Do you know what the Problem is?

knuthf

Distinguished
Jan 13, 2012
3
0
18,510
0
We made computers that used extensive memory cycles, accessed memory asynchronously and in interleaved cycles between the processor where thousands of CPU could hit the same memory at the same time. Just as the Meltdown issue. I fail to see how a piece of code can survive a reboot of a multicore computer, but I see the Meltdown bug. I fail to see the "security"in the flaw - because a DMA transfer set up the right way can still dump the entire Windows memory, but not Linux after the 14.6 patches. I see that there is little to write about, and that the above sort of complete rubbish. That is what worries me. -K
 

USAFRet

Titan
Moderator
Mar 16, 2013
153,562
10,972
175,990
24,029
Meltdown is not a "bug" that is installed and runs, it is code built into the CPU firmware, for how the thing runs. A hardware vulnerability.
You may or may not encounter malicious code that exploits that code. But it is still in there.

https://meltdownattack.com/
 

knuthf

Distinguished
Jan 13, 2012
3
0
18,510
0
It is NOT in the firmware, it is in the timing diagrams.
The Problem is that things like semaphores does not work - things are apparently not just 0 or 1 and if two processor read the same memory location they may get different result - because a third process modified the content while it was read. There is a general misunderstanding about the issue. The CPUs will access RAM one, two, 4, 8 or 16 bytes at a time. But some instructions: memset fires off and sets the memory. To allow the "memset"to run at full speed, this is set to use cycles in the memory "between the other cycles" - ïmnterleaved".. The Intel instruction set is ïnefficient"and needs typically 5 "nano-cycles". So one for the CPU, or actually the cache, and then 4 for memory operations, DMA and Video. The typical way you detect this is that the boot loader does not "sense"devices that report in in the Cycles 2 to 4 - for DMA. They just set a flag / signal that is trapped and raise an IRQ that can be identified by its mask.I don't care, the Truth never hurts - but the notion of being "malicious"is just silly. You need access to the hardware to use this. To reboot means to make the device "dead"at some point. Nothing survives except what has been stored away. The malignant nature of this is the belief it creates to supports consultants or priests of some new religion: Computer Security. Nothing of what they have proposed stops me from writing code that exploit"this in a DMA transfer of the entire memory to some other device in units of 4K blocks. Pull the plug - and it is NOT there - gone.
 

ASK THE COMMUNITY

TRENDING THREADS