Re: YASV (Yet Another Security Vulnearability)

Liste des GroupesRevenir à c arch 
Sujet : Re: YASV (Yet Another Security Vulnearability)
De : anton (at) *nospam* mips.complang.tuwien.ac.at (Anton Ertl)
Groupes : comp.arch
Date : 26. Jul 2024, 17:17:50
Autres entêtes
Organisation : Institut fuer Computersprachen, Technische Universitaet Wien
Message-ID : <2024Jul26.181750@mips.complang.tuwien.ac.at>
References : 1 2 3
User-Agent : xrn 10.11
EricP <ThatWouldBeTelling@thevillage.com> writes:
One thing they mention is Intel and AMD incorporating privilege level
tagging into the BTB, as I suggested when this all started.
Combine that with purging the user mode entries from the predictor tables
on thread switch and I would think that would shut this all down.

1) The attacker can still attack the context (even if the notion of
   context includes the privilege level) from within itself.  E.g.,
   the kernel can be attacked by training the kernel-level branch
   prediction by performing appropriate system calls, and then
   performing a system call that reveals data through a
   mis-speculation side channel.  IIRC such Spectre attacks have
   already been demonstrated years ago.

2) Users are supposedly not prepared to pay the cost of invisible
   speculation (-5-20%, depending on which paper you read) , are they
   prepared to pay the cost of purging the user-mode entries of branch
   predictors on thread switches?
  
   My guess is that the stuff plays out as usual: The hardware
   manufacturers don't want to implement a proper fix like invisible
   speculation, and they suggest software mitigations like purging
   user-mode entries on thread switch.  The software people then
   usually consider the mitigation too expensive in performance or in
   development effort, so only a miniscule amount of software contains
   Spectre mitigations.

- anton
--
'Anyone trying for "industrial quality" ISA should avoid undefined behavior.'
  Mitch Alsup, <c17fcd89-f024-40e7-a594-88a85ac10d20o@googlegroups.com>

Date Sujet#  Auteur
24 Jul 24 * YASV (Yet Another Security Vulnearability)15Thomas Koenig
25 Jul 24 +* Re: YASV (Yet Another Security Vulnearability)2MitchAlsup1
4 Aug 24 i`- Re: YASV (Yet Another Security Vulnearability)1Bozo User
25 Jul 24 +* Re: YASV (Yet Another Security Vulnearability)11Michael S
26 Jul 24 i`* Re: YASV (Yet Another Security Vulnearability)10Anton Ertl
26 Jul 24 i +* Re: YASV (Yet Another Security Vulnearability)5MitchAlsup1
27 Jul 24 i i+* Re: YASV (Yet Another Security Vulnearability)2MitchAlsup1
30 Jul 24 i ii`- Re: YASV (Yet Another Security Vulnearability)1MitchAlsup1
31 Jul 24 i i`* Re: YASV (Yet Another Security Vulnearability)2Paul A. Clayton
1 Aug 24 i i `- Re: YASV (Yet Another Security Vulnearability)1Paul A. Clayton
27 Jul 24 i +- Re: YASV (Yet Another Security Vulnearability)1Michael S
29 Jul 24 i `* Re: YASV (Yet Another Security Vulnearability)3Anton Ertl
29 Jul 24 i  +- Re: YASV (Yet Another Security Vulnearability)1MitchAlsup1
31 Jul 24 i  `- Re: YASV (Yet Another Security Vulnearability)1MitchAlsup1
25 Jul 24 `- Re: YASV (Yet Another Security Vulnearability)1Anton Ertl

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal