Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 23 Sep 2018, 06:32
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Meltdown and Spectre patches stop bricking AMD
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1734

PostPosted: Fri 19 Jan 2018, 10:11    Post subject:  Meltdown and Spectre patches stop bricking AMD  

It appears that Microsoft's debacle with patches for Meltdown and Spectre will no longer brick machines with AMD processors. Meanwhile, more Intel systems have a problem with rebooting. Fixes are scheduled "real soon now".

I think it is important to warn people that hasty changes remain risky. Those who worry a lot about security should recall that Puppies on the Raspberry Pi are immune. Cool
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1535

PostPosted: Fri 19 Jan 2018, 12:58    Post subject: Re: Meltdown and Spectre patches stop bricking AMD  

prehistoric wrote:
Those who worry a lot about security should recall that Puppies on the Raspberry Pi are immune. Cool


Aren't Puppies on old AMD chips immune also? I mean, for example, people who still are running the Athlon/Sempron families from around 2011 and back? None of those families of chips are listed as affected by either Meltdown and/or Spectre 1/2. Thus, are they (when paired with a Pup) not just as "immune" as the Raspberry Pi with a Pup? Or is this a faulty assumption?? Thanks.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1734

PostPosted: Mon 22 Jan 2018, 12:00    Post subject:  

Even old Athlons from some years back had speculative execution, and AMD's own site says they are vulnerable to Spectre variant 2.

Here's what Wikipedia says about Spectre:
Quote:
In Spectre[14], the attacker does not rely on such fault mechanisms, and rather targets another user process in a more general way. Spectre relies on branch (mis)prediction to speculatively perform a fetch from an array cell, even though the preceding branch noticed that the fetch would go beyond the end of the array. It starts off by training the branch prediction machinery of the processor to make a faulty prediction, across a process boundary, and then manipulates the target process into executing part of its own code which actually touches the speculative branch. Once again, what it touched is leaked via a cache timing side channel. In this case, the entire address space of the target process can be read even though it is outside of allowed memory limits.


The problem with this exploit is that it does not depend on the kind of page protection fault seen in Meltdown, only on accessing memory beyond array bounds. (Intel and AMD use very different memory management and protection mechanisms, but array access is almost the same.) Way, way back there was a decision to exempt array access from strict bounds checking to gain speed, with the idea that protection mechanisms would be applied to prevent information from leaking. It is possible that some processors which do fetch the forbidden data are not vulnerable to the side channel attack, or it may be that nobody has figured out how to do this yet.

Some processors that went in my junk box years ago, when faster replacements using the same socket became available, are known vulnerable. I'm afraid the reason nobody has precisely found the point where this vulnerability entered production machines is simply because nobody has time to consider hacking them, while working desperately to patch vulnerabilities in recent machines.

The difference between Athlons, Durons and Semprons is not as great as you might think. At least some Semprons were simply drop-outs from Athlon production with some cache disabled. In the case of multicore Athlons I have found it possible to enable cores that were not considered functional. A friend has been running 4-cores of a chip sold as 3-core for years now. I got things to work reliably by carefully considering memory timing, carefully adjusting voltages and not attempting to overclock at all. I tested reliability with computations of Pi running to many millions of digits, or even billions, taking many hours. AMD can't afford to tweak and test each chip that way, so they leave considerable margin in their designs.

Are any of you out there still running Durons?

Added: I'm fairly sure that chips capable of running 64-bit x86 code are vulnerable to Spectre. AMD introduced this, and Intel later licensed the design when their approach to 64-bit processing, Itanium, failed in the marketplace.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0366s ][ Queries: 11 (0.0065s) ][ GZIP on ]