SoylentNews is people
SoylentNews
posted by
martyb
on Saturday February 16 2019, @02:08PM
from the so-that-means...-we-are-screwed dept.
from the so-that-means...-we-are-screwed dept.
Google security researchers have come to the conclusion that speculative execution attacks are here to stay without drastic changes to modern CPU architectures, such as removing speculative execution entirely.
Spectre is here to stay: An analysis of side-channels and speculative execution
Related:
Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35% [Update: 2]
Qualcomm Joins Others in Confirming its CPUs Suffer From Spectre, and Other Meltdown News
Congress Questions Chipmakers About Meltdown and Spectre
What Impact Has Meltdown/Spectre Had on YOUR Systems?
Intel Admits a Load of its CPUs Have Spectre V2 Flaw That Can't be Fixed
Intel FPU Speculation Vulnerability Confirmed
New Spectre Variant SpectreRSB Targets Return Stack Buffer
Intel Discloses a Speculative Execution Attack in Software Guard eXtensions (SGX)
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches
MIT Researchers Claim to Have a Solution for Some Speculative Execution Attacks
Spectre, Meltdown Researchers Unveil 7 More Speculative Execution Attacks
New Side-Channel Leak: Researchers Attack Operating System Page Caches
This discussion has been archived.
No new comments can be posted.
Spectre is Here to Stay: An Analysis of Side-Channels and Speculative Execution
|
Log In/Create an Account
| Top
| 36 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Power tends to corrupt, absolute power corrupts absolutely.
-- Lord Acton
(Score: 2, Interesting) by Curlsman on Monday February 18 2019, @08:55PM
Alpha EV6 (21264) used out-of order execution:
https://people.cs.clemson.edu/~mark/464/21264.verification.pdf [clemson.edu]
"The Alpha 21264 microprocessor is a highly out-of-order, superscalar implementation of the Alpha architecture."
And https://en.wikipedia.org/wiki/DEC_Alpha [wikipedia.org]
And the OpenVMS OS designers believe they are resistant:
https://www.vmssoftware.com/updates.html [vmssoftware.com]
"VSI OpenVMS is NOT vulnerable to this issue, primarily due to its different, four-mode architecture. Specifically, VSI OpenVMS is protected against CVE-2018-8897 because it does two things differently than other operating systems:
1) OpenVMS doesn’t rely on the CS pushed in the interrupt stack frame to determine the previous mode. This means OpenVMS cannot be tricked into believing it was already in kernel mode when it was not, which is central to this vulnerability.
2) OpenVMS uses a different method to switch GSBASE; OpenVMS always performs the switch and makes sure the user-mode GSBASE is always updated to match the kernel-mode GSBASE."