Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > Intel Gets Put On Notice

Intel Gets Put On Notice (Page 2)
Thread Tools
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
May 28, 2018, 08:28 PM
 
But if I understand your argument, it'd be more accurate to say that TSX does not protect against it, correct? (Probably that's why I don't remember TSX being a part of the discussions I have read online.)
I don't suffer from insanity, I enjoy every minute of it.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
May 29, 2018, 03:15 AM
 
No, TSX is a mechanism. Say that you patch Meltdown (which is strictly a bug, and only affects Intel anyway). Also say that you patch Spectre 2 (Branch Target Injection), which is arguably a bug as well. (Equivalently, let's say AMD adds TSX, as specified, to Ryzen). Having done that, you can still use TSX to do a Meltdown-like attack to read any and all data from virtual memory. Spectre 1 cannot do that alone.

This was not publicized at all, most likely because TSX is still disabled in a lot of Intel chips.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
OreoCookie
Moderator
Join Date: May 2001
Location: Hilbert space
Status: Offline
Reply With Quote
May 29, 2018, 06:19 PM
 
Just to get the nomenclature right: the way I understand it, nowadays Spectre and Meltdown refer to classes of attacks, and you can do Meltdown-type attacks either with or without TSX. Correct? That‘d make TSX a security feature which protects against other vulnerabilities, but not Meltdown-type attacks.

Getting back to the original discussion: I think it is quite interesting to see how these CPU-based attacks will change the road maps of the big chip companies.
I don't suffer from insanity, I enjoy every minute of it.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
May 30, 2018, 05:22 AM
 
Not really. Meltdown is a very specific bug, where Intel CPUs will make a speculative read to a protected memory area and only catch it when it goes to retire. This is a bug, there are no advantages to Intel to doing it this way. The fix will be to make the check for the permission bit earlier, so you don't waste precious load/store unit resources on a read that will be prevented anyway. Intel will just patch this. The consequences are catastrophic, you can easily read all of current memory using this.

Spectre 1, Bounds Check Bypass, is a speculative read happening because you trained the branch predictor to assume that a certain read would happen when it wouldn't, according to program flow. This is hard to patch out, because it is inherent in how speculative execution works, but the consequences aren't so bad. You can't read all of system memory, and you can prevent it to some extent in software. Intel won't ever patch this.

Spectre 2, Branch Target Injection, lies somewhere in-between. The branch predictor will use information that it gained from executing user mode code when executing kernel mode code. This lets you affect what the BTB contains, therefore how it will guess when triggering an indirect branch in kernel mode. This is arguably a bug, and I think Intel will patch it too, but it is much harder to exploit.

The TSX thing is neither of these. You can say that it is a variant of Meltdown if you want, but it isn't really a bug. It works according to specification. Intel can change the specification - to say that you will trigger a segmentation fault if trying to read something you shouldn't, even if you're inside a TSX speculation - but right now, when implemented correctly, TSX will enable a bug that is not there otherwise.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
 
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:42 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,