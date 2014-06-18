18/06/14/1945223 story
posted by takyon on Friday June 15, @02:24AM
from the more-where-that-came-from dept.
The Intel® FPU speculation vulnerability has been confirmed. Theo guessed right last week.
Using information disclosed in Theo's talk, Colin Percival developed a proof-of-concept exploit in around 5 hours. This seems to have prompted an early end to an embargo (in which OpenBSD was not involved), and the official announcement of the vulnerability.
Also at The Register, Hot Hardware, and BetaNews.
(Score: 3, Interesting) by Subsentient on Friday June 15, @03:02AM (1 child)
I'm getting so tired of all these crippling bugs in Intel's chips. Most of these patches have a performance hit. Depressing. IO speed has gone in the toilet for me since I enabled KPTI on vulnerable systems.
(Score: 0) by Anonymous Coward on Friday June 15, @03:51AM
Most of the current issues would not BE issues if the original kernel/application memory address boundaries had been followed, instead of the performance optimization of placing kernel memory in a subset of application memory. However the added bounce buffers to pass data back and forth between kernel and user space were considered too great, and the choice was made to forego that protection and place everything in the single memory space that has persisted until today. Tanenbaum is being proven correct in his microkernel vs monolithic kernel debate, and we are finally reaching a point where the compromises in security taken for the sake of performance are being reassessed. Both processors and system memory are now fast enough for all but the most intensive workloads to not be significantly impacted by the loss in performance, and for applications that still require that level of performance, so long as they are not network accessable or scriptable then it is safe to use them with the protections disabled on a application by application basis, while everything else is properly isolated with kernel/application memory space isolation. The major exception to this is Web Browsers, which are going to take a huge performance hit, and things like WebGL, Javascript Coin Miners, and DRM will no longer have the access nor performance necessary to do their stated tasks.
(Score: 2) by frojack on Friday June 15, @03:05AM (1 child)
Your exploit program would have to know exactly when your victim was going to be using the fpu, (which for a great deal of work loads is rather uncommon), and time your attack to strike just after any such use.
I suppose if you already had detail knowledge of the target work load, and freedom to schedule your attack precisely in time you might make this work a couple times out of any 10,000 attempts.
Not something I'm worried about.
(Score: 3, Interesting) by jmorris on Friday June 15, @03:40AM
You forget that the "fpu" registers are now used for a lot more than floating point math.
This is going to end with either the banning of all speculative execution or banning preemptive multitasking and limiting multi-tasking to what can be accomplished with multi-core / thread processors combined with a rebirth in cooperative multi-tasking, i.e. lots of yield calls. Either way a big change in the way we compute is coming because it is now becoming clear that any processor feature that even resembles speculative execution can be exploited to leak info. Major wrong turn in design brought on by the relentless quest for more IPC (Instructions Per Clock). So simplify the CPU core again and just let them proliferate? Only problem is that after a decade of pervasive multi-core processors deployed all the way down to phones, much software still fails to take advantage of more than one thread of execution.