• Apgrejdovali smo forum na XenForo 2.1.1, ukoliko imate predloga vezanih za izgled ili funkcionalnost foruma, ili ukoliko naletite na neki problem, javite nam OVDE

    DEFINISALI SMO PRAVILA FORUMA. Pročitajte ih, pojaviće se automatski kada krenete da čitate nešto!

Intelov "TLB"

Sam633

PCAXE Addicted
Učlanjen(a)
13.11.2012.
Poruka
1.286
Rezultat reagovanja
26
Moja konfiguracija
New Spectre-like attack uses speculative execution to overflow buffers
This speculative execution can even do other things that wouldn't be allowed: for example, Intel processors allow speculative writes to be made to read-only memory, giving even more power to an attacker. This has some similarity to the Meltdown attack; Intel and certain ARM processors (though not AMD chips) will allow user-mode programs to speculatively read kernel-mode memory because of the way the processors defer checking whether the access is permitted. It turns out that they also defer checking whether a write is permitted, too.
 

Sam633

PCAXE Addicted
Učlanjen(a)
13.11.2012.
Poruka
1.286
Rezultat reagovanja
26
Moja konfiguracija
Disable SMT/Hyperthreading in all Intel BIOSes

Two recently disclosed hardware bugs affected Intel cpus:

- TLBleed

- T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
bug, more aspects are surely on the way)

Solving these bugs requires new cpu microcode, a coding workaround,
*AND* the disabling of SMT / Hyperthreading.

SMT is fundamentally broken because it shares resources between the two
cpu instances and those shared resources lack security differentiators.
Some of these side channel attacks aren't trivial, but we can expect
most of them to eventually work and leak kernel or cross-VM memory in
common usage circumstances, even such as javascript directly in a
browser.

There will be more hardware bugs and artifacts disclosed. Due to the
way SMT interacts with speculative execution on Intel cpus, I expect SMT
to exacerbate most of the future problems.
VMware Performance Impact Statement for ‘L1 Terminal Fault - VMM’ (L1TF - VMM) mitigations: CVE-2018-3646 (55767)

Our tests showed that after enabling the ESXi Side-Channel-Aware Scheduler the maximum performance capacity of the host can diminish by as much as 30%, depending on the workloads, host utilization, and processors used within the host. It is important to note that this does not necessarily translate to a 30% reduction in application performance. On a host that is running below its maximum performance capacity, the enablement of the ESXi Side-Channel-Aware Scheduler might result in little or no loss of performance depending on how much spare capacity was available. A set of test results for common enterprise application workloads is included in the Performance Test Results section of this article.
 
Vrh