[TC] [Updated] New secret-spilling flaw affects almost every Intel chip since 2011 - Page 9 - Overclock.net - An Overclocking Community

Forum Jump: 

[TC] [Updated] New secret-spilling flaw affects almost every Intel chip since 2011

Reply
 
Thread Tools
post #81 of 151 (permalink) Old 05-18-2019, 09:25 AM
New to Overclock.net
 
doritos93's Avatar
 
Join Date: Oct 2009
Location: Montreal
Posts: 2,309
Rep: 119 (Unique: 84)
Quote: Originally Posted by rluker5 View Post
They also say that if you have a trusted userspace (if you don't, this vulnerability is probably an inconsequential problem) and have either trusted guests over virtualization, or aren't running vm's, "then the mitigation can be disabled." Where's my windows option for that?

So why would a home user with no vm's running need to have performance degraded by mitigations and/or disabling hyperthreading? They should make sure their userspace isn't infected first. Sucking up all of the air in the room with this overhyped stuff is counterproductive to that.

It does look bad for servers running public vm's on hyperthreaded Intel chips though.
They said the same things about Metldown and Spectre yet today there are plenty malware using these exploits

This time there are working POC only a couple days after disclosure.

Why did Google turn off hyperthreading in Chrome OS until it's patched if this is such a non issue for home users?



doritos93 is offline  
Sponsored Links
Advertisement
 
post #82 of 151 (permalink) Old 05-18-2019, 09:36 AM
New to Overclock.net
 
doritos93's Avatar
 
Join Date: Oct 2009
Location: Montreal
Posts: 2,309
Rep: 119 (Unique: 84)
https://www.guru3d.com/news-story/ne...-gen-cpus.html
To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.

https://www.tomshardware.com/news/in...ack,39333.html
Intel has also been publicly reluctant to agree with the disabling of HT when others have called for it with the discovery of some previous CPU flaws, but in its paper, the company stated that disabling HT altogether may be warranted as protection against MDS attacks.

If all this is true, pretty serious

I can already hear Dr Su hyping up the fact that Zen2 is immune if it is



doritos93 is offline  
post #83 of 151 (permalink) Old 05-18-2019, 10:29 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,729
Rep: 44 (Unique: 35)
Quote: Originally Posted by doritos93 View Post
https://www.guru3d.com/news-story/ne...-gen-cpus.html
To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.

https://www.tomshardware.com/news/in...ack,39333.html
Intel has also been publicly reluctant to agree with the disabling of HT when others have called for it with the discovery of some previous CPU flaws, but in its paper, the company stated that disabling HT altogether may be warranted as protection against MDS attacks.

If all this is true, pretty serious

I can already hear Dr Su hyping up the fact that Zen2 is immune if it is
That Guru3d author's interpretation you quoted seems to be in direct conflict with the researcher who helped discover it (he is quoted in the op link). I wonder where he got his information. You make it sound like Intel cpus are sharing their cache and microarch data over the internet all of the time whenever asked. I think you have to access that from the same cpu core on the other hyperthread. Without that access, there is no hyperthread side channel. Doesn't sound like a couple lines of hidden script could manage that.

L5
(17 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
8 Gb Gskill Trident @ 2400,cas10,1.575v
Hard Drive
1Tb Team ssd
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, HE4xx, DT990pro w b.boost earpads
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
8Gb 1600 samsung
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
Sponsored Links
Advertisement
 
post #84 of 151 (permalink) Old 05-18-2019, 10:32 AM
New to Overclock.net
 
Hwgeek's Avatar
 
Join Date: Apr 2017
Posts: 570
Rep: 14 (Unique: 12)
The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS
https://www.phoronix.com/scan.php?pa...load-mit&num=1
Hwgeek is offline  
post #85 of 151 (permalink) Old 05-18-2019, 10:40 AM
 
The Robot's Avatar
 
Join Date: Mar 2013
Posts: 2,311
Rep: 129 (Unique: 81)
Quote: Originally Posted by doritos93 View Post
https://www.guru3d.com/news-story/ne...-gen-cpus.html
To be able to exploit the vulnerability, no more is needed than hiding a few lines of malicious code on for example a website. A visitor that opens this site open, it will leak information.
Is there any website where I can test this? Sounds like the usual JS exploit that can be easily patched in browser like before with Spectre/MD.
I still doubt that all the performance nerfs are really needed for average Joe home users.

Main
(17 items)
Nintendo DS
(8 items)
CPU
6700K
Motherboard
Gigabyte Z170X-Gaming 3
GPU
MSI GTX 1080 Gaming X
RAM
G.Skill Ripjaws V 16GB 3000
Hard Drive
Samsung 850 Evo 500GB
Hard Drive
WD Blue 3TB
Power Supply
EVGA 650 G2
Cooling
Noctua NH-D15S
Cooling
Nanoxia Deep Silence 140mm
Cooling
Nanoxia Deep Silence 120mm
Case
Corsair 400Q
Operating System
Windows 10 Enterprise
Monitor
ViewSonic XG2703-GS 1440p
Keyboard
Leopold FC750 (MX Brown)
Mouse
Logitech Performance Mouse MX
Audio
Mayflower Objective2 + ODAC Rev. B Combo
Audio
Audio-Technica ATH-A990Z
CPU
ARM946E-S 67.028 MHz
CPU
ARM7TDMI 33.514 MHz
RAM
4 MB
Hard Drive
256 kB
Power Supply
850 mAh
Operating System
DS OS
Monitor
3" 256×192 18-bit
Monitor
3" 256×192 18-bit
▲ hide details ▲

Last edited by The Robot; 05-18-2019 at 11:19 AM.
The Robot is offline  
post #86 of 151 (permalink) Old 05-18-2019, 10:43 AM
Spaghetti
 
Buris's Avatar
 
Join Date: May 2010
Location: Earth
Posts: 1,025
Rep: 42 (Unique: 34)
Quote: Originally Posted by Alex132 View Post
I can't wait for this thread to turn into a bunch of people who think that they are smarter than the engineers at Intel
To be fair, intel fired 80% of their engineers a few years back.

MARS
(18 items)
CPU
Ryzen 9 3900x
Motherboard
Gigabyte X570 Aorus Master
GPU
EVGA 1080 Ti FTW3
RAM
G-Skill Sniper
Hard Drive
WD EMAZ001
Hard Drive
WD Black SN750
Power Supply
EVGA G3
Cooling
Noctua U12A
Case
NZXT H500
Operating System
Microsoft Windows 10
Operating System
Pop! OS
Monitor
BenQ XL2730z
Keyboard
Aukey Mechanical
Mouse
Mionix Castor
Mousepad
Aukey
Audio
PreSonus Eris E3.5
Audio
SennHeiser 598
Audio
Blue Yeti
▲ hide details ▲
Buris is offline  
post #87 of 151 (permalink) Old 05-18-2019, 11:40 AM
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 1,971
Rep: 223 (Unique: 105)

Best explanation I've seen so far.

#EnthusiastLivesMatter
Imouto is offline  
post #88 of 151 (permalink) Old 05-18-2019, 11:42 AM
Not a linux lobbyist
 
rluker5's Avatar
 
Join Date: Feb 2014
Location: Wisconsin
Posts: 1,729
Rep: 44 (Unique: 35)
Quote: Originally Posted by doritos93 View Post
They said the same things about Metldown and Spectre yet today there are plenty malware using these exploits

This time there are working POC only a couple days after disclosure.

Why did Google turn off hyperthreading in Chrome OS until it's patched if this is such a non issue for home users?
I've only heard that Fortinet only found proof of concept test code and no verified nefarious malware per: https://www.techrepublic.com/article...ns-of-malware/

Maybe you have a more recent source since this one is old and Bing isn't giving me any better.

And Chrome OS uses hyperthreaded processors?

L5
(17 items)
Lea2
(11 items)
L7
(11 items)
CPU
5775c
Motherboard
Maximus VII Hero
GPU
Aorus 1080ti Waterforce
RAM
16 Gb Gskill Trident @ 2400,cas10,1.575v
RAM
8 Gb Gskill Trident @ 2400,cas10,1.575v
Hard Drive
1Tb Team ssd
Hard Drive
seagate barracuda 3T
Hard Drive
Optane 900p 480G OS
Optical Drive
Asus BW-16D1HT
Power Supply
EVGA Supernova 1300 G2
Cooling
Cooler Master MasterLiquid Pro 120 (cpu)
Cooling
2 140mm case fans, 2 120mm
Case
Fractal Design R4 (no window)
Operating System
W10 64 pro
Monitor
panasonic TC-58AX800U
Audio
Focal Elear, Nova 40, 598se, HE4xx, DT990pro w b.boost earpads
Audio
SoundbasterX AE-5, onboard
CPU
4770k
Motherboard
Asus Z87 Deluxe
GPU
Fury Nitro
RAM
8Gb klevv urbane 2133
Hard Drive
ROG Raidr 240Gb pcie
Hard Drive
1Tb WD blue
Power Supply
Pc Power&Cooling silencer Mk2 950w
Cooling
Deepcool Lucifer V2
Case
DIYPC P48-W
Operating System
W10 64 pro
Monitor
40"tv
CPU
4980hq
Motherboard
Asus H81T/CSM
RAM
8Gb 1600 samsung
Hard Drive
Samsung 850 evo 120gb
Power Supply
Skyvast 90w brick for hp pavilion something
Cooling
SilverStone Tek Super Slim
Case
SilverStone Tek PT13B
Operating System
W10 64 pro
Monitor
24" samsung 1080p
Keyboard
Logitech K400+
Other
Intel wifi ac card and noname antennas
▲ hide details ▲
rluker5 is offline  
post #89 of 151 (permalink) Old 05-18-2019, 01:35 PM
New to Overclock.net
 
1Kaz's Avatar
 
Join Date: Feb 2013
Posts: 279
Rep: 9 (Unique: 9)
Intel's microcode Revision guidance (may 14, 2019), doesn't list the i7-4790K. Is this processor not vulnerable?
1Kaz is offline  
post #90 of 151 (permalink) Old 05-18-2019, 05:18 PM
Kill Confirmed
 
speed_demon's Avatar
 
Join Date: Nov 2006
Posts: 1,395
Rep: 78 (Unique: 65)
Quote: Originally Posted by rluker5 View Post
And Chrome OS uses hyperthreaded processors?
Yep my old Samsung Chromebook Pro had the mobile i3 with 2 cores & 4 threads. Before it had just enough power to be useful but after HT is disabled it's slooow.


speed_demon is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off