By: anon2 (, July 14, 2022 5:37 pm
Room: Moderated Discussions
Anon4 ( on July 14, 2022 5:05 pm wrote:
> anon2 ( on July 14, 2022 4:29 pm wrote:
> > No it wasn't, it was BTB poisoning to influence indirect branches.
> > Branch direction forwards or backwads is not relevant.
> I've had my head to much on CFI recently.... forward edge, obviously branch direction is not relevant.

There seems to be nothing about "forward edge" in spectre vulnerability. It is about indirect branches which use the BTB, return branches can be such indirect branches on these CPUs.

> > Some CPUs use BTB for return branches in some situations. This is not somehow new nor was unknown at the
> > time. It was explicitly called out in a public discussion about the fix several years ago, actually.
> And was thought not to be exploitable, some people thought it was exploitable

That's what I said. Nothing new from hardware standpoint, the only problem is incomplete mitigation for spectre v2. Or if you really want to quibble about semantics, the fact remains that the exact problem was known about and called out when the fix was being discussed. No new hardware vulnerability discovery, this is exploitation of known hole in known incomplete software fix for spectre v2.

> however they could not come up with a practical attack at the time.
> Given the mitigation cost no one was going to roll out an expensive speculative (sic) mitigation against
> an attack which was not thought to be practical at the time. That 'expensive' is in money, performance
> losses cost real money for the hyperscalers and major ones can make a service economically unviable.

Aside, many such security issues that are fixed have *actual* practical attacks demonstrated. Most of this security patching and mitigation has no objective measurement or even metrics that can inform the benefit of fixes.
< Previous Post in ThreadNext Post in Thread >
TopicPosted ByDate
Retbleedanonymous22022/07/13 03:14 PM
  Retbleedanon22022/07/13 10:03 PM
    RetbleedAdrian2022/07/14 12:05 AM
    RetbleedAnon42022/07/14 02:17 PM
      Retbleedanon22022/07/14 04:29 PM
        RetbleedAnon42022/07/14 05:05 PM
          Retbleedanon22022/07/14 05:37 PM
            Retbleedanon22022/07/14 06:40 PM
              Retbleeddmcq2022/07/15 04:54 AM
                Retbleedanon22022/07/17 07:17 AM
              RetbleedMichael S2022/07/15 07:08 AM
                RetbleedBen T2022/07/16 05:06 AM
                  RetbleedMichael S2022/07/16 11:41 AM
                    Public cloud infrastructureBen T2022/07/16 04:50 PM
                      Public cloud infrastructureRayla2022/07/16 09:15 PM
                      Public cloud infrastructureme2022/07/17 09:19 AM
                      Public cloud infrastructureBrett2022/07/18 12:38 PM
                        Public cloud infrastructureAdrian2022/07/18 01:19 PM
                          Public cloud infrastructureme2022/07/18 03:54 PM
                          Public cloud infrastructureBrett2022/07/20 03:35 PM
                            Public cloud infrastructureBrett2022/07/21 01:18 PM
                              Public cloud infrastructureinthestratosphere2022/07/21 02:46 PM
                                Public cloud infrastructureBrett2022/07/21 10:38 PM
                                What’s needed for a viable Apple server?Ben T2022/07/22 05:31 AM
                                  What’s needed for a viable Apple server?Michael S2022/07/22 09:09 AM
                                  More DRAM capacity?Mark Roulo2022/07/22 09:48 AM
                                    More DRAM capacity?Doug S2022/07/22 11:05 AM
                                      More DRAM capacity?Mark Roulo2022/07/22 11:20 AM
                                        More DRAM capacity?Doug S2022/07/22 01:48 PM
                                    More DRAM capacity?Wes Felter2022/07/22 04:49 PM
                        Public cloud infrastructureanon22022/07/18 04:25 PM
                      Putting 12 processor packages in a 1U serverBen T2022/07/22 10:02 PM
                        Putting 12 processor packages in a 1U serverrwessel2022/07/23 07:15 AM
                        Putting 12 processor packages in a 1U serverDaniel B2022/07/23 04:15 PM
                          Putting 12 processor packages in a 1U serverBen T2022/07/24 05:29 AM
                            Multi-system cluster design spacePaul A. Clayton2022/07/24 08:49 AM
            RetbleedAnon42022/07/15 03:00 AM
          RetbleedMichael S2022/07/15 06:59 AM
      Retbleed---2022/07/15 11:14 AM
Reply to this Topic
Body: No Text
How do you spell tangerine? 🍊