AMD States Its CPUs Are Not Susceptible to SPOILER

Subject: Processors | March 18, 2019 - 08:38 AM |
Tagged: spoiler, speculation, spectre, rowhammer, meltdown, amd

AMD has issued a support article stating that its CPUs are not susceptible to the recently disclosed SPOILER vulnerability. Support Article PA-240 confirms initial beliefs that AMD processors were immune from this specific issue due to the different ways that AMD and Intel processors store and access data:

We are aware of the report of a new security exploit called SPOILER which can gain access to partial address information during load operations. We believe that our products are not susceptible to this issue because of our unique processor architecture. The SPOILER exploit can gain access to partial address information above address bit 11 during load operations. We believe that our products are not susceptible to this issue because AMD processors do not use partial address matches above address bit 11 when resolving load conflicts.

amd-epyc.jpg

SPOILER, one of the latest in the line of speculative execution vulnerabilities that have called into question years of processor architecture design, describes a process that can expose the mappings between virtual and physical memory. That's not a complete issue in and of itself, but it allows other attacks such as Rowhammer to be executed much more quickly and easily.

The research paper that initially disclosed SPOILER earlier this month states that Intel CPUs dating as far back as the first generation Core-series processors are affected. Intel, however, has stated that the vulnerabilities described in the paper can be avoided. The company provided a statement to PC Perspective following our initial SPOILER reporting:

Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.

Source: AMD

Spoiler alert! Don't have a Meltdown but Spectre isn't the only spooky thing about Intel chips

Subject: General Tech | March 5, 2019 - 06:29 PM |
Tagged: spoiler, spectre, security, meltdown, Intel

******Update*****

A spokesperson from Intel reached out to provide a statement for us.

“Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices. This includes avoiding control flows that are dependent on the data of interest. We likewise expect that DRAM modules mitigated against Rowhammer style attacks remain protected. Protecting our customers and their data continues to be a critical priority for us and we appreciate the efforts of the security community for their ongoing research.”

This is good news as the original report suggested a sofware mitigation might not be possible.

********** End Update ***********

If Tim's post earlier today was bright spot on an otherwise dismal day, then get ready for the clouds to roll back in.  The performance drop experience from protecting yourself against Spectre and it's variants may have been mitigated to a point, however researchers from Worcester Polytechnic Institute, Massachusetts, and the University of Lubeck have discovered Intel chips are still vulnerable to a newly discovered vulnerability dubbed Spoiler. 

Like the previous vulnerabilities it exploits speculative execution however unlike Spectre, Meltdown and their variants, it attacks via the Memory Order Buffer, using the timing behaviour it exposes.  If there is one bit of good news in this discovery, it is that only Intel processors are affected and not AMD nor ARM.

Read on at Slashdot if you aren't already depressed enough.

hahahaha-oh-i-made-myself-sad.jpg

"Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets. However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Microsoft Rolling Out Retpoline Optimizations Update to Reduce Performance Impact of Spectre 2 Mitigations

Subject: General Tech | March 4, 2019 - 08:12 PM |
Tagged: windows udpate, spectre, security, retpoline, microsoft, meltdown, cve-2017-5715

Microsoft recently detailed its testing of retpoline optimizations present in Windows Insider Preview builds of its Windows 10 operating system (18272 and newer) and has announced that starting with Microsoft Update KB4482887 on March 1st the company will be rolling out and enabling the Google-developed Retpoline performance optimizations that reduce the performance impact of security mitigations put in place to combat Spectre Variant 2 (CVE-2017-5715). Windows 10 users running 64-bit versions of Windows 10 Build 1809 and newer will have the Retpoline optimizations installed with the KB4482887 and other updates turned on via cloud configuration in a phased rollout.

noretpolineforme.jpg

No retpoline fixups for me, at least not until Microsoft Update stops failing to install a newer build (heh). It may be time to nuke it from orbit and start fresh! If you get this error on a supported build you may have to run this PowerShell script from the Microsoft Support website to get it to work though when I tried I was not able to get PS to import the module...

As a refresher, Spectre Variant 2 is a security vulnerability related to speculative execution that requires CPU microcode as well as OS kernel updates to mitigate. Red Hat summarizes CVE-2017-5715 as “an indirect branching poisoning attack that can lead to data leakage. This attack allows for a virtualized guest to read memory from the host system.” Microsoft further clairifies:

“At a high level, the Spectre variant 2 attack exploits indirect branches to steal secrets located in higher privilege contexts (e.g. kernel-mode vs user-mode). Indirect branches are instructions where the target of the branch is not contained in the instruction itself, such as when the destination address is stored in a CPU register.”

Unfortunately, while Spectre Variant 1 was able to be patched at the OS kernel level, Spectre Variant 2 required processor microcode updates (or new hardware with different speculative execution methods) and the patches while necessary to improve security and mitigate potential attacks have an impact on performance. Last year, Google began work on “retpoline” to attempt to reduce the performance impact that these security measures have on systems. Retpoline ended up being much faster than IBRS (indirect branch restricted speculation) which is the default behavior post-mitigations but still slower than regular indirect calls / jumps (pre-mitigations). Retpoline replaces all indirect calls or jumps in kernel-mode binaries with indirect brand sequences that have safe speculation behavior, according to Microsoft. Retpoline applies to all AMD processors as well as Intel Broadwell and older architecture-based chips where the CPU RET (return from procedure) instructions do not speculate based on the contents of indirect call brand prediction. The retpoline methods allow for safe control transfers to target addresses by performing a function call, modifying the return address, and returning it. The optimizations are traditionally done at compile time with indirect calls being replaced with retpoline sequences. Microsoft stated that due to its need for legacy support and third-party driver code, such a compile-time optimization was simply not practical. Instead, Microsoft performs the retpoline optimizations at runtime. It extended the DVRT (Dynamic Value Relocation Table) format and NT Memory Manager to support the new retpoline metadata that can be added to the DVRT without breaking backwards compatibility. Speaking of backwards compatibility, the Redmond-based software giant plans to continue shipping Windows 10 as-is in a non-retpoline state to maintain wider compatibility and software support. Drivers and software that do support retpoline will be able to take advantage of the optimizations, however.

“As mentioned earlier, the Windows implementation needs to support mixed environments in which some drivers are not compiled with retpoline support. This means that we cannot simply replace every indirect call with a retpoline sequence like the example shown in the introduction. We need to ensure that the kernel gets the opportunity to inspect the target of the call or jump so that it can apply appropriate mitigations if the target does not support retpoline.” - Mehmet_Iyigun, Microsoft

DVRT metadata can store retpoline data for import calls/jumps, switchable jumps, and generic indirect calls/jumps, and then the extended NT Memory Manager infrastructure is used to understand that metadata and apply fixups / retpoline optimizations where applicable.

What does all this mean for performance though? Well, according to Microsoft and its internal testing, the company saw approximately 25% faster Microsoft Office application startup times and between a 1.5 to 2-times increase in storage and networking performance which is a notable improvement post-Spectre 2 patches. They also claimed that the performance impact has been "reduced to noise level for most situations." If you are running Windows Insider Preview 18272 or later on supporting hardware the retpoline optimizations should already be turned on for you (you can double check with PowerShell cmdlet Get-SpeculationControlSettings) and if you are running Windows 10 1809 or later the optimizations will be enabled within the first half of this year in a phased rollout.

Until we get new processors that are not affected by the various speculative execution attacks (which could be difficult if not impossible to totally eliminate just due to the nature of how those performance tricks work), optimizations like retpoline to reduce the performance impact of patches that improved security but limited full potential chip performance may well be our best bet.

Are you running one of the Windows Insider builds with retpoline enabled and noticed any increased application performance? You can check out Microsoft’s blog post with all the juicy programming details here. You can find the KB4482887 update information page here.

Related reading:

Source: Microsoft

Out on a branch, speculating about possible architectural flaws

Subject: General Tech | December 10, 2018 - 12:38 PM |
Tagged: spectre, splitspectre, speculator, security, arm, Intel, amd

The discovery of yet another variant of Spectre vulnerability is not good news for already exhausted security experts or reporters, but there is something new in this story which offers a glimmer of hope.  A collaborative team of researchers from Northeastern University and IBM found this newest design law using an automatic bug finding tool they designed, called Speculator.

They designed the tool to get around the largest hurdle security researchers face, the secrecy of AMD, Intel and ARM who are trying to keep the recipe for their special sauce secret, and rightly so.  Protecting their intellectual properly is paramount to their stockholders and there are arguments about the possible effectiveness of security thorough obscurity in protecting consumers from those with nefarious intent but it does come at a cost for those hunting bugs for good. 

Pop by The Register for details on how Speculator works.

TreeHouse_0002_20130603_web.jpg

"SplitSpectre is a proof-of-concept built from Speculator, the team's automated CPU bug-discovery tool, which the group plans to release as open-source software."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

That is not dead which can eternal lie; Spectre rises again

Subject: General Tech | November 15, 2018 - 12:29 PM |
Tagged: meltdown, spectre, amd, arm, Intel

Happy Thursday, here's some new Spectre and Meltdown vulnerabilities to cheer you up, including the first Meltdown flaw to which AMD chips are vulnerable to delayed exception handling.  That brings the tally to seven Meltdown and 14 Spectre flaw variants which effect modern processor architecture; the only good news is not all chips are vulnerable to all flaws.  Intel told The Register that these flaws can be mitigated with software while the researchers pointed out that these vulnerabilities were successfully carried out on patched systems; AMD declined to comment.

Of course, that doesn't matter if you choose not to install the software patches due to the performance hit which is a side effect to many of those mitigations.

cinema_spectre_push_jamesbond_page_960x720_large_2.jpg

"Computer security researchers have uncovered yet another set of transient execution attacks on modern CPUs that allow a local attacker to gain access to privileged data, fulfilling predictions made when the Spectre and Meltdown flaws were reported at the beginning of the year."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Of Intel, Foreshadow, horses and barn doors

Subject: General Tech | August 24, 2018 - 12:29 PM |
Tagged: Foreshadow, Intel, hyperthreading, L1TF, spectre, security, patch

In a move which should not come as a shock to anyone, Intel removed the wording which was revealed yesterday along with their Foreshadow patch for desktop CPUs prohibiting publishing comparative performance results.   The reason Intel would rather you didn't post performance comparisons, pre and post patch, is that along with the microcode update HyperThreading needs to be disabled which has a noticeable effect on any multi-threaded application.  Debian were of great help with this, refusing to deply the microcode patch with the gag order in place. 

Red Hat foreshadowed what you will see with their results from the server chip patches, The Register notes as being "from a +30 per cent gain, to -50 per cent loss and beyond. Most HT testing, however, showed losses in the 0-30 per cent range."

187032066-612x612.jpg

"Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors – after the previous wording outlawed public benchmarking of the chips."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Spectre doesn't stand a ghost of a chance on the new Chrome, nor will your available RAM

Subject: General Tech | July 12, 2018 - 02:10 PM |
Tagged: chrome, security, spectre

Chrome's predilection for gobbling up vast amounts of RAM will soon increase to new levels but it is for a very good reason.  Chrome 67 will offer a Site Isolation feature which will protect you against a variety of Spectre attacks.   When you have this feature enabled in Chrome each site would be isolated, with the a single renderer process per page.  This means coss-site iframes and pop-ups will be unable to read data from other pages; in fact a single site may spawn multiple render processes, each running in isolation.

There is of course a cost, The Inquirer was quoted an increase of 10-13% in RAM usage ... so better get a 128GB kit.

d3aql.png

"The new feature basically splits the render process into separate tasks using out-of-process iframes, which makes it difficult for speculative execution exploits like Spectre to snoop on data."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Cortana's feeling vulnerable; that's why she's always eavesdropping on you

Subject: General Tech | June 13, 2018 - 12:39 PM |
Tagged: security, windows 10, cortana, microsoft, spectre

If your Win10 machine did not go beep in the night, you might want to get on that reboot as there are numerous security patches waiting to install.  One of them is a long standing flaw which effects those who haven't disembowelled the Cortana search assistant on their computer.  For those that have managed to subdue Cortana, rest assured she is not listening to you at all times; those who haven't should be aware that she is always listening, even in her sleep.  As creepy as that already is, it has also been a way to take advantage of long standing security flaw in the assistant.   This, as well as a patch for a Spectre variant and a variety of other patches is waiting your installation. 

You can check out information on Cortana's bad habits over at The Inquirer.

dims.jpg

"Lane Thames, a senior security researcher at Tripwire, spoke out about the long-standing flaw with Cortana, that meant the AI helper was always listening for commands, even when a PC is locked."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Podcast #500 - Steam cache, Ultra ultra wide Samsung monitor, and more!

Subject: General Tech | May 24, 2018 - 05:37 PM |
Tagged: Z390, video, steam, spectre, Samsung, QLC NAND, Predator X27, podcast, nzxt, logitech, GTX1050, G513, FreeSync2, corsair, asus, acer

PC Perspective Podcast #500 - 05/24/18

Join us this week for discussion on Steam cache, Ultra ultra wide Samsung monitor, and more!

You can subscribe to us through iTunes and you can still access it directly through the RSS page HERE.

The URL for the podcast is: http://pcper.com/podcast - Share with your friends!

Hosts: Ryan Shrout, Allyn Malventano, Jeremy Hellstrom, Josh Walrath

Peanut Gallery: Ken Addison, Alex Lustenberg

Program length: 1:55:11

Podcast topics of discussion:
  1. 0:07:30 We reminisce about 500 episodes...
  2. Week in Review:
  3. News items of interest:
  4. Picks of the Week:
    1. 1:45:15 Jeremy: Xbox Adaptive Controller
    2. 1:47:25 Josh: How cheap can we go?
  5. Closing/outro
 
Source:

Spectre 3a and Spectre 4 Unfortunately Announced...

Subject: Processors | May 22, 2018 - 07:51 PM |
Tagged: x86, arm, Intel, amd, spectre

Security researchers at Microsoft and Google have found two new vulnerabilities along the lines of the Spectre and Meltdown bugs from early January. These are being called Spectre 3a (Rogue System Register Read) and Spectre 4 (Speculative Store Bypass). Like last time, hardware and software vendors have addressed the issues, which will be coming down via OS updates.

bond-2018-spectre-joke.jpg

Naturally, James Bond will steal information when there's Intel Inside.

On the AMD side of things, they claim that the Spectre 4 vulnerability will be patched as far back as Bulldozer (2011). They also claim that no action will be necessary, at least to their knowledge, for Spectre 3a on their x86 parts. They have also released a short, five-page whitepaper discussing the issue.

On the Intel side of things… a security bulletin has been posted for CPUs as far back as Nehalem. They don’t exactly clarify which processors are susceptible to which vulnerabilities, but they acknowledge that both Spectre 3a and Spectre 4 touch something on their product stack to some extent. They have submitted a beta microcode update to OS vendors, which they expect to be production ready “in the coming weeks”.

ARM is also affected to some extent. They have published a table that lists which architectures are vulnerable to what exploit. Interestingly, there are some processors that are vulnerable to 3a, but not 4, and others that are vulnerable to 4, but not 3a (and, of course, some that are vulnerable to both and neither). Since these exploits are based on optimizations gone awry, you would think that it would have built up over time, but that doesn’t seem to be the case. The only pattern I could notice is that Variant 4 only affects newish 64-bit ARM processors. I don’t know if that’s a red herring, or a well-known corollary of the bug that I just don’t know enough about, but it’s about all that I can see.

Regardless, expect patches soon, which might, again, lower performance by some amount.