If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#136
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
Den 2018-01-06 kl. 19:23, skrev Tim Streater:
In article , Johnny Billquist wrote: And then they figured out a clever way of mining the contents of the cache. One could argue that the cache should be invalidated in such a scenario, but that is not happening either. Never mind invalidating it. WTF is going on if a non-priv process has the right to do anything at all to the cache? Non-priv processes shouldn't even be aware that there *is* a cache, never mind having the right to execute instructions *about* the cache. The non-priv process doesn't know there is a cache and it doesn't do anything with the cache. Short summary... You have two arrays in your code, ar1 is 16 bytes and ar2 is 256*1024 or 262144 bytes (see * below). Then you have an read from the smaller array using an index: ar1[x] so far so good. But then you add a range check: if (x 16): ar1[x] And then you use the value read from ar1 as an index into ar2: if (x 16): y = ar2[(ar1[x] * 1024)] Then you run this a number of times with x 16 to "learn" the predictive execution unit that x is "usually lower then 16". So the next time, the processor guesses that it will probably need to run the code after the if, so it does that at once, at more or less the same time as the if is evaluated. The value of x must of course be fetched, but it is optimized over to the second statement before any priv-checkes has been done. One other important thing, is that you have also run some other code of your own so that ar2 is completely removed from the cache. Any read from ar2 will have to go to real memory. The value ar1[x] will be lost, but one member of ar2 will have been read and is now cached. And the address is a direct track back to the (protected) value read using an invalid value of x using ar1. Anyware in any physically accessable memory. Now, another important thing. There are counters within modern CPUs that ticks at a very high speed, say the core speed. These can be use to time critical code paths or to debug the processor itself. These timers are not critical as such, but here comes the clever part... You now read the whole of ar2, taking note of the time to read/load each member of the ar2 array. When it finds a member whos access time is way lower then the rest of the ar2 array, it has found the addess that was cached and it can count back and calculate the value that must have been read from the protected memory. And there you are. Just rerun. Clear the cache, feed the optimizer with values of x 16, read the next protected memory address and then re-read ar2 counting the access times. The protection built in in the processor stops you from directly see the value read from ar1 (using the out of bounds value of x). Enjoy! Jan-Erik. (*) I'm not sure about the size of the second array, why not just 256 bytes? I think it has something to do with the way the cache is organized in "pages", or whatever it is called. |
Ads |
#137
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
Den 2018-01-06 kl. 23:34, skrev Tim Streater:
In article , Johnny Billquist wrote: On 2018-01-06 19:23, Tim Streater wrote: In article , Johnny Billquist wrote: And then they figured out a clever way of mining the contents of the cache. One could argue that the cache should be invalidated in such a scenario, but that is not happening either. Never mind invalidating it. WTF is going on if a non-priv process has the right to do anything at all to the cache? Non-priv processes shouldn't even be aware that there *is* a cache, never mind having the right to execute instructions *about* the cache. Normally, that is true. But clever people can do a lot around this. When I was doing my CS major, we had a course on advanced computer architectures, in where we learned how to write a very simple program that told us everything about cache size, associativeness, line size, TLB size, TLB associativeness, and so on... All you need to do is understand how the computer is affected by these things, and then write programs that detect the effects. In short, you write small loops that exercise the cache in different ways, and time the whole thing. You don't even need any high precision timers for it. All user level, and all very simple. Does that involve instructions that operate on the cache. Such as "clear cache"? You just read some unrelated (to the actual tests) data, so that the test that you are running are 100% non-chached. If that is what your tests are about. And anyway, you can never "clear" any memory, being it the cache or any other memory. Each byte will always have a value between x'00' and x'FF'. |
#138
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
Den 2018-01-07 kl. 00:09, skrev Andy Burns:
Tim Streater wrote: Does that involve instructions that operate on the cache. Such as "clear cache"? Yes, for the example I saw https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6/revisions but I think it was only using spectre techniques to read from a chunk of memory within the same process, to demonstrate how the timing works. The x86-64 reference manual https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf states "The CLFLUSH instruction can be used at all privilege levels and is subject to all permission checking and faults associated with a byte load" so perhaps the example is too simplistic and a real attack wouldn't be able to flush the target area of memory from the cache lines, unless it already had permission to access that memory? You just have to make sure that nothing that is related to what you are doing is cached. Such as loading some *other* data that belongs to you. |
#139
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
Tim Streater wrote:
It's not that bad, one or two cars at a time. These days it's not unusual at all for houses to have 200A service and putting a 100A 240V outlet in the garage for a charger does not require a major retrofit. Garage ha ha ha. That'll work a treat on those streets of terraced houses, eh? A 50kWh battery is going to need 100A at 1kV to charge up in 30 mins. You're not going to get that right now. Maybe in a decade. Right now you're talking four hours to charge it up full. You going to give the punter a cable at 1kV to shove in their car? It's dangerous, sure, but ever seen a gasoline fire? --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#140
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
In article , Ron C
wrote: ...and you believe cars will reach a higher standard? absolutely. all they need to do is be better than humans, which as i said, is not that tough. And yet we have this [many decades old] memory leak security hole. that would not cause an autonomous vehicle to crash. |
#141
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
nospam wrote:
In article , Ron C wrote: My neighbor is a mechanic for a dealership. They send him to classes for the latest updates and such. He's told some stories about the warnings related to servicing electric cars. Most of the stories start with something to the effect of "..if you touch THIS you're dead.." Seems there's the potential for a lot of dead shade-tree mechanics, to say nothing of the risks to EMTs responding to crashes. if you touch the wrong thing in a gas vehicle you could be dead too. That's the basic thing. People have had a century now to get used to gasoline and learn how to prevent gasoline from exploding so easily. It still happens now and then, even with a century of technology and training. It's going to take some time for people to learn the safety measures and procedures for electric stuff. It's scary, but no more scary than gasoline was in 1910. The really cool thing about electricity, and the thing that fascinated me about it as a child, was that it follows rules and it follows them precisely. If you know the rules and you pay attention to them, it's perfectly safe. If you do not, it's very dangerous. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#142
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
Ron C wrote:
On 1/6/2018 6:22 PM, nospam wrote: In article , Ron C wrote: My neighbor is a mechanic for a dealership. They send him to classes for the latest updates and such. He's told some stories about the warnings related to servicing electric cars. Most of the stories start with something to the effect of "..if you touch THIS you're dead.." Seems there's the potential for a lot of dead shade-tree mechanics, to say nothing of the risks to EMTs responding to crashes. if you touch the wrong thing in a gas vehicle you could be dead too. Such as... ? We hired a man to fix our car Then he held on to a spark plug wire. Now he's moving on. He's moving on. His soul cut loose when he felt the juice, He's moving on. -- "C'est un Nagra. C'est suisse, et tres, tres precis." |
#143
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
On Sat, 06 Jan 2018 15:54:21 -0500, nospam
wrote: In article , Doomsdrzej wrote: The biggest problem in even considering a Tesla is that I live in a very cold climate which, since mid-December, has seen its temperature go no lower than -25c. In such a climate, the already poor range of an electric car is even worse and there are good reasons to believe that it wouldn't even start. the batteries are heated in cold weather and the cars start just fine. Are they heated through the use of a block heater or is there some other solution I'm not aware of? the batteries are heated and shortly before leaving, you can preheat the cabin via a smartphone app. _How_ are they heated? via a heater module on the batteries. Pre-heating the cabin essentially means that you've turned on the car remotely. However, this is only possible if the car starts which, of course, often requires the batteries to be heated. for a gas powered vehicle, the engine must be running. not true for an electric vehicle. Very interesting to know, thanks. |
#144
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
On 01/06/2018 07:43 PM, nospam wrote:
In article , Ron C wrote: ...and you believe cars will reach a higher standard? absolutely. all they need to do is be better than humans, which as i said, is not that tough. And yet we have this [many decades old] memory leak security hole. that would not cause an autonomous vehicle to crash. Well, we don't know that yet. :-) Maybe it can make the autonomous car mistake a tractor-trailier for a billboard. bill |
#145
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
On 1/6/2018 7:38 PM, Scott Dorsey wrote:
Tim Streater wrote: It's not that bad, one or two cars at a time. These days it's not unusual at all for houses to have 200A service and putting a 100A 240V outlet in the garage for a charger does not require a major retrofit. Garage ha ha ha. That'll work a treat on those streets of terraced houses, eh? A 50kWh battery is going to need 100A at 1kV to charge up in 30 mins. You're not going to get that right now. Maybe in a decade. Right now you're talking four hours to charge it up full. You going to give the punter a cable at 1kV to shove in their car? It's dangerous, sure, but ever seen a gasoline fire? --scott Thousands of people pump their own gas every day. Seldom a conflagration. Several hundred volts and a little water in the wrong place .. and zap! I'd tend to trust some average rube with gasoline before I'd trust them with high voltage stuff. [YMMV] -- == Later... Ron C -- --- This email has been checked for viruses by AVG. http://www.avg.com |
#146
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
Den 2018-01-07 kl. 01:50, skrev Doomsdrzej:
On Sat, 06 Jan 2018 15:54:21 -0500, nospam wrote: In article , Doomsdrzej wrote: The biggest problem in even considering a Tesla is that I live in a very cold climate which, since mid-December, has seen its temperature go no lower than -25c. In such a climate, the already poor range of an electric car is even worse and there are good reasons to believe that it wouldn't even start. the batteries are heated in cold weather and the cars start just fine. Are they heated through the use of a block heater or is there some other solution I'm not aware of? the batteries are heated and shortly before leaving, you can preheat the cabin via a smartphone app. _How_ are they heated? via a heater module on the batteries. Pre-heating the cabin essentially means that you've turned on the car remotely. However, this is only possible if the car starts which, of course, often requires the batteries to be heated. for a gas powered vehicle, the engine must be running. not true for an electric vehicle. Or for a normal gas powered car, with built-in electric pre-heating of the windshield (or whatever). Many cars also have a separate gas or diesel powered heater for the cabin. Today remote controled by your phone app... Eberspächer being one of the oldest and larges manufacturer. https://www.eberspacher.com/products...d-heaters.html https://www.eberspacher.com/products...l-heaters.html |
#147
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
On Sat, 6 Jan 2018 17:46:57 -0500, Bill Gunshannon
wrote: On 01/06/2018 05:27 PM, nospam wrote: In article , Bill Gunshannon wrote: The biggest problem in even considering a Tesla is that I live in a very cold climate which, since mid-December, has seen its temperature go no lower than -25c. In such a climate, the already poor range of an electric car is even worse and there are good reasons to believe that it wouldn't even start. the batteries are heated in cold weather and the cars start just fine. Are they heated through the use of a block heater or is there some other solution I'm not aware of? the batteries are heated and shortly before leaving, you can preheat the cabin via a smartphone app. And that heating shortens your range. Or did you think it was somehow free? it's effectively free. the impact is a few miles less range, out of 200-300 miles total. most trips are well under that, so it's not even remotely a concern. Say what? Honda FitEV - 82 miles KIA SoulEV - 93 miles Mercedes Benz B-Class Electric Drive - 124 miles Mitsubishi I-MiEV - 106 miles Nissan Leaf - 75 miles Smart electric Drive - 90 miles Volkswagen e-Up - 99 miles Chevy Spark EV - 82 miles BMW i3 - 114 miles Not everybody can afford a Tesla. Before I retired my daily commute was between 60 and 70 miles. Very close for some of these cars without using some of that electricity for heat. One detour because of an accident on the highway and I am screwed. And what do you think it will cost to have it flatbeded to my house? Not to mention the wasted time, inconvenience and danger of being stranded on the side of the road. especially in -20 temps. Electric cars are about as ready for reality as autonomous cars. I just put 450km of highway/city driving on my QX30 before it kindly asked me whether I would buy it a drink of oil. None of those affordable electric cars get anywhere near there. Only Tesla does... and it has a wait time as well as a very high price tag. |
#148
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flawforces Linux, Windows redesign
On 01/06/2018 07:56 PM, Doomsdrzej wrote:
On Sat, 6 Jan 2018 17:46:57 -0500, Bill Gunshannon wrote: On 01/06/2018 05:27 PM, nospam wrote: In article , Bill Gunshannon wrote: The biggest problem in even considering a Tesla is that I live in a very cold climate which, since mid-December, has seen its temperature go no lower than -25c. In such a climate, the already poor range of an electric car is even worse and there are good reasons to believe that it wouldn't even start. the batteries are heated in cold weather and the cars start just fine. Are they heated through the use of a block heater or is there some other solution I'm not aware of? the batteries are heated and shortly before leaving, you can preheat the cabin via a smartphone app. And that heating shortens your range. Or did you think it was somehow free? it's effectively free. the impact is a few miles less range, out of 200-300 miles total. most trips are well under that, so it's not even remotely a concern. Say what? Honda FitEV - 82 miles KIA SoulEV - 93 miles Mercedes Benz B-Class Electric Drive - 124 miles Mitsubishi I-MiEV - 106 miles Nissan Leaf - 75 miles Smart electric Drive - 90 miles Volkswagen e-Up - 99 miles Chevy Spark EV - 82 miles BMW i3 - 114 miles Not everybody can afford a Tesla. Before I retired my daily commute was between 60 and 70 miles. Very close for some of these cars without using some of that electricity for heat. One detour because of an accident on the highway and I am screwed. And what do you think it will cost to have it flatbeded to my house? Not to mention the wasted time, inconvenience and danger of being stranded on the side of the road. especially in -20 temps. Electric cars are about as ready for reality as autonomous cars. I just put 450km of highway/city driving on my QX30 before it kindly asked me whether I would buy it a drink of oil. None of those affordable electric cars get anywhere near there. Only Tesla does... and it has a wait time as well as a very high price tag. My Silverado gets over 500 on a tank except when I'm towing my camper. Wonder how far a Tesla would pull that? :-) bill |
#149
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
In article , Bill Gunshannon
wrote: ...and you believe cars will reach a higher standard? absolutely. all they need to do is be better than humans, which as i said, is not that tough. And yet we have this [many decades old] memory leak security hole. that would not cause an autonomous vehicle to crash. Well, we don't know that yet. :-) Maybe it can make the autonomous car mistake a tractor-trailier for a billboard. yes we do. meltdown/spectre won't have any effect on the algorithms used in autonomous vehicles. nothing is perfect so there will still be collisions, but far fewer than with human drivers. human drivers make all sorts of mistakes, some incredibly stupid. |
#150
|
|||
|
|||
Intel junk...Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
In article , Ron C
wrote: You going to give the punter a cable at 1kV to shove in their car? It's dangerous, sure, but ever seen a gasoline fire? Thousands of people pump their own gas every day. Seldom a conflagration. except when there is. http://www.cnn.com/2013/11/03/justic...as-station-fir e/index.html A Georgia man will face criminal charges for accidentally setting fire to his wife by flicking his lighter near his pickup truck's gas tank while refueling. https://www.reddit.com/r/Whatcouldgo.../lighting_a_ci garette_in_a_gas_station/ plenty of others, including youtube videos. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|