Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday October 30 2019, @06:14AM   Printer-friendly

https://www.zdnet.com/article/top-linux-developer-on-intel-chip-security-problems-theyre-not-going-away/

Greg Kroah-Hartman, the stable Linux kernel maintainer, could have prefaced his Open Source Summit Europe keynote speech, MDS, Fallout, Zombieland, and Linux, by paraphrasing Winston Churchill: I have nothing to offer but blood sweat and tears for dealing with Intel CPU's security problems.

Or as a Chinese developer told him recently about these problems: "This is a sad talk." The sadness is that the same Intel CPU speculative execution problems, which led to Meltdown and Spectre security issues, are alive and well and causing more trouble.

The problem with how Intel designed speculative execution is that, while anticipating the next action for the CPU to take does indeed speed things up, it also exposes data along the way. That's bad enough on your own server, but when it breaks down the barriers between virtual machines (VM)s in cloud computing environments, it's a security nightmare.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Wednesday October 30 2019, @03:34PM

    by DannyB (5839) Subscriber Badge on Wednesday October 30 2019, @03:34PM (#913743) Journal

    Sparc was just a 2.0 version of processor that Sun was designing to be perfect for Java.

    As a Java developer, IMO, it is a good thing that there is no specific processor designed for Java.

    What we ended up with instead is an amazing runtime platform for Java, that is fairly portable to new hardware.

    Your source code (Java and other languages) is compiled to JVM bytecode, which is portable.

    The runtime begins by interpreting JVM bytecode. Immediate start of execution, but not great performance.

    Everything is constantly dynamically profiled. As soon as it is recognized that a certain procedure is getting most of the CPU, that procedure is compiled by the C1 compiler to native code, and put on a list to get recompiled again soon by the C2 compiler.

    The C1 compiler quickly generates decent but not optimal native code. So this procedure immediately gets a performance bump.

    Soon, C2 comes along and spends a lot of time recompiling this procedure again to native code. But C2 takes the entire global execution picture into account. Something that an ahead of time C compiler cannot do. Some C code might be calling procedures in another module that is not yet even written when this present module is compiled. JVM's C2 compiler can change how parameters are passed, fork the procedure into multiple versions to optimize for different parameter types that are KNOWN to be passed from within the presently running program. Or it can make optimizations because it KNOWS that within the present program certain parameter types or subtypes are NEVER passed as a parameter to this function. This is the vantage point of having ALL of the ENTIRE executable code at your disposal for analysis. C2 also aggressively inlines code. So don't worry about function call overhead to small stub procedures if that helps your abstractions and code maintenance and design. And in Java, ALL classes are "virtual" with vtables, but C has "non-virtual" methods with no vtable -- well the JVM can PROVE that certain classes/methods simply do not need a vtable -- within this presently executing and completely linked program. C2 can make a LOT of optimizations. Including generating specific machine instructions for the ACTUAL PROCESSOR that you are executing on. Does you processor have certain instruction set extensions? An ahead of time C compiler cannot assume on its own that it can take advantage of certain processor instruction set extensions. And much more.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2