[The Register] SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[The Register] SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Reply
 
Thread Tools
post #11 of 55 (permalink) Old 03-05-2019, 08:59 AM
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,537
Rep: 432 (Unique: 298)
So to those who skimmed it (or didn't read):

They use SPOILER as a way to determine physically addresses using virtual memory pages read/write and see where the "spike" is where the virtual page is sitting on two physical pages (which causes longer read/write).
Using that information, they calculate where the physical pages are sitting.
Then, once they know that, they can use a dram attack called Double Sided Rowhammer.
That attack is meant to force row refreshes inside the same bank of the dram memory that contain said pages, in order to force rows inside the dram to flip bits when adjusted rows (on either side, hence double sided) around them get refreshed constantly, until memory bits in the unrefreshed, flip. That is a dram vulnerability, not an intel specific one though.

That way, they basically force a change on the memory, and if they are doing it in the right place, can use that to exploit information, gain access, etc.

Rowhammer was found in 2014. But it was hard to use as it was hard to determine where the physical pages were inside the virtual space of an application.
Using SPOILER though, they can "bypass" that issue, and allow Rowhammer to do its dirty work.

It will be very hard for intel to fix the issue, because how the virtual memory and physical memory works. And it can't be fixed via firmware if right, because that issue of finding those physical page locations is inherent in the read/write of the virtual pages.
It is not like they can fix the "spike time" that notify where the pages are, since reading two pages inside the memory, will always takes longer.
And once they can determine physical page locations, Rowhammer (or other physical memory exploits), can come back on the table.

To "fix" it, intel will need to find a way to block Rowhammer from flipping bits in the cache, since they can't stop SPOILER. And that will require that when rows gets refresh, they must also start to refresh everything around it, and so on, and it will cause a chain reaction of heavy slowdown.

Why they couldn't make it happen in AMD or ARM, is because they couldn't distinguish the little spikes in read that say whether a virtual page was sitting on two physical pages.



Last edited by Defoler; 03-05-2019 at 09:02 AM.
Defoler is offline  
Sponsored Links
Advertisement
 
post #12 of 55 (permalink) Old 03-05-2019, 09:16 AM
RTX ON FPS OFF
 
anticommon's Avatar
 
Join Date: Jul 2012
Location: Maine
Posts: 823
Rep: 28 (Unique: 25)
Quote: Originally Posted by Defoler View Post
Why they couldn't make it happen in AMD or ARM, is because they couldn't distinguish the little spikes in read that say whether a virtual page was sitting on two physical pages.
It's like intel is driving a slammed low-rider and AMD has their super-swamper'ed CJ7 out and the vulnerability can only detect when they hit a bump in the road.

KRAKEN
(13 items)
CPU
9900k
Motherboard
Gigabyte Z370 Gaming 7
GPU
EVGA RTX 2080 Ti XC ULTRA
RAM
Kingston HyperX Predator RGB
Hard Drive
ADATA XPG SX8200
Power Supply
EVGA SUPERNOVA G2
Cooling
EK Velocity Nickel-Plexi, EK Vector RTX Nickel-Plexi, EK EX360, Koolance 360mm, Enermax Neochanger
Case
Thermaltake A500
Operating System
W10 Premium
Monitor
Alienware AW3418DW
Keyboard
Corsair LUX
Mouse
Logitech G502 Spectrum
Audio
Audiotechnica ATH-900X, SBX G5, MODMIC
▲ hide details ▲
anticommon is offline  
post #13 of 55 (permalink) Old 03-05-2019, 09:53 AM
I <3 narcissists
 
bigjdubb's Avatar
 
Join Date: Feb 2008
Location: Houston, TX
Posts: 4,731
Rep: 203 (Unique: 128)
All of this stuff is way over my head. Is it just luck that AMD has been dodging these security bullets or do they have a better understanding of security holes than Intel?

El Computer
(15 items)
CPU
AMD Ryzen 7 2700X
Motherboard
Asrock X470 Taichi Ultimate
GPU
Radeon VII
GPU
EVGA 2080ti FTW3 Ultra
RAM
G.SKILL TridentZ RGB
Hard Drive
Samsung 970 EVO
Hard Drive
CRUCIAL 1TB MX500 M.2
Power Supply
EVGA G3
Cooling
CORSAIR H150I PRO
Case
LianLi PC-O11 Dynamic
Operating System
Windows 10 Pro
Monitor
LG 32GK850G
Monitor
50" Vizio 4k TV
Keyboard
Logitech G110
Mouse
G.SKILL RIPJAWS MX780 USB
▲ hide details ▲


bigjdubb is online now  
Sponsored Links
Advertisement
 
post #14 of 55 (permalink) Old 03-05-2019, 11:34 AM
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,537
Rep: 432 (Unique: 298)
Quote: Originally Posted by bigjdubb View Post
All of this stuff is way over my head. Is it just luck that AMD has been dodging these security bullets or do they have a better understanding of security holes than Intel?
Well basically, could be.
Maybe AMD do the virtual page read on two physical ones at the same time. Maybe they don’t store a virtual page on two physical ones.
And that was tested on bulldozer, so it’s interesting to see if zen does the same or vulnerable like intel.


Defoler is offline  
post #15 of 55 (permalink) Old 03-05-2019, 12:16 PM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,459
Rep: 38 (Unique: 29)
Quote: Originally Posted by Defoler View Post
So to those who skimmed it (or didn't read):

They use SPOILER as a way to determine physically addresses using virtual memory pages read/write and see where the "spike" is where the virtual page is sitting on two physical pages (which causes longer read/write).
Using that information, they calculate where the physical pages are sitting.
Then, once they know that, they can use a dram attack called Double Sided Rowhammer.
That attack is meant to force row refreshes inside the same bank of the dram memory that contain said pages, in order to force rows inside the dram to flip bits when adjusted rows (on either side, hence double sided) around them get refreshed constantly, until memory bits in the unrefreshed, flip. That is a dram vulnerability, not an intel specific one though.

That way, they basically force a change on the memory, and if they are doing it in the right place, can use that to exploit information, gain access, etc.

Rowhammer was found in 2014. But it was hard to use as it was hard to determine where the physical pages were inside the virtual space of an application.
Using SPOILER though, they can "bypass" that issue, and allow Rowhammer to do its dirty work.

It will be very hard for intel to fix the issue, because how the virtual memory and physical memory works. And it can't be fixed via firmware if right, because that issue of finding those physical page locations is inherent in the read/write of the virtual pages.
It is not like they can fix the "spike time" that notify where the pages are, since reading two pages inside the memory, will always takes longer.
And once they can determine physical page locations, Rowhammer (or other physical memory exploits), can come back on the table.

To "fix" it, intel will need to find a way to block Rowhammer from flipping bits in the cache, since they can't stop SPOILER. And that will require that when rows gets refresh, they must also start to refresh everything around it, and so on, and it will cause a chain reaction of heavy slowdown.

Why they couldn't make it happen in AMD or ARM, is because they couldn't distinguish the little spikes in read that say whether a virtual page was sitting on two physical pages.
This seems pretty complicated, but it seems like using multiple hits to get timings and then try to rowhammer them would put the data into the L4 cache of a Broadwell-c, which may have different outcomes when it is read in conjunction with data from regular ram, or evicted to regular ram partially through the process. I.E. corrupted nonsense vs a successful hack.
Attached Thumbnails
Click image for larger version

Name:	Screenshot (183).jpg
Views:	12
Size:	343.3 KB
ID:	257342  


L5
(19 items)
Lea2
(12 items)
L7
(11 items)
CPU
5950hq
Motherboard
z97 Classified
GPU
Aorus 1080ti Waterforce
GPU
Aorus 1080ti Waterforce
RAM
16 G Gskill Trident @ 2400,cas10,1.575v
RAM
16 G Team Extreme @ 2400,cas10,1.575v
Hard Drive
2xSamsung 840 EVO 250G
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear
Audio
SoundbasterX AE-5
Other
Megatron
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Asus 780ti DC2OC
GPU
Asus 780ti DC2OC
RAM
8Gb patriot 1600mhz
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
16GB 1600 generic
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
50" samsung plasma 720p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is online now  
post #16 of 55 (permalink) Old 03-05-2019, 02:11 PM - Thread Starter
New to Overclock.net
 
Join Date: Mar 2012
Posts: 1,698
Rep: 202 (Unique: 91)
Quote: Originally Posted by bigjdubb View Post
All of this stuff is way over my head. Is it just luck that AMD has been dodging these security bullets or do they have a better understanding of security holes than Intel?
I don't think so. Intel was very aware of them and implemented a faulty speculative execution method to improve performance.

#EnthusiastLivesMatter
Imouto is offline  
post #17 of 55 (permalink) Old 03-05-2019, 04:25 PM
Overclocker in training
 
ThrashZone's Avatar
 
Join Date: Apr 2017
Posts: 5,605
Rep: 39 (Unique: 31)
Hi,
The gift that keeps on giving
Indeed where are our performance refunds Intel

Vaper
(4 items)
CPU
i9-7900x With evo and koolance vrm water blocks
Motherboard
ASUS x299 TUF Mark 2
GPU
Titan Xp with copper Water Block
RAM
Trident Z 3600C16 4x8gb's
Hard Drive
Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Optical Drive
LG Blu-Ray WH16NS40
Power Supply
evga 1200P2
Cooling
2-280GTX Black Ice Nemesis rads with D5 pump-res combo and D5 top before and after rads.
Case
corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 pro & 10 pro Win-7 Primary os.
Monitor
ASUS VG248QE 24" 144Hz
Keyboard
Logitech G910 Orion spectrum
Mouse
redragon
CPU
i7-5930k with evo and koolance vrm water blocks
Motherboard
X99 Sabertooth
GPU
EVGA 1080ti FTW3 with Water block
RAM
Trident-Z 3200C14 4x8gb's
Hard Drive
Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Power Supply
EVGA 1000w P2
Cooling
2-240 GTX Black Ice Nemesis rads/ D5 pump-res combo and D5 top before and after rads.
Case
Corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 and 10 pro Win-7 Primary os.
Monitor
AOC G2460PG 24"G-Sync 144Hz
Mouse
Red Dragon
Hard Drive
eLeaf MELO-3 4ml
Power Supply
SE US18650VTC6 3120mAh 30A 3.6V 18650 Li-ion Battery - GREENx4
Case
SMOK Alien 220w
Operating System
VapeWild RazzleBerry 50-50-3mg
▲ hide details ▲
ThrashZone is offline  
post #18 of 55 (permalink) Old 03-05-2019, 05:36 PM
mfw
 
ToTheSun!'s Avatar
 
Join Date: Jul 2011
Location: Terra
Posts: 6,111
Rep: 360 (Unique: 189)
This is, again, pretty good marketing for the 3000's.
And it's cheap, too!

CPU
Intel 6700K
Motherboard
Asus Z170i
GPU
MSI 2080 Sea Hawk X
RAM
G.skill Trident Z 3200CL14 8+8
Hard Drive
Samsung 850 EVO 1TB
Hard Drive
Crucial M4 256GB
Power Supply
Corsair SF600
Cooling
Noctua NH C14S
Case
Fractal Design Core 500
Operating System
Windows 10 Education
Monitor
ViewSonic XG2703-GS
Keyboard
Cooler Master Quickfire TK
Mouse
Corepadded Logitech G703
Mousepad
Cooler Master MP510
Audio
Fiio E17K v1.0 + Beyerdynamic DT 1990 PRO (B pads)
▲ hide details ▲
ToTheSun! is online now  
post #19 of 55 (permalink) Old 03-05-2019, 06:03 PM
Waiting for 10 and 7nm
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 10,855
Rep: 865 (Unique: 492)
Maybe next Intel will come back with the original, in order architecture Atom cores, take out HT, just to make sure, clock them up to ~3-4 Ghz, and put, say, 6 of them next to the big "Core" cores on desktop CPUs and call them a security feature for home banking and general log-in purposes. As a bonus for lightweight browsing, media playback and older games, you can use these more power efficient cores alone and save the planet a bit. Great PR for Intel right there.

Is your CPU bottlenecking your GPU ? Find out: CPU and GPU usage along with FPS in-game
Read my reviews here.
Clubs (founder): The rare / unusual CPU club
Clubs (member): Corsair Professional HX / AX Series PSU Owners Club || The Official Cooler Master HAF X/932/922/912(+) Club
CPU
Core i7-3820
Motherboard
Asus Sabertooth X79
GPU
MSI GTX 1060 6 GB Gaming X
RAM
16 GB Corsair DDR3 1866 Mhz Dominator
Hard Drive
Samsung SSD 830 128GB + WD Caviar Black 2TB
Optical Drive
Sony Optiarc DVD-RW
Power Supply
Corsair AX750 Professional Modular 80 Plus Gold
Cooling
Corsair A70 + Noiseblocker M12-P
Case
Cooler Master HAF 912 Plus
Operating System
Windows 7 Home Premium 64-bit
Monitor
BenQ RL2455HM
Keyboard
Cooler Master Octane
Mouse
Cooler Master Octane
▲ hide details ▲


tpi2007 is offline  
post #20 of 55 (permalink) Old 03-05-2019, 06:11 PM
New to Overclock.net
 
guttheslayer's Avatar
 
Join Date: Apr 2015
Posts: 3,537
Rep: 108 (Unique: 63)
Quote: Originally Posted by tpi2007 View Post
Maybe next Intel will come back with the original, in order architecture Atom cores, take out HT, just to make sure, clock them up to ~3-4 Ghz, and put, say, 6 of them next to the big "Core" cores on desktop CPUs and call them a security feature for home banking and general log-in purposes. As a bonus for lightweight browsing, media playback and older games, you can use these more power efficient cores alone and save the planet a bit. Great PR for Intel right there.
There is a video that predict Intel will crush AMD Zen 2 in their next gen CPU.

Basically Sunny Cove is just Core architecture revamp, but that alone will not crush AMD, it is the move to 3D stacking CPU chips that consist of a big core, stack on top 4 smaller cores with very low latency huge cache, and combined with new core architure.


But then again who will buy the expensive Intel with all their security loophole? lol.

guttheslayer is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off