| Deutsch English Français Italiano |
|
<20240727213309.0000773e@yahoo.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!2.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Michael S <already5chosen@yahoo.com> Newsgroups: comp.arch Subject: Re: YASV (Yet Another Security Vulnearability) Date: Sat, 27 Jul 2024 21:33:09 +0300 Organization: A noiseless patient Spider Lines: 43 Message-ID: <20240727213309.0000773e@yahoo.com> References: <v7rqbf$1ta84$1@dont-email.me> <20240725104113.000006e8@yahoo.com> <tJtoO.87238$BYv6.980@fx09.iad> <2024Jul26.181750@mips.complang.tuwien.ac.at> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Injection-Date: Sat, 27 Jul 2024 20:33:17 +0200 (CEST) Injection-Info: dont-email.me; posting-host="ea3bb3b7965445001b26321ce138ef4c"; logging-data="3683030"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+GNgA7Ro5jTC4xnjs6/ln8Iz2yUdQMJi0=" Cancel-Lock: sha1:g3+r+FDzLv2M/cp7Aed+dPAj5jM= X-Newsreader: Claws Mail 4.1.1 (GTK 3.24.34; x86_64-w64-mingw32) Bytes: 3036 On Fri, 26 Jul 2024 16:17:50 GMT anton@mips.complang.tuwien.ac.at (Anton Ertl) wrote: > EricP <ThatWouldBeTelling@thevillage.com> writes: > >One thing they mention is Intel and AMD incorporating privilege level > >tagging into the BTB, as I suggested when this all started. > >Combine that with purging the user mode entries from the predictor > >tables on thread switch and I would think that would shut this all > >down. > > 1) The attacker can still attack the context (even if the notion of > context includes the privilege level) from within itself. E.g., > the kernel can be attacked by training the kernel-level branch > prediction by performing appropriate system calls, and then > performing a system call that reveals data through a > mis-speculation side channel. IIRC such Spectre attacks have > already been demonstrated years ago. > > 2) Users are supposedly not prepared to pay the cost of invisible > speculation (-5-20%, depending on which paper you read) , are they > prepared to pay the cost of purging the user-mode entries of branch > predictors on thread switches? > > My guess is that the stuff plays out as usual: The hardware > manufacturers don't want to implement a proper fix like invisible > speculation, and they suggest software mitigations like purging > user-mode entries on thread switch. The software people then > usually consider the mitigation too expensive in performance or in > development effort, so only a miniscule amount of software contains > Spectre mitigations. > > - anton That's how it should be. Not really attacks -> not really mitigations. I am not willing to pay even 0.001% in performance to mitigate non-threats. And as far as I am concerned, anything that requires running arbitrary binary code on my computer, even on least privileged account, is a non-threat.