Solar wrote:Well, to be quite honest, I vividly remember my first x86 laptop, purchased back in 1999, which had just enough CPU ooomph (PIII @ 500MHz) to play back a DVD without stuttering -- if I didn't do anything else.

(I had Amigas before, and while being fine machines in their own right, playing back DVDs was quite outside their range except for the very lastest PowerPC-driven ones.)

We do want HD quality today, going forward to 4k and 3D, and we do want it stutter-free while we're doing something else in another window.

So it's not as if all that CPU power were unnecessary if not for bloatware.
And GPUs are better equipped for that task nowadays (while in 1999 they were still using fixed pipeline or very primitive shaders). For that kind of heavy tasks it's better to not use the CPU actually.
Solar wrote:But we're getting sidetracked here. Let's keep this focussed on Meltdown / Spectre and their mitigation.
It's sorta related, seeing as the big issue is that it's a side-effect of speculation and whether we could live without it if really needed.

Reminds me, I'm seeing talks about there being patches to protect against Spectre. I thought it was unfixable? What do those patches do? (besides browser updates to mitigate the javascript proof of concept)
Korona
Member
Member
Posts: 1000
Joined: Thu May 17, 2007 1:27 pm
Contact:

Re: CPU bug makes virtually all chips vulnerable

Post by Korona »

They do what I posted on page 2: Replacing indirect jumps with a sequence that does loops forever (or discards speculative state) when it is reached by speculative execution. Of course, this comes at a performance cost and should only be enabled in programs that are expected to be exposed to many attacks. Here is a discussion of this "retpoline" mitigation: Click me!. Similar techniques exist to mitigate the bounds-check exploit.
managarm: Microkernel-based OS capable of running a Wayland desktop (Discord: https://discord.gg/7WB6Ur3). My OS-dev projects: [mlibc: Portable C library for managarm, qword, Linux, Sigma, ...] [LAI: AML interpreter] [xbstrap: Build system for OS distributions].
User avatar
bluemoon
Member
Member
Posts: 1761
Joined: Wed Dec 01, 2010 3:41 am
Location: Hong Kong

Re: CPU bug makes virtually all chips vulnerable

Post by bluemoon »

nvidia has release a patch on drivers w.r.t meltdown and spectre: https://nvidia.custhelp.com/app/answers ... /a_id/4611

Seems the issue not only affect OS, but drivers as well, anyone knows the detail?
Octocontrabass
Member
Member
Posts: 5590
Joined: Mon Mar 25, 2013 7:01 pm

Re: CPU bug makes virtually all chips vulnerable

Post by Octocontrabass »

bluemoon wrote:Seems the issue not only affect OS, but drivers as well, anyone knows the detail?
Spectre affects almost all software, including drivers. KPTI (and the equivalent methods employed by Windows and other OSes) only defends against Meltdown.
User avatar
Kazinsal
Member
Member
Posts: 559
Joined: Wed Jul 13, 2011 7:38 pm
Libera.chat IRC: Kazinsal
Location: Vancouver
Contact:

Re: CPU bug makes virtually all chips vulnerable

Post by Kazinsal »

Nvidia's graphics cards have a couple non-CUDA microprocessors on them for various side tasks. They probably needed patching.
User avatar
bluemoon
Member
Member
Posts: 1761
Joined: Wed Dec 01, 2010 3:41 am
Location: Hong Kong

Re: CPU bug makes virtually all chips vulnerable

Post by bluemoon »

Octocontrabass wrote:
bluemoon wrote:Seems the issue not only affect OS, but drivers as well, anyone knows the detail?
Spectre affects almost all software, including drivers. KPTI (and the equivalent methods employed by Windows and other OSes) only defends against Meltdown.
In reality, spectre only affect software that does its own code isolation (e.g. chrome isolating js, or isolation between modules which don't have the "data pointer"). For a single program it can access to all its memory anyway.

That make me wonder, what have been isolated by GPU driver? Or are they just recompile with updated toolchain just to be safe?
davidv1992
Member
Member
Posts: 223
Joined: Thu Jul 05, 2007 8:58 am

Re: CPU bug makes virtually all chips vulnerable

Post by davidv1992 »

bluemoon wrote:
Octocontrabass wrote:
bluemoon wrote:Seems the issue not only affect OS, but drivers as well, anyone knows the detail?
Spectre affects almost all software, including drivers. KPTI (and the equivalent methods employed by Windows and other OSes) only defends against Meltdown.
In reality, spectre only affect software that does its own code isolation (e.g. chrome isolating js, or isolation between modules which don't have the "data pointer"). For a single program it can access to all its memory anyway.

That make me wonder, what have been isolated by GPU driver? Or are they just recompile with updated toolchain just to be safe?
That is not exactly true. If software can be manipulated into executing the needed instructions (which is definitely a risk for any software that takes input, particularly those that take external input), it is possible to use external software to do the cache timing measurements.

This means that any software that takes some form of external input is vulnerable, which is problematic for things like windowing servers and kernels (including their drivers if they take input directly enough, hence the GPU driver updates), which have access to sensitive information.

From what I understand, google has suggested and implemented some tricks into compilers that makes the resulting output code less likely to contain instruction sequences that can be exploited for a spectre attack, but I am unsure of how it works exactly.
metafor
Posts: 2
Joined: Wed Jan 03, 2018 4:51 pm

Re: CPU bug makes virtually all chips vulnerable

Post by metafor »

One thing I'm trying to wrap my head around is how a userspace program can even attempt to make an access to a kernel space address. All a userspace program can do is access a VA (except through syscall I guess). Does it rely on the VA translating into kernel space PA before the mismatch in address space (user VA hits a TLB entry that has a valid kernel space VA->PA translation)?

How does the userspace program attempt to access a specific PA space address?
User avatar
Sik
Member
Member
Posts: 251
Joined: Wed Aug 17, 2016 4:55 am

Re: CPU bug makes virtually all chips vulnerable

Post by Sik »

Yeah, the kernel's virtual addresses are still mapped. They can't be properly accessed (they're limited to ring=0, and hence will throw an error if userspace code tries to normally access it), but the issue is that the CPU knows how to map them to physical addresses and on Intel CPUs the speculated code can load them, presumably on the assumption that if the access should have been forbidden then it wouldn't matter as the speculated results would just be tossed away. Except it affected the cache state, which affects its timing, which is what Meltdown is probing to leak the data. The patches against Meltdown change the page tables so the kernel is not mapped in even that way (at the expense of wasting more cycles).

AMD CPUs don't attempt to speculate across privilege boundaries so they're safe from that (but still vulnerable to Spectre which doesn't need a privilege violation). Other CPUs may or may not do it.
metafor
Posts: 2
Joined: Wed Jan 03, 2018 4:51 pm

Re: CPU bug makes virtually all chips vulnerable

Post by metafor »

Thanks, that makes more sense. Any idea what the patches for Spectre do? I can’t imagine they flush all the cache on return to EL0...
davidv1992
Member
Member
Posts: 223
Joined: Thu Jul 05, 2007 8:58 am

Re: CPU bug makes virtually all chips vulnerable

Post by davidv1992 »

The only one I am aware of is googles retpoline construction. This is designed to effectively inhibit branch prediction on specific jumps, details can be found here: https://support.google.com/faqs/answer/7625886.
gprs
Posts: 4
Joined: Sat Jan 27, 2018 1:23 pm

Re: CPU bug makes virtually all chips vulnerable

Post by gprs »

As far as I know 'jmp reg' is always treated as unpredicted (but maybe I am wrong, but it definately WAS in the past).
Is it possible to replace all indirect jumps with this to mitigate the issue Korona describes:

Code: Select all

lea   rax, [@f]
lea   rcx, [target]
cmp   value1, value2
cmova rax, rcx
jmp   rax
@@:
?
Post Reply