Two Hard-to-Detect Spectre Flaws Found for Intel, Arm Processors

[Lucian Armasu]

Two academics have uncovered two more Spectre flaws that seem to be "undetectable" by existing tools.

Two Hard-to-Detect Spectre Flaws Found for Intel, Arm Processors : Read more

 

[stdragon]

So...the flaw isn't HW, but rather a fundamental philosophy in computing within the relm of computer science. NICE! *slow clap*

You can't fix what hasn't been implemented.

 

[DerekA_C]

I like how they say it may affect AMD just to try and throw crap at AMD's major successes in the last year. Something tells me I doubt AMD is affect. Intel kept doing the same thing over and over and it is now biting them in the butt.

 

[Christopher1]

I have said it before and I will say it again: SANDBOX SANDBOX SANDBOX! Sandboxing would prevent or mitigate a lot of these attacks.

 

[stdragon]

Sandboxing wouldn't do squat. In fact, these Spectre exploits hit cloud based hosting providers hard. That's because running malicious code in one VM that exploits this can snoop the RAM of the underlying physical host and gain access to the contents of another VM.

Basically, speculative execution, and hyper threading by extension is fundamentally flawed. In fact, OpenBSD now disables HT all together. No more beating around the bush.

 

[Christopher1]

The problem with getting rid of 'speculative execution' is that it is part of what makes computers today so fast: Information is 'kept in memory' and when the processor needs it? It just pulls it out of memory if it is needed within a reasonable amount of time.

If we have to go back to "Program uses memory and then all data is flushed!" expect computers to get much much slower.

One person on PCWorld was talking about a 50% decrease in computing speed.

 

[stdragon]

Intel stated across the board integer performance loss anywhere from 2% to 8% after patching Spectre v4 with microcode. Meaning, it's irregardless if the process is in kernel or user land. However, Coffee Lake CPUs (8th gen) are currently seeing anywhere from 1% to 3% hit.

I'm not sure if Intel's numbers are on average against all the Core series with the oldest being the worst, or just pre-Haswell where INVPCID for PCID (Process Context ID) isn't available.