Chip architecture vulnerability in pretty much everthing

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Mudpuppy
Posts: 5889
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: Chip architecture vulnerability in pretty much everthing

Post by Mudpuppy » Wed Jan 10, 2018 2:56 am

wrongfunds wrote:
Tue Jan 09, 2018 2:14 pm
Let us agree to disagree. You believe AMD does not allow user mode program to access the kernel memory. I believe the Listing 1 clearly implies otherwise. I do not care whether something is called Meltdown or Spectre. All I know is when term "exception" is being used in this context, ring violation has already occurred.
Terminology is very important. Saying that you don't care if something is called Spectre or Meltdown is like saying you don't care if your life insurance is term life insurance or whole life insurance because they're both life insurance. Just as a Boglehead would try to correct a poster who doesn't know the difference between term and whole life insurance, so too am I trying to get you to realize the differences between Spectre and Meltdown. Ultimately, it's up to you to either take it or leave it, just as it would be for our theoretical life insurance poster.

So if you want a "take home point" from this conversation, it is this: Spectre is bad because memory can leak between users, but Meltdown is worse because it lets users see the OS memory directly and it doesn't take as much effort to pull off successfully. Essentially, both vulnerabilities leak memory, but Meltdown leaks more memory with fewer tricks needed. And as of this point in time, only Intel and a couple of high-end ARM processors are vulnerable to Meltdown. On the other hand, Intel, AMD, ARM, and some other, less popular, chip manufacturers are vulnerable to Spectre.

wrongfunds
Posts: 1712
Joined: Tue Dec 21, 2010 3:55 pm

Re: Chip architecture vulnerability in pretty much everthing

Post by wrongfunds » Wed Jan 10, 2018 8:49 am

And as of this point in time, only Intel and a couple of high-end ARM processors are vulnerable to Meltdown.
Some of us flatly deny the unstated implication that AMD/ARM are not vulnerable to this bug. As shown in one of my previous reply, the paper is quite clear on it but you and me interpret those two paragraphs from the paper in completely opposite way. Let us leave it at that and have the other posters to this topic reach their own conclusion.

azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Chip architecture vulnerability in pretty much everthing

Post by azurekep » Thu Jan 11, 2018 8:59 pm

Quick question,...

Do VMs directly use the chip of the host system?

IOW, does a VM use the processor that came with the computer or does it simulate a processor via software? Or is it a combination of both.

curmudgeon
Posts: 1530
Joined: Thu Jun 20, 2013 11:00 pm

Re: Chip architecture vulnerability in pretty much everthing

Post by curmudgeon » Thu Jan 11, 2018 9:11 pm

azurekep wrote:
Thu Jan 11, 2018 8:59 pm
Quick question,...

Do VMs directly use the chip of the host system?

IOW, does a VM use the processor that came with the computer or does it simulate a processor via software? Or is it a combination of both.
High-performance VMs directly run on the cpu, with enhanced exception handling to deal with privileged instructions. I'm not aware of current VMs running a software interpreter (unless you are doing cross-architecture stuff). Privileged instructions (stuff like memory management and i/o) are somewhat interpreted in the hypervisor, though there have been several cycles of streamlining for this over the years.

azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: Chip architecture vulnerability in pretty much everthing

Post by azurekep » Thu Jan 11, 2018 9:56 pm

curmudgeon wrote:
Thu Jan 11, 2018 9:11 pm
azurekep wrote:
Thu Jan 11, 2018 8:59 pm
Quick question,...

Do VMs directly use the chip of the host system?

IOW, does a VM use the processor that came with the computer or does it simulate a processor via software? Or is it a combination of both.
High-performance VMs directly run on the cpu, with enhanced exception handling to deal with privileged instructions. I'm not aware of current VMs running a software interpreter (unless you are doing cross-architecture stuff).
What constitutes a high-performance VPN? I'm using VirtualBox, and the PC has a low-end processor. Inside the VM, I mainly use Lubuntu, which is a very light Linux distro.

You mention cross-architecture stuff.... The PC itself uses a 64-bit processor. The VMs include both 32-bit and 64-bit distros. Could I eliminate the chip threat by using the 32-bit VMs only?

curmudgeon
Posts: 1530
Joined: Thu Jun 20, 2013 11:00 pm

Re: Chip architecture vulnerability in pretty much everthing

Post by curmudgeon » Thu Jan 11, 2018 10:48 pm

azurekep wrote:
Thu Jan 11, 2018 9:56 pm
curmudgeon wrote:
Thu Jan 11, 2018 9:11 pm
azurekep wrote:
Thu Jan 11, 2018 8:59 pm
Quick question,...

Do VMs directly use the chip of the host system?

IOW, does a VM use the processor that came with the computer or does it simulate a processor via software? Or is it a combination of both.
High-performance VMs directly run on the cpu, with enhanced exception handling to deal with privileged instructions. I'm not aware of current VMs running a software interpreter (unless you are doing cross-architecture stuff).
What constitutes a high-performance VPN? I'm using VirtualBox, and the PC has a low-end processor. Inside the VM, I mainly use Lubuntu, which is a very light Linux distro.

You mention cross-architecture stuff.... The PC itself uses a 64-bit processor. The VMs include both 32-bit and 64-bit distros. Could I eliminate the chip threat by using the 32-bit VMs only?
When I was thinking of "high performance VM", I was actually referring to the hypervisor, and thinking of Xen, KVM, ESX, or Hyper-V. I was forgetting about VirtualBox (and maybe VMware Player), but I think they are doing more instruction emulation, as they are running as a user process itself. The same speculative execution stuff might be possible, though more obscure.

fishboat
Posts: 494
Joined: Tue Oct 14, 2014 12:15 pm

Re: Chip architecture vulnerability in pretty much everthing

Post by fishboat » Fri Jan 12, 2018 1:25 pm

From what I've gathered, the Win 10 (1709) MS patch (KB4056892) that was issued recently to deal(partially?) with this issue has taken-down older AMD-chipped machines. The update fails to install and a reboot results in a bricked machine at the blue-window stage. Apparently it wasn't MS's fault as AMD gave them a chip-spec with errors in it. All this started at around Jan 5, 2018. I've just recovered from the event as I have an older AMD machine.

The following discussion covers the issue and the cure:

https://answers.microsoft.com/en-us/win ... 514?auth=1

Post Reply