SPOILER: attack on store forwarding

By: hobold (hobold.delete@this.vectorizer.org), March 5, 2019 5:22 am
Room: Moderated Discussions
Another shared data structure in CPUs has been successfully attacked: the store buffer.

news article

Reports of only Intel CPUs being affected are probably premature. The researchers have tested only a single ARM and a single AMD processor model of Bulldozer ancestry. In particular, status of Zen is still unknown right now.

Whitepaper

Apparently the fix is to not use a subset of store address bits, but the full address to determine store forwarding hits. This makes hits definitive rather than speculative.

Demo exploits apparently include a browser based one in javascript. The actual attack reveals the current logical -> physical mapping to a user level process, which is then used to perform rowhammer style shenanigans.
 Next Post in Thread >
TopicPosted ByDate
SPOILER: attack on store forwardinghobold2019/03/05 05:22 AM
  sounds like non-issueMichael S2019/03/05 06:19 AM
    recognition of RowhammerJeff S.2019/03/05 07:14 AM
      recognition of RowhammerLinus Torvalds2019/03/05 09:49 AM
        recognition of RowhammerJeff S.2019/03/05 01:42 PM
          recognition of RowhammerLinus Torvalds2019/03/05 05:43 PM
      recognition of RowhammerTravis Downs2019/03/05 11:10 AM
  Is hiding th V-P mapping even a good goal?Travis Downs2019/03/05 11:32 AM
    Is hiding th V-P mapping even a good goal?Jeff S.2019/03/05 01:57 PM
      Is hiding th V-P mapping even a good goal?Howard Chu2019/03/05 06:53 PM
        Is hiding th V-P mapping even a good goal?Doug S2019/03/06 02:08 AM
          Is hiding th V-P mapping even a good goal?Michael S2019/03/06 03:08 AM
            Is hiding th V-P mapping even a good goal?Howard Chu2019/03/06 05:24 AM
              Is hiding th V-P mapping even a good goal?Aaron Spink2019/03/06 06:01 AM
                Is hiding th V-P mapping even a good goal?Jeff S.2019/03/06 06:10 AM
                Is hiding th V-P mapping even a good goal?Howard Chu2019/03/08 06:10 AM
                  Is hiding th V-P mapping even a good goal?Howard Chu2019/03/08 06:17 AM
                  Is hiding th V-P mapping even a good goal?Michael S2019/03/08 06:52 AM
              O.T. merits of STT-MRAMMichael S2019/03/06 06:34 AM
              Not ready yet (endurance)David Kanter2019/03/06 11:59 AM
                Not ready yet (endurance)David Kanter2019/03/06 01:34 PM
                  Not ready yet (endurance)Jeff S.2019/03/06 05:09 PM
                    Not ready yet (endurance)David Kanter2019/03/06 06:58 PM
                      Not ready yet (endurance)Michael S2019/03/07 02:09 AM
                        Not ready yet (endurance)Maynard Handley2019/03/07 03:50 AM
                          MRAM perspectivesMichael S2019/03/07 04:50 AM
                            MRAM perspectivesKevin G2019/03/08 10:27 AM
                              MRAM perspectivestarlinian2019/03/08 11:19 AM
                                MRAM perspectiveswumpus2019/03/09 07:28 AM
                      Not ready yet (endurance)wumpus2019/03/07 11:14 AM
                        Not ready yet (endurance)David Kanter2019/03/08 07:04 PM
            Is hiding th V-P mapping even a good goal?anon2019/03/06 05:37 AM
Reply to this Topic
Name:
Email:
Topic:
Body: No Text
How do you spell green?