Slashdot Mirror
Nvidia GPUs Can Leak Data From Google Chrome's Incognito Mode (softpedia.com)
An anonymous reader writes: Nvidia GPUs don't clear out memory that was previously allocated, and neither does Chrome before releasing memory back to the shared memory pool. When a user recently fired up Diablo 3 several hours after closing an Incognito Mode window that contained pornography, the game launched with snapshots of the last "private" browsing session appearing on the screen — revealing his prior activities. He says, "It's a fairly easy bug to fix. A patch to the GPU drivers could ensure that buffers are always erased before giving them to the application. It's what an operating system does with the CPU RAM, and it makes sense to use the same rules with a GPU. Additionally, Google Chrome could erase their GPU resources before quitting."
Are you sure this isn't God judging your evil deeds?
/duck
/run
> Google Chrome could erase their GPU resources before quitting.
Why blank it when you can write a gaming ad to the buffer instead? #incentives
Why write a gaming ad when you can write a Radeon ad instead? #alsoincentives
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Google have said they won't fix the bug.
cmon no one uses it for anything else.
The AMD Open Source Driver on Linux do the same thing. It's not really a new or spectacular bug, graphics cards and drivers have done that stuff for quite a long while. Once there was also a fun bug that would make large texts in Firefox 'bleed' into the desktop background image, so it wasn't just showing old content, but actively manipulating content of another application.
Comment removed based on user account deletion
I'm less concerned with GPUs not clearing their memory when done (known bug in PCs) and more with the fact that Diablo 3 is just using whatever happens to be in the buffer.
Most programs don't bother zeroing memory after using it for that very reason. Unless the memory has something important in it, usually.
Why does a web browser need GPU for basic web? unless that is a flash or HTML5 driven pron site?
Comment removed based on user account deletion
The performance hit is real - and without custom silicon it's quite expensive. This bit me on the ass recently on a GPGPU project I was working because the amount of time taken to clear the buffer before use was about 10x the amount of time to actually do the computation.
It's been shown that you randomly snag other running applications data by initializing new framebuffers and seeing what happens to be in them.
The problem is that your graphics card simply cant zero out chunks of ram every time an application requests them, not if you want your high performance rendering for your video games. This issue is an old one, and one that's tied to the hardware architecture itself, and can't be fixed as easily as the submitter seems to think.
Personally I just think Chrome is becoming more mucked up by the version. I used to think it was the best browser, but I definitely think Google is going down the Firefox path of over playing serious bugs and continuing to update without fixing the important stuff. I mean it might set all the records for compliance and standards.
But crashes happening regularly, Pepper Flash is awful, I get so many page rendering issues and CPU cycle pegs from Chrome helper on both Mac's and Windows its not funny anymore. I would like to ask a Google employee sometime what the fuck kind of browser do they use? It must not be Chrome.
Leave the memory better than you found it.
Been doing this stuff for years and it never even occurred to me that this could be an issue. By "cleaning" up the memory usage on shutdown I just made sure I free'd the memory, not clearing it on the way out.
JVM and .NET VM makers take note - You could add this to your GC and shutdown code and give all programs automatic support for this easily.
Comment removed based on user account deletion
I love Google's support answer to all issues. Turn off hardware rendering. Really, that's what all the brains tell people with issues. Just turn off hardware rendering.
Seriously Google, you cannot fix shit so just tell people to disable it. I'm beginning to wonder why I still use Chrome these days? I guess only because Firefox still sucks and I find nothing other then Chrome that works on both Mac and PC's.
I've seen this happen in Firefox.
Out of curiosity, in terms of 'what should be done', is the idea that an application should be responsible for clearing memory before releasing it considered a good practice; or is it considered a least-worst option to deal with the fact that the OS can't necessarily be trusted to do the job properly?
Speaking as a complete layman, I would think that, just as handling memory allocation is usually left to the OS, in an ideal world the OS' memory allocation mechanism would also be responsible for clearing something before allocating it to some other process, rather than relying on every last random application to behave correctly.
Is that a "No, so wrong I'd need to spend ages teaching you enough to even understand why it's stupid." situation? A "It'd be nice, but since we can't trust the OS we clear memory before we release it if we are concerned about it." or a "Too much overhead to do universally; but having a mechanism to tell the OS 'this memory is now free, needs cleaning' would be nice" situation?
Surely the GPU can zero hardware quickly though.
Comment removed based on user account deletion
The multi-tab view in iOS has a similar "bug" where if you're viewing something in private mode the jpg preview for that tab remains even if you change pages/open new/close that specific tab. Can't recall the exact steps to reproduce consistently but I've noticed it several times.
It's considered good practice, the applications could also zero it out but you can infer the memory manager has 'cleared' the memory, too. This is how heap attacks happen, though, in some cases. Trusting what's in memory is generally considered to be bad, even if it's 'your' memory. Now, when it comes to GPUs performance is king -- millions of a second matter as the impacts are generally multiplied by literally billions of operations. And what you're describing I believe is sometimes attributed to garbage collection; basically it scrambles or writes out data as it's freed but this is rare and not the norm.
I use "incognito mode" all the time. Anytime I see some interesting link on Facebook, I always open it in incognito mode. Just one more level of protection against associating the link with my account or leaving behind unwanted trash.
I also find it very useful for news sites that let you have a certain number of articles free before throwing up a paywall. Using incognito mode resets the counter back to zero.
I cannot believe you on this. How was this done? Using cudaMemset, clEnqueueFillBuffer or something equivalent? Or your own code (coalesced memory access...)?
This has always been a problem, practically since the dawn of computing. That problem is: leaving trash everywhere.
And, this is as much a real life problem as it is a problem in the computing space. Have you ever seen a developer's work area? There's garbage everywhere - empty hot pocket boxes, empty cans of red bull, crusty kleenex all over the floor from late night fap sessions to animated hentai porn, and so on. Is it any wonder that these poor real-life hygiene habits make it into the code they write?
No developer I've ever had the misfortune of working with has ever cared about cleaning up resources after they are used.
The performance hit for overwriting 4 gigs (or usually less) of RAM on *process or thread shutdown* shouldn't be that onerous... should it? I could be missing something about when it frees it.
Question from a layman: Do GPUs have a physical-virtual memory mapping? Ex: Could process A get space on the GPU, then when process B requests memory, the GPU would give process B the physical pages process A used to have (while copying the actual data over) to defragment the physical pages, leaving B with a copy of what A used to own? Or, perhaps process B requests so much memory that the texture space requested by process A gets paged out to main memory?
-Bucky
If that's the case then Nvidia should really be on the hook for this rather than Google.
If the memory space is unallocated then the card should zero out any memory space that was recently released whenever the card isn't under heavy load.
I'm not 100% certain this is true. The GPU, unlike the system / main CPU doesn't necessarily have overview of the applications that are using memory (and the execution stats of said applications) as that usually is the purview of the OS (and thus the clearing of memory after an application / thread / process completes is typically an OS feature). If the above is true, it's then more a matter of the OS also remembering to clear the GDDR RAM used, along with the system RAM (or the Graphics allocated system RAM in the case of shared memory) when a process terminates.
This would probably be easier and safer than the other option asking the graphics driver to monitor all processes and perform clearing out from under the OS. This would be the only way I can see of putting the handling of the memory management for the graphics card under the graphics card's production company.
*-- I am not an OS or hardware programmer, please take the above more as a question than a statement and feel free to point out areas where I am wrong or oversimplifying things.
Nope, it's Google selling "porn mode", it should be up to Google to avoid your feeelthy pictures lying around.
Watch this Heartland Institute video
What GP says is not that clearing memory is slow, but that his particular (stage of) computation is fast.
If you have broken your task into infinitesimal pieces and slap some bookkeeping code such as clearing memory onto each and every one, it will get expensive. If you use a less chatty design and only clear memory on startup of a complete calculation, instead of for each stage, the overhead becomes a lot less noticeable.
The GPU, unlike the system / main CPU doesn't necessarily have overview of the applications that are using memory
I thought per-process allocation of video memory was one of the big changes from Windows XP and DirectX 9 to Windows Vista and DirectX 10 that required changes to drivers to support the new Windows display driver model (WDDM).
The GPU memory is not handled by the OS, it runs on a separate piece of hardware, a full computer system if you allow, that does not run an OS by itself.
The NUMA API for using nVidia cards for GPGPU operations is quite simple and straightforward; when requesting memory, it allocates a chunk; when releasing it, it's just marked as "not yours anymore". Due to the massive parallel programming model, there is even some *value* in not clearing it, as for algorithmic iterations sometimes you can save the cost of populating and freeing memory blocks if you know you will get the same pieces of RAM (or if it does not really matter, and each algorithmic pass can work exclusively on a given set of data until a certain point has reached — think i.e. symmetric encryption schemes).
Due to every time more intelligent C compilers (and of course higher level constructs) we have got used to memory being zeroed out on assignation, but no AFAICT no standard mandates that. I would place the burden of cleaning the memory on the *initialization* of the new application. After all, be it pr0n or just random flipped bits, Diablo looks bad by starting with the display of digital noise.
I don't think it should be *too much* of a concern for Chrome cleaning up before closing a tab. Yes, there is a certain thing about it being "incognito mode" that should be honored, and –as a special case– it *should* ensure to clean up its act. But the main fault I'd say is at Diablo.
This is not the responsibility of any application to fix. Any app could crash/be killed at any time before any of its own attempts to clean up get executed. This lands squarely in the domain of the OS--to enforce clean and secure separation of resources between processes and users.
You don't need to memset after use because the multitasking/mutliuser OS will clear pages as they are mapped. Otherwise any process under any privilege could scan the whole ram for previously mapped information such as password or content of file otherwise restricted.
It is a bug that the driver do not clear the frame buffer/texture when they are mapped. There is no performance penalty to fill with zero one time at start-up memory that will be filled 60 time per second with millions of polygons. Nvidia need to fix this shit.
Gee, what a surprise.
However clearing the buffer for a single frame (a single time) probably takes on the order of a few ms total which is miniscule compared to the time to actually terminate the process. If we're talking about rendering dozens of frames a second, say in a game, that's a different story.
If the memory space is unallocated then the card should zero out any memory space that was recently released whenever the card isn't under heavy load.
Nope, because that's a feature exclusive to Tesla and Grid.
Yes, nvidia is crippling security on their consumer cards to sell you the "professional" version.
Are you claiming that graphics drivers under GNU/Linux cannot tell whether the same process allocated two different chunks of video memory? If so, this is a security advantage of Windows over GNU/Linux, and GNU/Linux developers need to get their act together to fix it.
This has been the case for video cards pretty much since the beginning. You could even write batch files into video ram and then have a program execute after a warm boot and then run the code. Did this as a proof of concept on a VGA/Hercules combo (two separate cards). So, it's a feature, if you decide to see it that way.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Has anyone noticed the same sort of thing with different Linux distributions and am hardware? Where the next login with briefly show the last thing from the previous session. It only shows the bottom 1/3 for me most of the time with lots of noise around the middle.
I had an old PC with an ATI Radeon card that did almost the same thing. Sometimes after restarting the PC after a crash, the first screen after the bios loaded was a screenshot like image of whatever was on the screen before the crash for a few seconds. It also happened on an even older PC with only integrated graphics. I think that one was an Intel graphics chip on an old HP Pavilion.
Well I'm not saying that exactly. The OP pointed out security feature on Windows that may or may not have solved this. I don't know if that feature exists on Linux or not. It would actually be harder to implement on Linux since AFAIK there is only one X Server process. But this isn't my area of expertise.
Both Chrome and Firefox should clear the GPU cache with EVERY RELOAD of a page! It's a huge, unpatched bug, which can very easily crash the browser.
I'll thread this here so that hopefully tepples sees it too. Sometimes it's great to hit the threads late - I usually try to not go further forward than page 1 (unless I am all caught up) for that very reason. Oh, I work back to forward from the eldest unread thread.
Neither of which is here or there.
I could put this almost anywhere in this thread and, I think, it'd be perfectly on-topic. This is absolutely the best, most educational, insightful thread I have read on Slashdot in a *very* long time. This, this thread, is why I come here. Oh, I get great answers all the time but I'm actually in the process of re-learning some programming because my brain's getting mushy (opposite, really, it's plasticizing as happens with age) and this? This tells me a bit about how much I have missed.
I didn't do much of my own coding after about 1998. Yup... I'd say I did a bit more until 2000. Then I might have helped out with some suggestions (they'd moved to C++ and my code had been in C) or ideas for a while after that but I never actually typed a single line, comment, or made any commits. Instead, at most, I may have given a suggestion as to ways I thought of that they might be able to reach the goal - sometimes good, sometimes not so good. I am not a programmer -- I learned to program (some) because I had to.
It might even be accurate to say that I didn't do /most/ of my own programming after some time in the middle/late part of 1996. That's almost twenty years ago and I can still kind of remember the feeling of turning "my baby" over. I shit you not, it was a lot like seeing your kid go off on their first day of school - perhaps their first day of college. You're letting someone else control the destiny of something that you've invested your life in and, equally important and counting sharp ass metal bits inside of computers, you've spilled your own blood for it. I'd actually be surprised if nobody here knew what I was talking about - perhaps even better than I do.
I asked a question, above, and - after reading all this, I think it's still a fine question for me as I've not yet truly got an answer but I think I do. (Chrome might not have permissions to actually control the memory on the GPU or, perhaps, doing so is resource intensive - is that a penalty hit worth it for more anonymity in something called "incognito mode?") That was not, by the way, my question up above. Just stating what I've learned (or not) from reading this far down.
This is absolutely fascinating and really topical for me at this point. While I am looking at two specific languages, I'm trying to get my brain to work right again - thinking in terms of how and not the specifics. That's a greater process than it used to be and, well, far more complex than it was some 15+ years ago.
I guess what I'm getting at is that this is a fine place to express my gratitude. This was one of the reasons I had my first account long ago, have this account now, and return frequently. That's an overly complicated way of trying to thank not just you, nor just the people who are taking the time to answer, but also to thank those for asking questions that I might not have thought of on my own. Mushy sentiment? Sure but heartfelt and sober sentiment and true gratitude. Thanks Slashdot. We seriously should form a board and buy this place and let the community run it as a non-profit. Maybe I should look into that when I get back to Maine.
"So long and thanks for all the fish."
Now that I think about it and sorry to reply to myself - but, does this still work if you have disabled 'hardware acceleration' or started it from the terminal with the --disable-gpu-composting because if that's enabled then I think the browser just uses the regular RAM and not the GPU's RAM?
I'm quite positive that I'm missing something because it can't be that easy. I'm gonna scroll down the thread again. I keep getting stuck every few posts and ending up reading a few links from Google just to help me make sure that I'm understanding enough this to actually be able to benefit from it.
"So long and thanks for all the fish."
Does this non-clearing of memory then also apply to the HDMI audio stream as well? How close to real time could an exploit then grab both video and audio from a compromised machine?
I have seen yesterday's game come on the screen when first booting into some environments. Data remains. For a long time.
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
Even on my Mac OS, running Minecraft, I see this. When Minecraft starts up, it opens a window, displays what ever is in the graphics memory, and then eventually clears it out and shows it's welcome window.
That graphics memory can be anything from screen rendering pieces, to other window data, etc.
I wonder if anything would survive a logout, and then someone else logging in?
Comment removed based on user account deletion