Newsportal USENET - Re: Another security vulnerability

Re: Another security vulnerability

Sujet : Re: Another security vulnerability
De : anton (at) *nospam* mips.complang.tuwien.ac.at (Anton Ertl)
Groupes : comp.arch
Date : 05. Jun 2024, 10:38:59

Autres entêtes

Organisation : Institut fuer Computersprachen, Technische Universitaet Wien
Message-ID : <2024Jun5.103859@mips.complang.tuwien.ac.at>
References : 1 2 3 4 5 6 7 8
User-Agent : xrn 10.11

mitchalsup@aol.com (MitchAlsup1) writes:

I am resurrecting this thread to talk about a different cache that
may or may not be vulnerable to Spectré like attacks.
>
Consider an attack strategy that measures whether a disk sector/block
is in (or not in) the OS disk cache. {Very similar to attacks that
figure out if a cache line is in the Data Cache (or not).}
>
Any ideas ??

If you want to claim that there is a vulnerability, it's your job to
demonstrate it.

That being said, filling the OS disk cache requires I/O commands,
typically effected through stores that make it to the I/O device. In
cases where the I/O is effected through a load, the I/O device is in
an uncacheable part of the address space (otherwise even
non-speculative accesses would not work correctly, and speculative
accesses would have caused havoc long ago), and the load is delayed
until it is no longer speculative.

Ok, you might say, what about just the preparation of the buffer in
ordinary write-back-cached memory? Yes, that can happen
speculatively, so speculatively executed code might somehow see a
buffer that should later be used for some I/O. But where is the
security vulnerability in this scenario? Once the speculation turns
out to be wrong, all the changes in the store buffer will be canceled.
The only trace that remains will (on Spectre-vulnerable hardware) be
in the caches and other microarchitectural features, just as with
existing Spectre attacks. There is nothing special about disk buffers
here.

And on Spectre-invulnerable hardware (which still does not exist 7
years after the vulnerability has been reported to Intel and AMD:-(,
and the recent announcements of Zen5, Lunar Lake and the new ARM cores
are not promising) no trace of the speculation will be left in
microarchitectural state when it turns out to be wrong.

BTW, it's Spectre without accent, see <https://spectreattack.com/>

- anton
--
'Anyone trying for "industrial quality" ISA should avoid undefined behavior.'
Mitch Alsup, <c17fcd89-f024-40e7-a594-88a85ac10d20o@googlegroups.com>

Les messages affichés proviennent d'usenet.

Date	Sujet	#	Auteur
24 Mar 24	Another security vulnerability	58	Stephen Fuld
24 Mar 24	Re: Another security vulnerability	4	MitchAlsup1
25 Mar 24	Re: Another security vulnerability	2	Stefan Monnier
26 Mar 24	Re: Another security vulnerability	1	Michael S
26 Mar 24	Re: Another security vulnerability	1	Michael S
24 Mar 24	Re: Another security vulnerability	10	Lawrence D'Oliveiro
25 Mar 24	Re: Another security vulnerability	1	Stefan Monnier
25 Mar 24	Re: Another security vulnerability	8	Stephen Fuld
25 Mar 24	Re: Another security vulnerability	7	Lawrence D'Oliveiro
26 Mar 24	Re: Another security vulnerability	5	MitchAlsup1
26 Mar 24	Re: Another security vulnerability	4	Lawrence D'Oliveiro
27 Mar 24	Re: Another security vulnerability	3	Stephen Fuld
28 Mar 24	Re: Another security vulnerability	2	Lawrence D'Oliveiro
28 Mar 24	Re: Another security vulnerability	1	MitchAlsup1
26 Mar 24	Re: Another security vulnerability	1	Michael S
25 Mar 24	Re: Another security vulnerability	18	Thomas Koenig
25 Mar 24	Re: Another security vulnerability	16	Anton Ertl
26 Mar 24	Re: Another security vulnerability	13	Lawrence D'Oliveiro
26 Mar 24	Re: Another security vulnerability	12	Anton Ertl
5 Jun 24	Re: Another security vulnerability	11	MitchAlsup1
5 Jun 24	Re: Another security vulnerability	9	Anton Ertl
11 Jun 24	Re: Another security vulnerability	8	MitchAlsup1
11 Jun 24	Re: Another security vulnerability	6	Stephen Fuld
11 Jun 24	Re: Another security vulnerability	5	MitchAlsup1
11 Jun 24	Re: Another security vulnerability	4	Stephen Fuld
11 Jun 24	Re: Another security vulnerability	3	Terje Mathisen
11 Jun 24	SSDs (was: Another security vulnerability)	2	Stefan Monnier
11 Jun 24	Re: SSDs	1	Chris M. Thomasson
11 Jun 24	Re: Another security vulnerability	1	MitchAlsup1
11 Jun 24	Re: Another security vulnerability	1	MitchAlsup1
26 Mar 24	Re: Another security vulnerability	2	Anton Ertl
26 Mar 24	Re: Another security vulnerability	1	Anton Ertl
25 Mar 24	Re: Another security vulnerability	1	Michael S
25 Mar 24	Re: Another security vulnerability	22	Anton Ertl
26 Mar 24	Re: Another security vulnerability	21	Michael S
27 Mar 24	Re: Another security vulnerability	20	Thomas Koenig
27 Mar 24	Re: Another security vulnerability	2	Thomas Koenig
27 Mar 24	Re: Another security vulnerability	1	Thomas Koenig
27 Mar 24	Re: Another security vulnerability	1	Anton Ertl
27 Mar 24	Re: Another security vulnerability	16	Anton Ertl
27 Mar 24	Re: Another security vulnerability	15	MitchAlsup1
28 Mar 24	Re: Another security vulnerability	4	MitchAlsup1
29 Mar 24	Re: Another security vulnerability	3	Paul A. Clayton
29 Mar 24	Re: Another security vulnerability	2	Paul A. Clayton
30 Mar 24	Re: Another security vulnerability	1	MitchAlsup1
3 Apr 24	Re: Another security vulnerability	10	Stefan Monnier
3 Apr 24	Re: Another security vulnerability	9	Thomas Koenig
3 Apr 24	Re: Another security vulnerability	6	MitchAlsup1
4 Apr 24	Re: Another security vulnerability	5	Thomas Koenig
4 Apr 24	Re: Another security vulnerability	4	MitchAlsup1
4 Apr 24	Re: Another security vulnerability	1	MitchAlsup1
7 Apr 24	Re: Another security vulnerability	2	Paul A. Clayton
8 Apr 24	Re: Another security vulnerability	1	MitchAlsup1
5 Apr 24	Re: Another security vulnerability	2	Stefan Monnier
5 Apr 24	Re: Another security vulnerability	1	MitchAlsup1
25 Mar 24	Re: Another security vulnerability	3	John Savard
25 Mar 24	Re: Another security vulnerability	2	Michael S
26 Mar 24	Re: Another security vulnerability	1	Lawrence D'Oliveiro