The worst part of this exploit is all the people exploiting it to gain attention for themselves, like with ridiculous comments such as this. As if engineers were actually told to ignore risk. What a crock of shit.
To quote Linus "A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains." It's pretty bleeding obvious that either the Intel engineers are completely incompetent,orthey were instructed to look the other way.
There are no other alternatives. Linus says so, and now Theo too. Who are you, oh mighty commenter who knows better?
To quote Linus "A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains."
That's bullshit. When Intel introduced speculation across protection domains everyone including Linux was happy because it reduced system call costs. Without this, as soon as you get to a syscall / sysenter instruction, you stall the pipeline until all pending instructions have been committed. On a modern Intel CPU with close to 200 instructions in flight at a time, that's a measurable performance overhead.
We've known for a long time that side channels of this kind were possible, but not that they were
When Intel introduced speculation across protection domains everyone including Linux was happy because it reduced system call costs
Is that the case? Was this attack known, and deemed an acceptable risk because of the incredible low rate at which data could supposedly be extracted? I remember some papers around 2015 on an attack involving data leaking between processes through the cache, but that did not rely on speculative execution IIRC.
Was this attack known, and deemed an acceptable risk because of the incredible low rate at which data could supposedly be extracted?
Not this specific attack, but it was known that any source of nondeterminism in a processor was a source of side channels. These were largely ignored because these attacks get lots of papers at top security conferences but are really hard and slow to carry out in practice. Most of the existing attacks used the cache, but there are others involving things like the fact that computation on denormals is much slower than on normal floating point values (a fun one of these lets you scrape browser contents via
"I bet they were instructed to ignore the risk" (Score:-1)
Re: (Score:0)
Crock of shit, you mean like your own comment?
To quote Linus "A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains." It's pretty bleeding obvious that either the Intel engineers are completely incompetent, or they were instructed to look the other way.
There are no other alternatives. Linus says so, and now Theo too. Who are you, oh mighty commenter who knows better?
Re: (Score:5, Interesting)
To quote Linus "A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains."
That's bullshit. When Intel introduced speculation across protection domains everyone including Linux was happy because it reduced system call costs. Without this, as soon as you get to a syscall / sysenter instruction, you stall the pipeline until all pending instructions have been committed. On a modern Intel CPU with close to 200 instructions in flight at a time, that's a measurable performance overhead.
We've known for a long time that side channels of this kind were possible, but not that they were
Re: (Score:2)
When Intel introduced speculation across protection domains everyone including Linux was happy because it reduced system call costs
Is that the case? Was this attack known, and deemed an acceptable risk because of the incredible low rate at which data could supposedly be extracted? I remember some papers around 2015 on an attack involving data leaking between processes through the cache, but that did not rely on speculative execution IIRC.
Re: (Score:5, Interesting)
Was this attack known, and deemed an acceptable risk because of the incredible low rate at which data could supposedly be extracted?
Not this specific attack, but it was known that any source of nondeterminism in a processor was a source of side channels. These were largely ignored because these attacks get lots of papers at top security conferences but are really hard and slow to carry out in practice. Most of the existing attacks used the cache, but there are others involving things like the fact that computation on denormals is much slower than on normal floating point values (a fun one of these lets you scrape browser contents via
"I bet they were instructed to ignore the timing" (Score:0)
Sounds like timing is the thing that doesn't need to cross security boundaries. Timing itself can be inferred.
Re:"I bet they were instructed to ignore the timin (Score:2)
Sounds like timing is the thing that doesn't need to cross security boundaries. Timing itself can be inferred.
One of the countermeasures for sandbox environments is to lower the timing resolution but this only lowers the rate at which data can be recovered.