Overclock.net - An Overclocking Community

Overclock.net - An Overclocking Community (https://www.overclock.net/forum/)
-   Hardware News (https://www.overclock.net/forum/225-hardware-news/)
-   -   [TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture (https://www.overclock.net/forum/225-hardware-news/1743498-th-new-amd-side-channel-attacks-discovered-impacts-zen-architecture.html)

Talon2016 03-07-2020 12:37 AM

[TH] New AMD Side Channel Attacks Discovered, Impacts Zen Architecture
 
Quote:

A new paper released by the Graz University of Technology details two new "Take A Way" attacks, Collide+Probe and Load+Reload, that can leak secret data from AMD processors by manipulating the L1D cache predictor. The researchers claim that the vulnerability impacts all AMD processors from 2011 to 2019, meaning that the Zen microarchitecture is also impacted.

https://www.tomshardware.com/news/ne...n-architecture

boot318 03-07-2020 12:43 AM

Intel's billions finally found something on AMD.

Quote:

"Additional funding was provided by generous gifts from Intel. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the funding parties."

"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

epic1337 03-07-2020 01:06 AM

Quote:

Originally Posted by boot318 (Post 28357864)
"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

both plus the website who uses a compromised javascript.
  • the platform that has a security exploit
  • the application that allows such exploit to run
  • the host of the exploit
sadly one of the main source of such exploits (ads) can have such an exploit running without the host site being aware of it, i wonder if the website owner can sue the ads provider for the damages done.

Darren9 03-07-2020 01:58 AM

I got this feeling that AMD micro-code updates to fix exploits won't be quite as smooth experience for everyone as it was with Intel, we'll see though :)

umeng2002 03-07-2020 05:23 AM

Time for everyone to sell their AMD CPU and get Intel... oh wait...

rluker5 03-07-2020 05:50 AM

I wonder if the researchers also needed local administrative access and privileges to install and run malware on the target computer like with getting all of the Intel vulnerabilities to work minus Meltdown, or if it can be done solely with remote unprivileged interaction. That would make a difference if you had to run noscript to be secure. But at least that option already exists if you want to have an instant fix while dealing with your bank related information online.

bonami2 03-07-2020 06:59 AM

What.... JAVA has being know to be easy to implement malware and stuff in there pluggin for like 15 years. Time to stop using it...

rluker5 03-07-2020 07:29 AM

Quote:

Originally Posted by bonami2 (Post 28358026)
What.... JAVA has being know to be easy to implement malware and stuff in there pluggin for like 15 years. Time to stop using it...

Java =/= JavaScript. They do sound similar though.

WannaBeOCer 03-07-2020 07:36 AM

399 Attachment(s)
Not shocking, as AMD's market share increases the more researchers will test AMD's hardware. It was just a matter of time.

Quote:

This has, of course, generated plenty of attention, but it is noteworthy that the study's Intel-funded co-authors have also disclosed Intel vulnerabilities in the past (10 on Intel, including Spectre, Meltdown, and Zombieload, three on ARM, two on AMD, and one on IBM). The lead researcher also responded on Twitter, disclosing that Intel funds some of its students and the university fully discloses the sources of its funding. He also noted that Intel doesn't restrict the universities' academic freedom and independence, and that Intel has funded the program for two years.

Intel has disclosed, as recently as two weeks ago, that it funds research into product security and also awards prizes to researchers for finding holes in its architectures (Intel Bug Bounty program PDF), so this doesn't appear to be a case of Intel directly funding research against its competitor. The paper also engages in responsible disclosure of its funding sources, which makes any nefarious intent questionable. To cover the bases, we've also reached out to Intel for comment on the matter. According to the paper, Intel has already patched a similar vulnerability in its processors.

Schmuckley 03-07-2020 08:12 AM

Ask me how much I care? Seriously. This is like that "Oh noees, there's an exploit in GeForce Experience" thread.

Show me an actual instance of the exploit working.

Pah! Tom'sHardware? Javascript in browsers? Well uh-duh!

This has been going on for 20 years, seriously.

Use Netscape Navigator, problem solved!

Or NoScript.

This is not a CPU exploit..not at all.

I wonder how much Intel bribed Tom's to print that load of hot bovine excrement.

This is a total waste of internet. FUD at its epitome.

When that Intel-sponsored school can hack my box and actually do something after I give them my ip, then there's something.

Schmuckley 03-07-2020 08:24 AM

Quote:

Originally Posted by boot318 (Post 28357864)
Intel's billions finally found something on AMD.




"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

Sounds like javascript problem. NoScript fixes it.

Seriously, malicious javascript sites have been going up since just before 2000.

WannaBeOCer 03-07-2020 08:24 AM

Quote:

Originally Posted by Schmuckley (Post 28358072)
Ask me how much I care? Seriously. This is like that "Oh noees, there's an exploit in GeForce Experience" thread.

Show me an actual instance of the exploit working.

Pah! Tom'sHardware? Javascript in browsers? Well uh-duh!

This has been going on for 20 years, seriously.

Use Netscape Navigator, problem solved!

Or NoScript.

This is not a CPU exploit..not at all.

I wonder how much Intel bribed Tom's to print that load of hot bovine excrement.

It's a cache attack that can be exploited using JavaScript via a web browser. We'll see how quickly AMD addresses it.

You can read about it here: https://mlq.me/download/takeaway.pdf

Schmuckley 03-07-2020 08:25 AM

Quote:

Originally Posted by WannaBeOCer (Post 28358088)
It's a cache attack that can be exploited using JavaScript via a web browser. We'll see how quickly AMD addresses it.

You can read about it here: https://mlq.me/download/takeaway.pdf

How do they get the IP to do that? NoScript stops all that, problem solved.

Bro, in 1998, the people I knew were the ones making the javascript upload clone sites, k?

Copy site, add javascript addition, find host and mimic orig site. This is NOT news.
Also it works on everything, even MACs :o

This isn't just some AMD-specific exploit, it's a javascript thing.

WannaBeOCer 03-07-2020 08:38 AM

399 Attachment(s)
Quote:

Originally Posted by Schmuckley (Post 28358092)
How do they get the IP to do that? NoScript stops all that, problem solved.

Bro, in 1998, the people I knew were the ones making the javascript upload clone sites, k?

Copy site, add javascript addition, find host and mimic orig site. This is NOT news.
Also it works on everything, even MACs [IMG class=inlineimg]/forum/images/smilies/redface.gif[/IMG]

This isn't just some AMD-specific exploit, it's a javascript thing.

It's an AMD cache exploit, the news is right in front of you. Just takes a minute to read. Something I noticed people stopped doing on this site.

Quote:

To optimize the energy consumption and performance of their
CPUs, AMD introduced a way predictor for the L1-data (L1D) cache
to predict in which cache way a certain address is located. Conse-
quently, only this way is accessed, significantly reducing the power
consumption of the processor.

In this paper, we are the first to exploit the cache way predic-
tor. We reverse-engineered AMD’s L1D cache way predictor in
microarchitectures from 2011 to 2019, resulting in two new attack
techniques. With Collide+Probe, an attacker can monitor a vic-
tim’s memory accesses without knowledge of physical addresses
or shared memory when time-sharing a logical core. With Load+
Reload, we exploit the way predictor to obtain highly-accurate
memory-access traces of victims on the same physical core. While
Load+Reload relies on shared memory, it does not invalidate the
cache line, allowing stealthier attacks that do not induce any last-
level-cache evictions.

We evaluate our new side channel in different attack scenarios.
We demonstrate a covert channel with up to 588.9 kB/s, which we
also use in a Spectre attack to exfiltrate secret data from the kernel. Furthermore, we present a key-recovery attack from a vulnerable cryptographic implementation. We also show an entropy-reducing attack on ASLR of the kernel of a fully patched Linux system, the hypervisor, and our own address space from JavaScript. Finally, we propose countermeasures in software and hardware mitigating the presented attacks.

Asmodian 03-07-2020 08:45 AM

Quote:

Originally Posted by Schmuckley (Post 28358092)
This isn't just some AMD-specific exploit, it's a javascript thing.

No. The researchers implemented a proof of concept in javascript but it is an issue with AMD's L1D cache predictor. This is a side channel attack similar to many of the recent Intel ones. Why you assume it is at all similar to making javascript malware infected clone sites in 1998 I have no idea. You seem to have just seen the word "javascript" and failed to read any further.

skupples 03-07-2020 08:45 AM

dude says just use netscape. :D :D :D

rluker5 03-07-2020 09:06 AM

1 Attachment(s)
Problem solved!

ToTheSun! 03-07-2020 09:12 AM

Quote:

Originally Posted by Darren9 (Post 28357884)
I got this feeling that AMD micro-code updates to fix exploits won't be quite as smooth experience for everyone as it was with Intel, we'll see though :)

And you say that based on what?

Diffident 03-07-2020 10:16 AM

1 Attachment(s)
Quote:

Originally Posted by rluker5 (Post 28358148)
Problem solved!


Amateur. You should use w3m. :p


Attachment 331258

m4fox90 03-07-2020 11:49 AM

Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?

WannaBeOCer 03-07-2020 12:13 PM

Quote:

Originally Posted by m4fox90 (Post 28358364)
Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?

They're paying researchers to learn from their competition. The same researchers who discovered this are the same who discovered 10 flaws on Intel, including Spectre, Meltdown, and Zombieload.

rdr09 03-07-2020 12:53 PM

So it is now about 20 vulnerabilities for amd and 200 for intel.

VaiFanatic 03-07-2020 03:01 PM

It might be time to go back to pen and paper, and a slide-rule.

Hwgeek 03-07-2020 10:28 PM

Quote:

Take A Way
Take A Way
3/7/20

We are aware of a new white paper that claims potential security exploits in AMD CPUs, whereby a malicious actor could manipulate a cache-related feature to potentially transmit user data in an unintended way. The researchers then pair this data path with known and mitigated software or speculative execution side channel vulnerabilities. AMD believes these are not new speculation-based attacks.

AMD continues to recommend the following best practices to help mitigate against side-channel issues:

*Keeping your operating system up-to-date by operating at the latest version revisions of platform software and firmware, which include existing mitigations for speculation-based vulnerabilities
*Following secure coding methodologies
*Implementing the latest patched versions of critical libraries, including those susceptible to side channel attacks
*Utilizing safe computer practices and running antivirus software

https://www.amd.com/en/corporate/product-security

mothergoose729 03-07-2020 10:29 PM

Quote:

Originally Posted by Schmuckley (Post 28358086)
Sounds like javascript problem. NoScript fixes it.

Seriously, malicious javascript sites have been going up since just before 2000.

Javascript is just one example of an attack vector. It is a problem in the L1D cache prediction. Literally any kind of code is capable of exploiting it.

WannaBeOCer 03-07-2020 11:38 PM

407 Attachment(s)
This vulernability isn't severe, in the white paper they mention Intel had a similar vulernability and they were able to patch it with a microcode update.

Quote:

it is already necessary to invalidate branch predictors upon context switches [17]. As invalidating predictors and the L1D cache on Intel has been implemented through CPU microcode updates, introducing an MSR to invalidate the way predictor might be possible on AMD as well.
https://mobile.twitter.com/gnyueh/st...78639483527168

Omega X 03-07-2020 11:42 PM

AMD says this is nothing new and requires Spectre exploit to work.
https://www.amd.com/en/corporate/product-security

WannaBeOCer 03-07-2020 11:54 PM

407 Attachment(s)
Quote:

Originally Posted by Omega X (Post 28358956)
AMD says this is nothing new and requires Spectre exploit to work.
https://www.amd.com/en/corporate/product-security

All AMD stated was that these might not be new speculation vulnerabilities. The researchers explained in section 5 how they can exploit it.

AMD is stating they're already aware and still working on it.

Schmuckley 03-08-2020 12:21 AM

I'm stating I'll give these poofters my IP and they're free to try to exploit the CPU vulnerabilities.

Let's see what they've got!


My money sez not a damn thing!

TH is FUD as usual.

TH charts. :lachen:

Liranan 03-08-2020 01:33 AM

How is Linux affected by this? Is it as easy to exploit this cache on a server as it is on a desktop and can a compromised client allow access to a server?

treetops422 03-08-2020 05:30 AM

Quote:

Originally Posted by boot318 (Post 28357864)
Intel's billions finally found something on AMD.




"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

Java has always been a vulnerability. No I'm not an expert, just a 20 year+ common PC user. But good to know.

Damage Inc 03-08-2020 06:44 AM

Quote:

Originally Posted by boot318 (Post 28357864)
Intel's billions finally found something on AMD.




"The researchers were able to exploit the vulnerability via JavaScript run on Chrome and Firefox browsers."

Is this a AMD problem or browser problem?

Ah yes, Intel's fault. Should've thrown nVidia into the mix while you were at it.

WannaBeOCer 03-08-2020 08:16 AM

407 Attachment(s)
Quote:

Originally Posted by Liranan (Post 28359044)
How is Linux affected by this? Is it as easy to exploit this cache on a server as it is on a desktop and can a compromised client allow access to a server?

The white paper states they used a fully patched Linux system using the chips below. All they were able to get were a bit of metadata.

Bulldozer and newer are affected.



Quote:

Since the AMD Bulldozer microarchitecture, AMD uses a way pre-
dictor in the L1 data cache.

Lab AMD Athlon 64 X2 3800+ K8 1
Lab AMD Turion II Neo N40L K10 1
Lab AMD Phenom II X6 1055T K10 1
Lab AMD E-450 Bobcat 1
Lab AMD Athlon 5350 Jaguar 1
Lab AMD FX-4100 Bulldozer 1
Lab AMD FX-8350 Piledriver 1
Lab AMD A10-7870K Steamroller 1
Lab AMD Ryzen Threadripper 1920X Zen 35
Lab AMD Ryzen Threadripper 1950X Zen 34
Lab AMD Ryzen Threadripper 1700X Zen 34
Lab AMD Ryzen Threadripper 2970WX Zen+ 30
Lab AMD Ryzen 7 3700X Zen 2 36
Cloud AMD EPYC 7401p Zen 20
Cloud AMD EPYC 7571 Zen 22

JackCY 03-08-2020 04:27 PM

Quote:

Originally Posted by m4fox90 (Post 28358364)
Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?

Because that's how it goes, most people would not want to spend years digging into black boxes and feed their families with what? Unlike human security that is backed by governments, technical security is not backed by anyone but competing corporations trying to find dirt on each other and Intel has been at this for a long time now and often fabricating stuff out of thin air to crate slander. Security research companies created and funded by Intel only to show up out of the blue and present a new AMD CPU flaw. Maybe now they don't create a new company but fund an existing one, not much of a difference in operation, they are partial/biased which for a market where 1 party holds majority of market and funds is a real problem.

Obviously we are likely to see a lot of dirt being attempted to be dug out on AMD by Intel funded groups. Did AMD fund many groups to dug out dirt on Intel? Maybe but unlikely especially considering some of the issues for Intel were known since early 90s where Intel dismissed them as "academic" yet decades later they were proven on their hardware as practically achievable and ignored again where key Intel employees start dumping Intel stock and whole company panicking as more and more and more and more flaws are being published and their money unable to keep under the lid anymore as they run out of deadlines that were given to them to fix the problems.

Will see how this flaws war plays out after a decade.

skupples 03-08-2020 08:04 PM

Quote:

Originally Posted by Schmuckley (Post 28358920)
Ofc you have an example, amirite?

This ain't no Sub7, bubba.


netscape & sub7.

errr mrrrr grrrrrdd

are we gonna be theorizing about what caused the y2k(1/1/2000 @12:00 - lots of cali neighborhoods went dark. mine included) rolling brownouts in cali next>?!

ryan92084 03-09-2020 05:10 AM

Thread cleaned, stay on topic. Save your personal shenanigans for you diary.

Cidious 03-09-2020 05:53 AM

Quote:

Originally Posted by Darren9 (Post 28357884)
I got this feeling that AMD micro-code updates to fix exploits won't be quite as smooth experience for everyone as it was with Intel, we'll see though :)

Intel microcode updates with Intel smooth? don't make me laugh... nerfing the **** out the performance with those updates is smooth today? ok. New standards...

KyadCK 03-09-2020 05:57 AM

Quote:

Originally Posted by m4fox90 (Post 28358364)
Why is it that every security "flaw" in AMD processors is discovered by people being paid by Intel?

Because Intel doesn't want AMD to feel left out of the news.

Quote:

Originally Posted by Liranan (Post 28359044)
How is Linux affected by this? Is it as easy to exploit this cache on a server as it is on a desktop and can a compromised client allow access to a server?

Depends I suppose.

Do you;
  • Run VMs that others can access on your server?
  • Allow others on the network that have local admin on their PCs access to your server?
  • Disable your firewall on the server?
  • Go to a significant number of websites on your server?

Code has to run on the box, somehow. For most people that means injecting the code into a website or ad provider, the #1 way to get a PC to run foreign code, which is why the example is JavaScript. If you do not go to websites and your firewall is set up properly, then they will need a different attack vector, such as through whatever applications you are hosting.

I would expect if this is just a Linux file server or something, that it would be quite hard to get it to run code for this, even more so if you are not an active target and your external firewall does not allow access to the server (aka, no port forwarding).

Quote:

Originally Posted by treetops422 (Post 28359124)
Java has always been a vulnerability. No I'm not an expert, just a 20 year+ common PC user. But good to know.

JavaScript is not Java, but yes, JavaScript has also always been a vulnerability point.

Schmuckley 03-09-2020 06:41 AM

The potential for someone using this alleged exploit on people with an average OS and firewall is very minimal.

Running NoScript reduces the chances even further.

miklkit 03-09-2020 09:02 AM

Quote:

Originally Posted by Cidious (Post 28360500)
Intel microcode updates with Intel smooth? don't make me laugh... nerfing the **** out the performance with those updates is smooth today? ok. New standards...


Ya, those intel fixes nerfed my all AMD rig too.Frame rates in the same games went from 60 to 20 to 40 to 15 to 90 while all that was going on.It was about as smooth as the Himalayas.

WannaBeOCer 03-09-2020 09:10 AM

Quote:

Originally Posted by miklkit (Post 28360700)
Quote:

Originally Posted by Cidious (Post 28360500)
Intel microcode updates with Intel smooth? don't make me laugh... nerfing the **** out the performance with those updates is smooth today? ok. New standards...


Ya, those intel fixes nerfed my all AMD rig too.Frame rates in the same games went from 60 to 20 to 40 to 15 to 90 while all that was going on.It was about as smooth as the Himalayas.

Performance has gone up with later microcode updates. To address the large performance hit with the meltdown patches. I update my own using UBU since motherboard manufacturers are slow. Currently DA is the latest for CoffeeLake.

All CPUs affected by Spectre v1 were hit with some sort of performance penalty.

Liranan 03-09-2020 10:30 AM

Quote:

Originally Posted by KyadCK (Post 28360504)
Because Intel doesn't want AMD to feel left out of the news.



Depends I suppose.

Do you;
  • Run VMs that others can access on your server?
  • Allow others on the network that have local admin on their PCs access to your server?
  • Disable your firewall on the server?
  • Go to a significant number of websites on your server?

Code has to run on the box, somehow. For most people that means injecting the code into a website or ad provider, the #1 way to get a PC to run foreign code, which is why the example is JavaScript. If you do not go to websites and your firewall is set up properly, then they will need a different attack vector, such as through whatever applications you are hosting.

I would expect if this is just a Linux file server or something, that it would be quite hard to get it to run code for this, even more so if you are not an active target and your external firewall does not allow access to the server (aka, no port forwarding).



JavaScript is not Java, but yes, JavaScript has also always been a vulnerability point.

I am not worried about my own file server as it runs Linux (fully updated Mint 18.3) and Plex in a VM (the VM is several years old).

I am worried about this exploit being used to hack mainframes and critical servers through an infected client. My home server is everything but critical and not what I'm talking about.

Bossie 03-09-2020 11:41 AM

If you dig hard enough,you will just get more dirt..

That's just how the world works.What's your backs...someone might stab you one day.Why? Because somewhere along the line you hurt him.
Yes ...to be a fanboy is kind of stupid.Yes we all have our favorite brands..
But if a product of company A is better than company B...just give A the credit it deserve.A place in the sun,even if it's only for a day...

Greetings
N.S. Be anti-fanboy...

umeng2002 03-09-2020 11:56 AM

So this is an exploit that requires another exploit to work?

Schmuckley 03-09-2020 11:58 AM

Quote:

Originally Posted by umeng2002 (Post 28360896)
So this is an exploit that requires another exploit to work?

If they can get Admin access to your machine...

Seriously, at that point, what can't be done?


They have to get you to go to a loaded website and run the javascript...

A lot of people don't use NoScript, so theoretically it could happen...

WannaBeOCer 03-09-2020 12:49 PM

Interesting, the article was updated and AMD believes they've already mitigated it.

Quote:

AMD responded for our request for more information and says there are no new mitigations required, as this issue is covered by the existing side channel attack mitigations.

The researchers do not agree, stating that this vulnerability is still active. Until the two sides agree it isn't possible to ascertain which viewpoint is more accurate. We'll update as necessary and keep an eye out for a CVE.

KyadCK 03-09-2020 01:46 PM

Quote:

Originally Posted by Liranan (Post 28360780)
I am not worried about my own file server as it runs Linux (fully updated Mint 18.3) and Plex in a VM (the VM is several years old).

I am worried about this exploit being used to hack mainframes and critical servers through an infected client. My home server is everything but critical and not what I'm talking about.

Well, again, for this to happen the computer needs to run the infected code, which means the code needs to get on the box somehow. The same principles apply whether its your file server of a mainframe.

If your desktop is infected and they managed to get access to an account that can connect to, copy to, and run whatever they copy on the server, then in theory yes. Like Spectre, this can "break out" of user limits. This is no different from any other security issue that can bypass admin requirements on a box.

Run updates when available and figure out the actual risk; in this case it would be pretty small, as the main target for this is VM hosting datacenters.

Quote:

Originally Posted by Schmuckley (Post 28360898)
If they can get Admin access to your machine...

Seriously, at that point, what can't be done?


They have to get you to go to a loaded website and run the javascript...

A lot of people don't use NoScript, so theoretically it could happen...

If you 24/7 an account with admin access, then whatever code that runs in a browser and is not caught by AV is in admin mode by default.

Yes NoScript would help prevent it by closing the main avenue of attack, yes the average user is not likely to be a target in the first place.

That said, they do not need admin for this attack to work. If you are not going to even read what the risk is or how it works, you should probably not spread propaganda.

Schmuckley 03-09-2020 05:04 PM

Quote:

Originally Posted by WannaBeOCer (Post 28360948)
Interesting, the article was updated and AMD believes they've already mitigated it.


Sounds like the "researchers" are fulla bull.

Schmuckley 03-09-2020 05:06 PM

Quote:

Originally Posted by KyadCK (Post 28360990)
Well, again, for this to happen the computer needs to run the infected code, which means the code needs to get on the box somehow. The same principles apply whether its your file server of a mainframe.

If your desktop is infected and they managed to get access to an account that can connect to, copy to, and run whatever they copy on the server, then in theory yes. Like Spectre, this can "break out" of user limits. This is no different from any other security issue that can bypass admin requirements on a box.

Run updates when available and figure out the actual risk; in this case it would be pretty small, as the main target for this is VM hosting datacenters.



If you 24/7 an account with admin access, then whatever code that runs in a browser and is not caught by AV is in admin mode by default.

Yes NoScript would help prevent it by closing the main avenue of attack, yes the average user is not likely to be a target in the first place.

That said, they do not need admin for this attack to work. If you are not going to even read what the risk is or how it works, you should probably not spread propaganda.

They do need one to let the javascript run though. The only propaganda being spread is by those alleged "researchers".

WannaBeOCer 03-09-2020 05:10 PM

Quote:

Originally Posted by Schmuckley (Post 28361234)
Sounds like the "researchers" are fulla bull.

I doubt it, these are the same researchers who identified Spectre, Meltdown, and Zombieload.

They already stated it's not severe:
https://mobile.twitter.com/lavados/s...ks%2F153516%2F

miklkit 03-10-2020 02:40 PM

Quote:

Originally Posted by WannaBeOCer (Post 28360710)
Performance has gone up with later microcode updates. To address the large performance hit with the meltdown patches. I update my own using UBU since motherboard manufacturers are slow. Currently DA is the latest for CoffeeLake.

All CPUs affected by Spectre v1 were hit with some sort of performance penalty.


It was very random and had to do with the intel fixes. Now that it has settled down CPU performance is back to where it was in December 2017 and GPU performance is the best it has ever been.

rdr09 03-12-2020 12:00 AM

Quote:

Originally Posted by WannaBeOCer (Post 28360710)
Performance has gone up with later microcode updates. To address the large performance hit with the meltdown patches. I update my own using UBU since motherboard manufacturers are slow. Currently DA is the latest for CoffeeLake.

All CPUs affected by Spectre v1 were hit with some sort of performance penalty.

The greatest performance hit to fully mitigate from the likes of Zombieload is disabling Hyper-threading. However, Cacheout that affects intel cpus, discovered earlier this year similar to this vulnerability bypasses other mitigations and does not have a permanent fix as of yet.

So, it seems no need to disable HT, since it won't help. Besides, intel just came all out with rehashes with Hyper-threading.

Their 10nm cannot come soon enuf.

Defoler 03-12-2020 01:49 AM

Quote:

Originally Posted by Schmuckley (Post 28361240)
They do need one to let the javascript run though. The only propaganda being spread is by those alleged "researchers".

Most people run their browser without javascript protection. Less than 2% of people have javascript disabled or run an addon that prevent it.

So this research, as much as you fan hate love to hate because they "attack" your favorate manufacturer, and considering you have zero credentials, this is a very viable attack.

But hey, a random guy on OCN discredited those "researches" because he is angry, so we will take his word for it over BSc degree researches who have experience and actually work in research.

Liranan 03-12-2020 05:02 AM

Quote:

Originally Posted by rdr09 (Post 28364328)
The greatest performance hit to fully mitigate from the likes of Zombieload is disabling Hyper-threading. However, Cacheout that affects intel cpus, discovered earlier this year similar to this vulnerability bypasses other mitigations and does not have a permanent fix as of yet.

So, it seems no need to disable HT, since it won't help. Besides, intel just came all out with rehashes with Hyper-threading.

Their 10nm cannot come soon enuf.

Intel's 10nm is terrible and worse than their 14nm++++++++++++++++++++++++++++++++++++++++++++++ +++ and it certainly doesn't contain any mitigations for this attack. Intel need an entirely new architecture and I bet they're working hard on something akin to AMD's chiplet.

WannaBeOCer 03-12-2020 07:38 AM

Quote:

Originally Posted by Liranan (Post 28364498)
Intel's 10nm is terrible and worse than their 14nm++++++++++++++++++++++++++++++++++++++++++++++ +++ and it certainly doesn't contain any mitigations for this attack. Intel need an entirely new architecture and I bet they're working hard on something akin to AMD's chiplet.

Do some research before posting. Ice Lake is 18% faster than Skylake and has hardware mitigations for CacheOut and Zombieload along with the latest LVI injection. The only downside to Ice lake is the core clock.

https://software.intel.com/security-...alue-injection

ku4eto 03-12-2020 07:41 AM

Quote:

Originally Posted by WannaBeOCer (Post 28364638)
Do some research before posting. Ice Lake is 18% faster than Skylake and has hardware mitigations for CacheOut and Zombieload along with the latest LVI injection. The only downside to Ice lake is the core clock.

https://software.intel.com/security-...alue-injection

And the wield on 10nm are what causes those low clocks (and low core count). IPC gains are there, but with 3Ghz dual cores, i do not think they are going to matter much.

bigjdubb 03-12-2020 07:59 AM

Quote:

Originally Posted by WannaBeOCer (Post 28364638)
Do some research before posting. Ice Lake is 18% faster than Skylake and has hardware mitigations for CacheOut and Zombieload along with the latest LVI injection. The only downside to Ice lake is the core clock.

https://software.intel.com/security-...alue-injection

It sounded almost like you were describing any one of my AMD processors. Mostly secure, good IPC improvements, the only downside is core clock.

WannaBeOCer 03-12-2020 08:04 AM

Quote:

Originally Posted by ku4eto (Post 28364642)
And the wield on 10nm are what causes those low clocks (and low core count). IPC gains are there, but with 3Ghz dual cores, i do not think they are going to matter much.

Pretty sure the upcoming Ice Lake based Xeon's are 2Ghz+ up to 38 cores.

rdr09 03-12-2020 08:12 AM

Quote:

Originally Posted by ku4eto (Post 28364642)
And the wield on 10nm are what causes those low clocks (and low core count). IPC gains are there, but with 3Ghz dual cores, i do not think they are going to matter much.

Me thinks the vulnerability that will beset intel's 10 nm is Corona.

They prolly take it home and work on it.:)

Liranan 03-12-2020 10:25 AM

Quote:

Originally Posted by WannaBeOCer (Post 28364638)
Do some research before posting. Ice Lake is 18% faster than Skylake and has hardware mitigations for CacheOut and Zombieload along with the latest LVI injection. The only downside to Ice lake is the core clock.

https://software.intel.com/security-...alue-injection

The problem with Netburst and Bulldozer was also clock speed, so, why don't you do some research into these throttling chips? Intel's 10nm is so bad it barely matches the previous gen and all we've had so far are mobile chips because yields are terrible and performance is awful.

WannaBeOCer 03-12-2020 10:36 AM

Quote:

Originally Posted by Liranan (Post 28364792)
The problem with Netburst and Bulldozer was also clock speed, so, why don't you do some research into these throttling chips? Intel's 10nm is so bad it barely matches the previous gen and all we've had so far are mobile chips because yields are terrible and performance is awful.

Bulldozer currently has the record for clock speed. The issue with Bulldozer were shared resources not clock speed. Again Intel's Ice Lake is as secure as AMD's Zen. We'll see more of Intel's 10nm Ice Lake's in a few months with their Xeon chips.

https://hwbot.org/benchmark/cpu_frequency/halloffame

https://www.anandtech.com/show/15213...intel-ice-lake

bigjdubb 03-12-2020 10:38 AM

I don't think the performance is awful, but it's not exactly a great improvement over the last gen parts. Very likely to stop feeling like flagship performance once we get the new mobile parts from AMD though.

ku4eto 03-12-2020 01:18 PM

Quote:

Originally Posted by WannaBeOCer (Post 28364660)
Pretty sure the upcoming Ice Lake based Xeon's are 2Ghz+ up to 38 cores.

Haha, lol.
The EPYC 64C runs at 2.15Ghz.

Hueristic 03-12-2020 04:19 PM

All I gotta say is the heading for the driver issues is freaking hilarious, I would never expect to see such a technical description of the issue on a fortune 500 company's site.


https://www.amd.com/en/corporate/product-security

Quote:

Screwed Drivers

8/11/19

Anyhoose this is another reminder to run noscript. Its a perfect attack vector and apparently now we have JS that can run sidechannel attacks.
Nothing new to see here the vectors opened up from parallel processing are going to continue to give us exploits its just the nature of the beast apparently.

rdr09 03-13-2020 12:11 AM

Quote:

Originally Posted by Hueristic (Post 28365172)
All I gotta say is the heading for the driver issues is freaking hilarious, I would never expect to see such a technical description of the issue on a fortune 500 company's site.


https://www.amd.com/en/corporate/product-security




Anyhoose this is another reminder to run noscript. Its a perfect attack vector and apparently now we have JS that can run sidechannel attacks.
Nothing new to see here the vectors opened up from parallel processing are going to continue to give us exploits its just the nature of the beast apparently.

It's like they are advertising to just buy a cheaper RX 5700 and flash it with a 5700XT BIOS.

Hueristic 03-13-2020 11:29 AM

Quote:

Originally Posted by rdr09 (Post 28365552)
It's like they are advertising to just buy a cheaper RX 5700 and flash it with a 5700XT BIOS.

Not like the old days though everything is binned now, flashing an 850xt to a 850xtPE was the best. :D

speed_demon 03-13-2020 11:53 AM

How about unlocking cores via mobo options. My buddy's prebuilt AMD system was able to do that using a modded BIOS we found on a random website (lol).

m4fox90 03-13-2020 01:41 PM

Quote:

Originally Posted by Liranan (Post 28364792)
The problem with Netburst and Bulldozer was also clock speed, so, why don't you do some research into these throttling chips? Intel's 10nm is so bad it barely matches the previous gen and all we've had so far are mobile chips because yields are terrible and performance is awful.

He's got all the research he needs provided weekly by Intel's PR team with the check.

Hueristic 03-18-2020 07:55 PM

Quote:

Originally Posted by speed_demon (Post 28366184)
How about unlocking cores via mobo options. My buddy's prebuilt AMD system was able to do that using a modded BIOS we found on a random website (lol).

Yeah, free cores were the best, my 1605T served me well until very recently and would still be in service if AM3+ multi pci-e x16 unlocking boards were not so scarce..

Kaltenbrunner 03-23-2020 02:51 PM

Where's the matrix so I can upload all computer science to my brain overnight

speed_demon 03-23-2020 06:11 PM

If Elon Musk's argument is to be believed then we are living in it. Or rather our non base reality inspired the matrix's design.

I dunno. I still want to know if there is a scientific way to prove what is or isn't base reality.


All times are GMT -7. The time now is 09:56 AM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.

vBulletin Optimisation provided by vB Optimise (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.