Google y Microsoft confirman SPECTRE #4 Afecta a todo chip moderno

www.theregister.co.uk/2018/05/21/spectre_meltdown_v4_microsoft_google/

"Una variante #4 de SPECTRE ha sido mencionada por investigadores de GOOGLE y MICROSOFT.
Este tiene el potencial de afectar no solo a procesadores modernos ARM, AMD e INTEL sino también a chips de otros sistemas que antes se decían invulnerables como IBM POWER8, POWER9 y SYSTEMZ."

El problema es muy grave, ya que el efecto en ARM, POWER y todos los chips X86, significa que casi todos los gadgets en existencia (celulares, tablets, sistemas computacionales de empresas, cajeros, sistemas "embeeded" ) estarian afectados.

Tanto INTEL como AMD ya están preparando parches en software para mitigar el nuevo variante. Lo bueno? el Parche#1 de intel para SPECTRE hace mas difícil de usar el SPECTRE #4

Variant 4 is referred to as a speculative store bypass. It is yet another "wait, why didn't I think of that?" design oversight in modern out-of-order-execution engineering. And it was found by Google Project Zero's Jann Horn, who helped uncover the earlier Spectre and Meltdown bugs.

It hinges on the fact that when faced with a bunch of software instructions that store data to memory, the CPU will look far ahead to see if it can execute any other instructions out of order while the stores complete. Writing to memory is generally slow compared to other instructions. A modern fast CPU won't want to be held up by store operations, so it looks ahead to find other things to do in the meantime.

If the processor core, while looking ahead in a program, finds an instruction that loads data from memory, it will predict whether or not this load operation is affected by any of the preceding stores. For example, if a store is writing to memory that a later load fetches back from memory, you'll want the store to complete first. If a load is predicted to be safe to run, the processor executes it speculatively while other parts of the chip are busy with store operations and other code.

That speculative act involves pulling data from memory into the level-one data cache. If it turns out the program should not have run the load before a store, it's too late to unwind the instruction flow and restart it: part of the cache was touched based on the contents of the fetched data, leaving enough evidence for a malicious program to figure out that fetched data. Repeat this over and over, and gradually you can copy data from other parts of the application. It allows, say, JavaScript running in one browser tab to potentially snoop on webpages in other tabs, for instance.

Informacion para AMD: www.amd.com/en/corporate/security-updates

Y parece que el fix baja el performance entre 2 y 8 % "nada mas".

www.theverge.com/2018/5/21/17377994/google-microsoft-cpu-vulnerability-speculative-store-bypass-variant-4

Zas! a donde vamos a parar?

Passenger wrote: Y parece que el fix baja el performance entre 2 y 8 % "nada mas".

www.theverge.com/2018/5/21/17377994/google-microsoft-cpu-vulnerability-speculative-store-bypass-variant-4

Zas! a donde vamos a parar?

Esos números parecen ser solo para intel?

Lo cual es risible, porque en ciertos trabajos en donde el IO se usa mucho.. los proces intel pueden llegar a tener hasta 48% de perdida con los meltdown+spectre1+2.
Es una locura, especialmente en el ámbito empresarial de servidores.