51

Re: Meltdown and Spectre

Hello, MadHuman, you wrote: MH> and what possible principle of this patch (from Spectre)? After all works  the code. Even system calls are not present, except  for which it is possible to invent mass of variants. MH> Saw any information as it probably?. Like there should be a protection at level of specific applications, instead of at level of wasps.

52

Re: Meltdown and Spectre

Hello, Cyberax, you wrote: the C> By the way even if the program dies instead of signal catching - hinders nobody to make fork () in accuracy before sample. This infrequent event would be possible  a cache, if in normal life. But as to me here already told, to nuclear storage it is possible to address speculatively. Then also the signal will not be.

53

Re: Meltdown and Spectre

Hello, s_aa, you wrote: _> For sure Putin's agents tried. Well now Elbrus tramples! Who there spoke about its poor performance? At all the fact that in it is not present a similar problem.

54

Re: Meltdown and Spectre

Hello, MadHuman, you wrote: MH> judging by the description, a hole at processor level. MH> but then it is impossible to correct it at the expense of a patch for OS, ? MH> but then why for example MS reports that let out a patch?... The hole works in a certain mode of the processor. It is possible not to use this mode then the hole ceases to work. But a kernel call from the user task it becomes noticeable more expensively.

55

Re: Meltdown and Spectre

Hello, Cyberax, you wrote: a C> From Meltdown completely it is possible to be protected by means of a patch. For Spectre it is possible to cover only certain ways of its maintenance. It would Seem, if at address space of process of "unnecessary" pages is not present at all instead of as now, they are present, but at the forbidden type, with the help spectre what superfluous and you will not reach...

56

Re: Meltdown and Spectre

Hello, StatujaLeha, you wrote: SL>... Advancements on the markets of the new processor? SL> https://ru.wikipedia.org/wiki/-16 at which, for certain, it is full of the holes, it is simple while they are not known...

57

Re: Meltdown and Spectre

Hello, Pzz, you wrote: Pzz> it would Seem, if at address space of process of "unnecessary" pages is not present at all instead of as now, they are present, but at the forbidden type, with the help spectre what superfluous and you will not reach... It is possible to get out, for example, from a sandbox javascript and to get access to storage of all process.

58

Re: Meltdown and Spectre

Hello, Pzz, you wrote: Pzz> it would Seem, if at address space of process of "unnecessary" pages is not present at all instead of as now, they are present, but at the forbidden type, with the help spectre what superfluous and you will not reach... The Problem that (in the core, checks of boundaries) inside syscall' it is possible to exploit certain sequences of the code from userspace. It does not demand any holes in safety - the processor simply executes the code in a kernel, and the harmful spy watches of a cache from userspace. Plus of possibility of espionage from within sandboxes in the browser.

59

Re: Meltdown and Spectre

Hello, StatujaLeha, you wrote: SL>... Advancements on the markets of the new processor? SL> https://ru.wikipedia.org/wiki/-16 is not present, it is new start for IBM Power. I would not refuse such desktop.

60

Re: Meltdown and Spectre

The C> Meltdown is specific to Intel and allows to read from userspace-process all physical storage, including a kernel and . Protection only through KAISER for Linux (https://lwn.net/Articles/741878/) or similar change for NT. AMD it is not subject was specific to this vulnerability. The C> Spectre is the more general vulnerability and security blanket from it meanwhile is not present. I offer the elegant stsuko-decision. To cut possibility exact  time of execution of the code from  by prohibition RDTSD in CR4. At least to make adjusted - to whom it is necessary (these everyone there. Programmers) - include. Remaining -  to emulate with a wild error.

61

Re: Meltdown and Spectre

Hello, ononim, you wrote: the C>> Spectre is the more general vulnerability and security blanket from it meanwhile is not present. O> I Offer the elegant stsuko-decision. To cut possibility exact  time of execution of the code from  by prohibition RDTSD in CR4. At least to make adjusted - to whom it is necessary (these everyone there. Programmers) - include. Remaining -  to emulate with a wild error. It is considered for a long time, and meanwhile did not get support: it is possible, for example, from adjacent  on an adjacent kernel to twist an empty cycle and to give evidences of time from it. Even if 90 % of such samples will give the noise, remained show the data from which statistical cleaning it is possible to receive exact enough results. Meanwhile the most perspective ideas in current arguings look as 1) sharing of processes of different users and different level  on kernels or even to physical stones. (On hosts also I do not recall - it is considered, already made by all who really is afraid of problems) 2) carrying out of the most critical data in sections RAM where through MTRR caching 3) Retpoline is forbidden - actually, the possibility prohibition to type a passage prediction in another's code

62

Re: Meltdown and Spectre

O>> I Offer the elegant stsuko-decision. To cut possibility exact  time of execution of the code from  by prohibition RDTSD in CR4. At least to make adjusted - to whom it is necessary (these everyone there. Programmers) - include. Remaining -  to emulate with a wild error. N> it is considered for a long time, and meanwhile did not get support: it is possible, for example, from adjacent  on an adjacent kernel to twist an empty cycle and to give evidences of time from it. I think such busy-loopy it is possible easily  , and, a prodetective, - to begin it . However, time "is considered", it likely too was already considered.

63

Re: Meltdown and Spectre

Hello, ononim, you wrote: O>>> I Offer the elegant stsuko-decision. To cut possibility exact  time of execution of the code from  by prohibition RDTSD in CR4. At least to make adjusted - to whom it is necessary (these everyone there. Programmers) - include. Remaining -  to emulate with a wild error. N>> it is considered for a long time, and meanwhile did not get support: it is possible, for example, from adjacent  on an adjacent kernel to twist an empty cycle and to give evidences of time from it. O> I Think such busy-loopy it is possible easily  , and, a prodetective, - to begin it . However, time "is considered", it likely too was already considered. . They are too difficult and unreliable for distinguishing from any CPU-intensive operations and if to begin , becomes worse to all.

64

Re: Meltdown and Spectre

O>> I Think such busy-loopy it is possible easily  , and, a prodetective, - to begin it . However, time "is considered", it likely too was already considered. N> Ugu. They are too difficult and unreliable for distinguishing from any CPU-intensive operations I Doubt that is direct  unreliably. There  to be inkerement/decrement in a cycle (it is possible, the unreeled cycle), if the hacker dilutes it than that still to tangle  is sharply complicates to it its hacker operation. And the type pattern " which is engaged exceptional in a variable increment about " unambiguously enough defines  time measuring instrument. Probably, and even most likely that I underestimate imagination of hackers, but  the amount of variants  is restricted enough also they  will be specific enough to recognition.

65

Re: Meltdown and Spectre

Hello, Vain, you wrote: V> V> we Drop a processor cache. V> it is readable a variable interesting to us from address space of a kernel, it causes an exception, but it will be processed not at once. V> Speculatively we do reading of an array which is allocated in our, user address space, on the basis of variable value from point 2. V> Sequentially we read an array and accurately we measure access time. All elements, except one, will be slowly read, and here an element which corresponds to value to the address inaccessible to us. V> with maintenance of the foreteller of passages approximately clearly, but here in this explanation on Habre (and also in other places) it is told that for Meltdown even it is not necessary. Sufficient conditions that the exception happens later than value illegally read from nuclear storage will be used. Here at me a silly question: and why it is mandatory should happen later? It is any strongly expensive operation (and so expensive, what the processor has speculatively time to address to storage and to tire out value in a cache)? Why so? Would be interesting how much productivity if the processor is mandatory would check the rights before value usage (or even before immediate reading)?

66

Re: Meltdown and Spectre

Hello, Glory, you wrote: Hello, StatujaLeha, you wrote: SL>>... Advancements on the markets of the new processor? SL>> https://ru.wikipedia.org/wiki/-16 Is not present, it is new start for IBM Power. I would not refuse such desktop. Like as Spectre  and on Power: RedHat, IBM

67

Re: Meltdown and Spectre

Hello, ononim, you wrote: the C>> Spectre is the more general vulnerability and security blanket from it meanwhile is not present. O> I Offer the elegant stsuko-decision. To cut possibility exact  time of execution of the code from  by prohibition RDTSD in CR4. Does not help. Manages stupidly and simply: volatile long long int counter = 0;//Thread 1 while (true) {counter ++;}

68

Re: Meltdown and Spectre

Hello, kl, you wrote: kl> Here at me a silly question: and why it is mandatory should happen later? It is any strongly expensive operation (and so expensive, what the processor has speculatively time to address to storage and to tire out value in a cache)? Why so? Probably, Intels spared on security bits for a cache of the first level, unlike AMD. So for them it turned out much more expensively.

69

Re: Meltdown and Spectre

Hello, Glory, you wrote: SL>>... Advancements on the markets of the new processor? SL>> https://ru.wikipedia.org/wiki/-16 Is not present, it is new start for IBM Power. I would not refuse such desktop. All modern out-of-order systems are subject Spectre. Including Power and other SPARC.

70

Re: Meltdown and Spectre

O>> I Offer the elegant stsuko-decision. To cut possibility exact  time of execution of the code from  by prohibition RDTSD in CR4. The C> does not help. Manages stupidly and simply: a C> volatile long long int counter = 0; a C>//Thread 1 Cs> while (true) {counter ++;} Now to catch and hinder , in the future -  to guarantee incoherence  at modification of a variable without explicit barriers (there is a truth a question what to do with hyper threading). Simply possibility of such exact time dimension opens simply I booze potential problems about which nobody suspects. I personally already approximately 10 wait for years when who the thread finds microphonic effect in the clock generator what thread spread ,  in computer composition that allows to organize to a prowhisper  from .

71

Re: Meltdown and Spectre

Hello, ononim, you wrote: the C>> does not help. Manages stupidly and simply: a C>> volatile long long int counter = 0; a C>>//Thread 1 Cs>> while (true) {counter ++;} O> Now to catch and hinder , in the future -  to guarantee incoherence  at modification of a variable without explicit barriers (there is a truth a question what to do with hyper threading). I specially wrote "volatile". All barriers are. More than it is enough resolution for exact timers. O> simply possibility of such exact time dimension opens simply I booze potential problems about which nobody suspects. The train left. And silly thus to try to do protection.

72

Re: Meltdown and Spectre

O>> Now to catch and hinder , in the future -  to guarantee incoherence  at modification of a variable without explicit barriers (there is a truth a question what to do with hyper threading).> I specially wrote a C "volatile". All barriers are. More than it is enough resolution for exact timers. volatile barriers does not put. I mean for the processor. And with a barrier time of execution of an increment will be such that all construction becomes unsuitable for attack. O>> simply possibility of such exact time dimension opens simply I booze potential problems about which nobody suspects. The C> the Train left. And silly thus to try to do protection. Execution time is simply super-thick channel for a heap different side-channel , and not only so  as a subject. To stop up everyone is as a boat to do of a sieve.

73

Re: Meltdown and Spectre

Hello, ononim, you wrote:>> I specially wrote a C "volatile". All barriers are. More than it is enough resolution for exact timers. O> volatile barriers does not put. Generally, puts. O> I mean for the processor. And with a barrier time of execution of an increment will be such that all construction becomes unsuitable for attack. And with a barrier too all will be normal. It is necessary to statistican to count a maximum. The C>> the Train left. And silly thus to try to do protection. O> execution time is simply super-thick channel for a heap different side-channel , and not only so  as a subject. To stop up everyone is as a boat to do of a sieve. Except execution time there is still a supply consumption, employment of the bus of storage, direct samples on DRAM contention etc. to Try to superimpose attacks by means of the exact time prohibition in the machine with divided storage is just  holes. Methods will take statistically exact time to be approximately permanently. More correct will be  side-channel by means of iron measures. Type of a switched cache, exclusive rent of the bus etc. Zhelezjachniki already think.

74

Re: Meltdown and Spectre

>>> I specially wrote a C "volatile". All barriers are. More than it is enough resolution for exact timers. O>> volatile barriers does not put. The C> Generally, puts. The Surprise-surprise: GCC 5.4: an increment volatile int a variable through ++: 400710: 8b 05 36 09 20 00 mov 0x200936 (%rip), %eax # 60104c <counter> 400716: 83 c0 01 add $0x1, %eax 400719: 89 05 2d 09 20 00 mov %eax, 0x20092d (%rip) # 60104c <counter> 40071f: eb ef jmp 400710 increment volatile int a variable through __ sync_add_and_fetch: 400710: f0 83 05 34 09 20 00 01 lock addl $0x1,0x200934 (%rip) # 60104c <counter> 400718: eb f6 jmp 400710 O>> I mean for the processor. And with a barrier time of execution of an increment will be such that all construction becomes unsuitable for attack. A C> And with a barrier too all will be normal. It is necessary to statistican to count a maximum. Good luck it to consider if at you resolution of the timer is worse than a necessary difference. Besides, there is a proof suspicion that usage memory-barrier'a in a cycle simply kills attack to a root. The C>>> the Train left. And silly thus to try to do protection. O>> execution time is simply super-thick channel for a heap different side-channel , and not only so  as a subject. To stop up everyone is as a boat to do of a sieve. The C> Except execution time is still supply consumption, employment of the bus of storage, direct samples on DRAM contention etc. Nene. All it demands physical connection by the logical analyzer. Scenarios of attacks need to be divided. We here about attack when the hacker can launch the code by the machine and no more that. A C> to Try to superimpose attacks by means of the exact time prohibition in the machine with divided storage is just  holes. Methods will take statistically exact time to be approximately permanently. The C> More correct will be  side-channel by means of iron measures. Type of a switched cache, exclusive rent of the bus etc. Zhelezjachniki already think. side-channel through time channel is better to kill killing this channel, that is -  potentially possible results of time dimension. That that I above offered - only one method. The second can be for example to "jerk" frequency of kernels . Here basically anything especial is not present - with dynamic change of frequency will surprise nobody now, speech about that that it to jerk __ and is frequent with a view of . Up to randomization of on-off time ratio of the clock generator. Decisions, type  everywhere in kernel LFENCE it is simple plugs in a sieve.  There is here at me one vague association with uncertainty of Heisenberg. Oh, it is not casual it  in this Universe.

75

Re: Meltdown and Spectre

Hello, ononim, you wrote: O> an increment volatile int a variable through __ sync_add_and_fetch: Well, let there will be an explicit barrier in the form of the instruction. The sense does not change. A C>> And with a barrier too all will be normal. It is necessary to statistican to count a maximum. O> good luck it to consider if at you resolution of the timer is worse than a necessary difference. Besides, there is a proof suspicion that usage memory-barrier'a in a cycle simply kills attack to a root. I can repeat sample many times so statistically even much less exact timer will be sufficient. The C>> Except execution time is still supply consumption, employment of the bus of storage, direct samples on DRAM contention etc. O> Nene. All it demands physical connection by the logical analyzer. Scenarios of attacks need to be divided. We here about attack when the hacker can launch the code by the machine and no more that. Does not demand, except a supply. Remaining it is possible to find out indirectly. The C>> More correct will be  side-channel by means of iron measures. Type of a switched cache, exclusive rent of the bus etc. Zhelezjachniki already think. O> side-channel through time channel is better to kill killing this channel, that is -  potentially possible results of time dimension. It is impossible. To pass on in-order performance easier, and faster it will be, than 100500 plugs.