scharfshutze009
2[H]4U
- Joined
- May 22, 2010
- Messages
- 2,079
You know what I have to say to this any all these allegations or rumors true or not now. Fake News. LOL
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
A Massive Intel Hardware Bug May Be on the Horizon
- Thread starter Megalith
- Start date
You know what I have to say to this any all these allegations or rumors true or not now. Fake News. LOL
naib
[H]ard|Gawd
- Joined
- Jul 26, 2013
- Messages
- 1,289
you do know that AMD/Ryzen have an ME core as well (called PSP) and an exploit was reported a few days ago
http://seclists.org/fulldisclosure/2018/Jan/12
I would still go ryzen though, AMD have provided means for the end user to disable PSP unlike Intel. You need latest bios
No that I would claim to know too much, but Intel's vs AMDs read fairly different.
Shintai
Supreme [H]ardness
- Joined
- Jul 1, 2016
- Messages
- 5,678
Spectre may be the end of all Out of Order designs in the long term. Only In order designs are free. Thats means EPIC, low end ARM for IoT, Intel Quark and older Atoms.
Spectre is an entirely new attack vector never seen before.
Last edited:
The funny part is that a pair of years ago I was on RWT forum discussing alternatives to OOO. My motivation then was efficiency. I was discussing non-blocking in-order pipelines (*), but the 'smart' guys at RWT as Linus wrote venous criticism about how OOO was the only way for a 'decent' chip and any industrial engineer or academic researcher thinking differently to him was an idiot. It would be ironic if Spectre renews the research on alternatives to OOO.
(*) More concretely my interest was on an extension of run-ahead with reusing. There is no speculative execution.
I always assumed out-of-order execution would be vulnerable to cache attacks and hardware attacks. It doesn't matter that a register wasn't committed to memory after a fault, if protected memory was already cached. I assumed the operating system would halt out-of-order execution when the following instructions required elevated access of the previous instruction.
Spectre, however, training branch prediction is genius. It's like playing slapjack against the cpu with the joker in the deck.
Spectre, however, training branch prediction is genius. It's like playing slapjack against the cpu with the joker in the deck.
Shintai
Supreme [H]ardness
- Joined
- Jul 1, 2016
- Messages
- 5,678
OOO have always been a hotfix to a software issue. Spectre will lead to entire new research against OOO designs. IA64 and similar uarchs may see a remerge. Specially as more and more moves to cloud so the consumer is uarch independent.
Trying to do real time on every single CPU vs having to do it at compile a single time is simply silly. It cost silicon, TCO etc.
OutOfPhase
Supreme [H]ardness
- Joined
- May 11, 2005
- Messages
- 6,318
It's also a dreadfully hard set of problems to solve at compile time, which is one of the main reasons IA64 didn't take off as well as we'd hoped. OooE may go away or get refined, but I'd still be leery of approaches which again attempt to put the lions share of the burden on the compiler.
The trouble there is you are removing (essentially) a nice level of abstraction by putting more instruction scheduling in the compiler. There are some advantages, but even assuming it works well (which it historically kinda hasn't) there are downsides for longevity of a platform. It becomes hard to make a really different internal arch and retain speed with such explicit instruction streams.
You may well be right, and there have of course been advancements in compilers since the last go-around. Particularly in the area of profile guided optimization, which could be key to a more modern variant. I have to admit though, my gut feel is "here we go again..."
I may have to get back into the industry - looks like things will be fun on the research side again!
To be fair compilers have improved a lot of since IA64. Precisely advances in recent compilers are the base for all the hype around the Mill CPU project. I don't think that a pure-software approach will replace OOO. But a combination of future compilers plus some non-blocking in-order pipeline could do the work.
OutOfPhase
Supreme [H]ardness
- Joined
- May 11, 2005
- Messages
- 6,318
Interestingly enough, that's more or less the same pitch the IA64 guys made.
The issue is "what can you actually know at compile time", which would allow you to compete with something using heuristics on the actual instruction stream and data you are using. It's really hard for the compiler to statically produce something which outperforms the dynamic optimizations the cpu can do running with the actual program and the specific data set the user has at the time of execution.
Interestingly enough, that's more or less the same pitch the IA64 guys made.
The issue is "what can you actually know at compile time", which would allow you to compete with something using heuristics on the actual instruction stream and data you are using. It's really hard for the compiler to statically produce something which outperforms the dynamic optimizations the cpu can do running with the actual program and the specific data set the user has at the time of execution.
Yeah, that is why I think a pure-compiler approach cannot replace OOO. Some hardware is needed to deal with the dynamic and unknown aspects of the actual execution of code.
naib
[H]ard|Gawd
- Joined
- Jul 26, 2013
- Messages
- 1,289
Patches coming in for spectre on Linux. AMD are getting off light as well due to specifics of their architecture
I wonder what the end impact of PTI+SPEC when comparing AMD and Intel CPU's
I wonder what the end impact of PTI+SPEC when comparing AMD and Intel CPU's
AMD already has a patch available for it but yeah all these embedded security hardware solutions (both Intel's IME and AMD's PSP) are stupid. They should at least give the end users the ability to permanent disable them via a DIP switch or jumper or something.
You're being ridiculous in your speculation here. That its a problem with all existing designs doesn't mean its a unsolvable problem. Many other actual tech experts in the know have been quite clear that vulnerability and actual implementation of effective attacks will differ greatly depending on the architecture in question.
That various forms of fixes are coming in the form of patches right there alone should tell you this isn't a deal breaker for OoOE. No patch would work if it was.
They only started getting "venomous" after you started pulling your typical nonsense that gets most people to crap on your posts elsewhere. And Linus was right. Everyone uses OoOE for good reasons.
What in the world makes you think no one is researching alternatives to OoOE? There is constant work being done. The problem is nothing so far has been shown to beat or even be as good as OoOE is for general purpose work load performance.
What?! A security issue doesn't mean OoOE is going to be going away or that necessarily alternatives will get more R&D done. They're just going to fix the issue with the current OoOE designs is all. That'll take a while but there is no reason to believe it isn't doable.
And as far as stuff like IA64 coming back you don't know what you're talking about. That approach was shown to be effectively unworkable since the magic compilers needed to make that approach good for general purpose work can't and won't exist ever. Its a NP complete problem that isn't even solvable theoretically in reasonable time yet!! And they'd have to implement those compilers so that they'd solve those NP complete problems as fast or faster than the OoOE hardware does at run time!!!
*roollls eyes* Yeah IA64 was known for being so efficient on die space and power right? I think even the P4 beat it frequently when it came to perf/watt.
So... I'm honestly a bit confused what one actually needs to do, in order to feel relatively confident their machines are actually patched for this..
I've seen microsoft has released some patches but my understand is that other software will also require patches and been reading some that seems to indicate updated bios and whatever maybe forth coming.. which is fine if you have a fairly new board but a lot of people are running hasswell or sandy bridge rigs (or whatever) multiple year old motherboards that haven't seen any bios updates in years..
Are bios updates going to be needed, and if so won't this probably leave many out in the cold if motherboard makers can't be bothered / don't have the staff to release updates for legacy boards?
ATM.. I'm not really sure how the lay person is supposed to figure out what they need to update / verify that they have the updates from hardware vendors / OS and software applications in place..
ugh...
I've seen microsoft has released some patches but my understand is that other software will also require patches and been reading some that seems to indicate updated bios and whatever maybe forth coming.. which is fine if you have a fairly new board but a lot of people are running hasswell or sandy bridge rigs (or whatever) multiple year old motherboards that haven't seen any bios updates in years..
Are bios updates going to be needed, and if so won't this probably leave many out in the cold if motherboard makers can't be bothered / don't have the staff to release updates for legacy boards?
ATM.. I'm not really sure how the lay person is supposed to figure out what they need to update / verify that they have the updates from hardware vendors / OS and software applications in place..
ugh...
For the lay person: just update everything as much as possible. Which in theory they're supposed to be doing anyways but we all know they frequently don't.
Its only if you want to get into the technical "nuts n' bolts" details of each attack and fix that things get real complicated.
Its only if you want to get into the technical "nuts n' bolts" details of each attack and fix that things get real complicated.
My "typical nonsense" consisted on giving links to published articles from people doing research in the topic. Linus didn't even bother to read what was being discussed, because him incorrectly believed we were discussing something as replacing A57 core with A53 core. And from your last phrase it seems you also don't get it.
I know people is researching alternatives to OOOE. I tried to say Spectre could invigorate the research about this.
Or alternatively the changes needed to fix this could put alternatives to OOO in a better position. Or did you forget that speed-demons were very popular until we will hit a frequency wall and now no one does speed-demonns anymore?
Don't be ridiculous. I know IA64 is not coming back, and never said the contrary. What is more, if you read the part of my post that you didn't quote I am skeptic about the Mill.
Moto Guzzi
[H]ard|Gawd
- Joined
- Aug 9, 2002
- Messages
- 1,135
My Win 10 PC pass on the test Intel provided-(2 files downloaded), is that ok enough then-?