By: anon2 (anon.delete@this.anon.com), July 14, 2022 4:29 pm
Room: Moderated Discussions
Anon4 (no.delete@this.example.com) on July 14, 2022 2:17 pm wrote:
> anon2 (anon.delete@this.anon.com) on July 13, 2022 10:03 pm wrote:
> > anonymous2 (anonymous2.delete@this.example.com) on July 13, 2022 3:14 pm wrote:
> > > https://en.wikipedia.org/wiki/Retbleed
> >
> > Does not seem to be anything new in hardware just spectre variant 2 software fix in Linux was not complete.
>
> Variant 2 was against forward jump instructions,
No it wasn't, it was BTB poisoning to influence indirect branches. Branch direction forwards or backwads is not relevant.
https://spectreattack.com/spectre.pdf
Some CPUs use BTB for return branches in some situations. This is not somehow new nor was unknown at the time. It was explicitly called out in a public discussion about the fix several years ago, actually.
> the mitigation was to turn forward jumps in to returns
> which are architecturally similar but have a very different effect on the microarchitecture.
>
> This was 'retpoline' retbleed attacks the retpoline itself in a similar way to
> the way variant 2 attacked jumps. It makes use of the fact that returns start behaving
> like jumps when certain internal state is overflowed. So this is novel.
>
> Anything which uses retpolines is vulerable and that includes
> Windows and possibly macOS it's not just a Linux issue.
>
> IBRS and eIRBS basically completely migitate the problem these are available from Coffee
> Lake R and beyond (Intel called it 9th gen). You will note commerical OSes have been dropping
> support for older but still relatively recent x86 processors, now you know why.
>
> anon2 (anon.delete@this.anon.com) on July 13, 2022 10:03 pm wrote:
> > anonymous2 (anonymous2.delete@this.example.com) on July 13, 2022 3:14 pm wrote:
> > > https://en.wikipedia.org/wiki/Retbleed
> >
> > Does not seem to be anything new in hardware just spectre variant 2 software fix in Linux was not complete.
>
> Variant 2 was against forward jump instructions,
No it wasn't, it was BTB poisoning to influence indirect branches. Branch direction forwards or backwads is not relevant.
https://spectreattack.com/spectre.pdf
Some CPUs use BTB for return branches in some situations. This is not somehow new nor was unknown at the time. It was explicitly called out in a public discussion about the fix several years ago, actually.
> the mitigation was to turn forward jumps in to returns
> which are architecturally similar but have a very different effect on the microarchitecture.
>
> This was 'retpoline' retbleed attacks the retpoline itself in a similar way to
> the way variant 2 attacked jumps. It makes use of the fact that returns start behaving
> like jumps when certain internal state is overflowed. So this is novel.
>
> Anything which uses retpolines is vulerable and that includes
> Windows and possibly macOS it's not just a Linux issue.
>
> IBRS and eIRBS basically completely migitate the problem these are available from Coffee
> Lake R and beyond (Intel called it 9th gen). You will note commerical OSes have been dropping
> support for older but still relatively recent x86 processors, now you know why.
>
| Topic | Posted By | Date |
|---|---|---|
| Retbleed | anonymous2 | 2022/07/13 03:14 PM |
| Retbleed | anon2 | 2022/07/13 10:03 PM |
| Retbleed | Adrian | 2022/07/14 12:05 AM |
| Retbleed | Anon4 | 2022/07/14 02:17 PM |
| Retbleed | anon2 | 2022/07/14 04:29 PM |
| Retbleed | Anon4 | 2022/07/14 05:05 PM |
| Retbleed | anon2 | 2022/07/14 05:37 PM |
| Retbleed | anon2 | 2022/07/14 06:40 PM |
| Retbleed | dmcq | 2022/07/15 04:54 AM |
| Retbleed | anon2 | 2022/07/17 07:17 AM |
| Retbleed | Michael S | 2022/07/15 07:08 AM |
| Retbleed | Ben T | 2022/07/16 05:06 AM |
| Retbleed | Michael S | 2022/07/16 11:41 AM |
| Public cloud infrastructure | Ben T | 2022/07/16 04:50 PM |
| Public cloud infrastructure | Rayla | 2022/07/16 09:15 PM |
| Public cloud infrastructure | me | 2022/07/17 09:19 AM |
| Public cloud infrastructure | Brett | 2022/07/18 12:38 PM |
| Public cloud infrastructure | Adrian | 2022/07/18 01:19 PM |
| Public cloud infrastructure | me | 2022/07/18 03:54 PM |
| Public cloud infrastructure | Brett | 2022/07/20 03:35 PM |
| Public cloud infrastructure | Brett | 2022/07/21 01:18 PM |
| Public cloud infrastructure | inthestratosphere | 2022/07/21 02:46 PM |
| Public cloud infrastructure | Brett | 2022/07/21 10:38 PM |
| What’s needed for a viable Apple server? | Ben T | 2022/07/22 05:31 AM |
| What’s needed for a viable Apple server? | Michael S | 2022/07/22 09:09 AM |
| More DRAM capacity? | Mark Roulo | 2022/07/22 09:48 AM |
| More DRAM capacity? | Doug S | 2022/07/22 11:05 AM |
| More DRAM capacity? | Mark Roulo | 2022/07/22 11:20 AM |
| More DRAM capacity? | Doug S | 2022/07/22 01:48 PM |
| More DRAM capacity? | Wes Felter | 2022/07/22 04:49 PM |
| Public cloud infrastructure | anon2 | 2022/07/18 04:25 PM |
| Putting 12 processor packages in a 1U server | Ben T | 2022/07/22 10:02 PM |
| Putting 12 processor packages in a 1U server | rwessel | 2022/07/23 07:15 AM |
| Putting 12 processor packages in a 1U server | Daniel B | 2022/07/23 04:15 PM |
| Putting 12 processor packages in a 1U server | Ben T | 2022/07/24 05:29 AM |
| Multi-system cluster design space | Paul A. Clayton | 2022/07/24 08:49 AM |
| Retbleed | Anon4 | 2022/07/15 03:00 AM |
| Retbleed | Michael S | 2022/07/15 06:59 AM |
| Retbleed | --- | 2022/07/15 11:14 AM |