Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws

Catalin Cimpanu, reporting for BleepingComputer: Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995." Google says the two bugs can be exploited to "to steal data which is currently processed on the computer," which includes "your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents." Furthermore, Google says that tests on virtual machines used in cloud computing environments extracted data from other customers using the same server. The bugs were discovered by Jann Horn, a security researcher with Google Project Zero, Google's elite security team. These are the same bugs that have been reported earlier this week as affecting Intel CPUs. Google was planning to release details about Meltdown and Spectre next week but decided to publish the reports today "because of existing public reports and growing speculation in the press and security research community about the issue, which raises the risk of exploitation."

Almost All processors

[dehachel12]

Shouldn't that be : Almost All Intel processors?

Re:Almost All processors

[Lothsahn]

No. Spectre affects AMD and ARM as well (and likely other architectures too).

Best I can tell, the only CPUs guaranteed not affected by both are in-order architectures, which many older ARM (and extremely old x86) chips are.

These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.

Re:Almost All processors

[AHuxley]

"“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws"
https://arstechnica.com/gadget...

Re:Almost All processors

[Lunix+Nutcase]

They didn’t say AMD was vulnerable to Meltdown. Do you have the reading comprehension skills of stone?

Re:Almost All processors

[beelsebob]

Yes - but both AMD and ARM are affected by Spectre, which there is NO KNOWN FIX for.

Re:Almost All processors

[Excelcia]

I just read the papers and it's actually a fascinating, and deceptively simple method. Out-of-order execution and execution prefetching causes a CPU to pre-execute instructions that are later on in the chain. If my program performs a divide-by-zero, which will cause an error when it happens, instruction pre-fetching and out of order execution has already in whole or part executed the instructions that happen after the error. So, you write your program to do this:

Something legal
Fork
Child:
Divide by Zero
Read of illegal memory

Parent:
Wait for child to crash
Read the prefetch cache to see what the out-of-order execution put in the cache when it read the illegal memory

In case that's not clear, a program forks. The child process induces an error, but after the error it has an instruction which would not normally be allowed, such as reading a portion of memory it wouldn't normally be able to. Out of order execution will already have begun performing the instruction, and because it doesn't have as rigorous controls on it, it actually reads the memory into the cache. This wouldn't be an issue, except there are ways to determine what a prefetch instruction resulted in. So the parent process waits for the child to crash and then it uses those instructions to determine the results of the prefetch which means you have just bypassed memory protection.

Re:Almost All processors

[Lunix+Nutcase]

Of course it’s a flaw. It’s an unintended side-effect of speculative execution.

Re:Almost All processors

[Excelcia]

Please read the article. From it:

Google says that they've tested and verified Spectre against Intel, AMD, and ARM processors, and the attack affects desktops, laptops, cloud servers, and smartphones. The attack is also believed to affect almost all CPUs released in recent years.

Meltdown uses out-of-order execution and a side channel attack that is unique to Intel. Spectre uses speculative execution and is more generalized, with tested proof-of-concept attack code on AMD and ARM.

Re:Almost All processors

[zifn4b]

These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.

Not really. Sophisticated security attacks written in ASM have been around for decades. I have a friend who has worked for a decade as a security contractor for federal agencies and they are well aware of this sort of thing. I think what's happened is the knowledge to be able to architect these types of exploits is known to a relatively small group of people that have highly specialized knowledge. Most of the exploits we see these days are effectively script kiddies but in some cases very effect. Back in ye olden days when DOS roamed the earth, the black hats were a lot more evil and had a lot more knowledge. We should be thankful script kiddies are not that savvy. I recall (Satan bug?) would inject itself into the BIOS Flash memory and operate from there. Others would hide in the MBR and be executed during the boot strapping process of a hard drive which is essentially start executing at the beginning of storage memory. What they would do is put their own code there or jump to where their code was, load into memory and then jump back so that the user was none the wiser. Not real keen on seeing these types of hackers re-surface. Ugh.

Re:Almost All processors

[AHuxley]

Re but one should at least entertain the possibility that it was.
A hardware version of PRISM? https://en.wikipedia.org/wiki/...
Room 641A Inside https://en.wikipedia.org/wiki/... most computers?
It was interesting how much of the NSA ANT catalog https://en.wikipedia.org/wiki/... connected to a computer rather than was able to work internally on a CPU as shipped?
Is the world missing the other part of the CPU catalog thats still doing collect it all missions?

Re:Almost All processors

[ilguido]

Meltdown is the real problem here and that affects only all Intel CPUs since 1995 (except for Itanium and pre-2013 Atom) and one [sic!] ARM chip (I think Cortex-A75).

Spectre is linked to two vulnerabilities: the first one is difficult to exploit and solvable via software, the second one is very difficult to exploit. Spectre allows to read memory from the same process, so it is an issue only for JIT and VM code. Meltdown allows to read memory everywhere.

Re:Almost All processors

[PincushionMan]

the AMD K5 was AMD's first processor and released in 1996

I know I had an AMD 386DX/40. Intel was pretty expensive back then, and I couldn't have purchased the processor for what I paid for the whole full tower unit. Okay, so it was the Am386. You likely recall the K5 release name because they renamed the 586 the Pentium and the 686 the Pentium Pro, and they sued AMD and Cyrix for using the numbers 486 and 586. Ultimately Intel lost. However, to shield itself from lawsuits, AMD had no choice but to name their processor the K5. Also, Cyrix (now Via) named their processors the 5x86 and the 6x86.

Re:Almost All processors

[twdorris]

My bad.

Are you sure you're on the right forum? This sounds suspiciously like owning up to an honest mistake and moving on. That's not going to cut it around here.

Re:Almost All processors

[blind+biker]

No. Spectre affects AMD and ARM as well (and likely other architectures too).

Best I can tell, the only CPUs guaranteed not affected by both are in-order architectures, which many older ARM (and extremely old x86) chips are.

These attacks are a sort of new category of security analysis--realizing that out of order execution can have side effects, and that programs can check for those side effects to leak program state and system memory.

Spectre is a red herring - there is no known way it can be exploited. Meltdown is far more dangerous and it can be exploited RIGHT NOW with a simple Javascript executed in a browser. Researchers demonstrated a Javascript exploit that uses Meltdown - and there is no telling who has already been compromised. But one thing is sure: non-Intel users have not been compromised.

Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations. And your posts smells a bit of sockpuppetry.

Re:Almost All processors

[ilguido]

It is totally the other way around. Meltdown has no fix: you have to entirely skip the hardware feature via software and take the performance hit.

Spectre is already patched on some ARM processors (note that many ARM processors are not affected by Spectre), while AMD says that it should be patched in the software affected. Since Spectre only refers to leakages of memory in the same process, it is only a problem for JIT and VM stuff (e.g. browsers and their Javascript, wait for a browser update in the next few days).

Re:Almost All processors

...The fact that every modern processor has the same vulnerability suggests that perhaps this was designed into them at some point. I have no evidence that this was designed in, but one should at least entertain the possibility that it was.

Perhaps we should entertain the possibility that the revelations of Edward Snowden scratch the fucking surface as to the deceptive power and control that the US government holds over US corporations.

I'd say there's more than enough evidence to suggest this is no fucking "flaw". In fact, the timing of it all tends to suggest the Clipper chip program didn't just go away in the late 90s; it was superseded.

Re:Almost All processors

[Misagon]

SPARC, MIPS and PowerPC may be fringe but they are still out there in the fringe for servers and/or supercomputers.
Several CPUs of each architecture were released in 2017.

IBM's POWER chips have supported the full PowerPC ISA for a decade and its performance is very competitive to Intel XEON, if not surpassing.

Oracle (which had bought Sun) closed their SPARC processor group last year though. Fujitsu may still be active.

Chinese Loongson makes MIPS processors at 1.5GHz, but they would need to step it up to compete.

I have not checked PowerPC or SPARC but MIPS is not vulnerable to Meltdown. Linux on MIPS can not leak any kernel pages -- simply because MIPS does not do paging in kernel mode.

Re:Almost All processors

[MSG]

No. Spectre affects AMD and ARM as well (and likely other architectures too).

AMD CPUs were demonstrated to be vulnerable to Spectre under Linux only in a non-standard kernel configuration. In the standard configuration, they demonstrated "the ability to read data within the same process, without crossing privilege boundaries."

It's possible that future research will reveal vulnerabilities on AMD CPUs, but as of now, I don't see that one has been verified under the standard kernel configuration. (So don't enable eBPF JIT)

Re:Almost All processors

[Opportunist]

Damn right, that's not how you play /., you insist that you're right and make a complete ass out of yourself. You can't just go and say "my bad", that's not allowed here.

I so unsubbed to your channel!

Re:Almost All processors

[dryeo]

K5 was the first totally in-house designed AMD CPU and one of the first to do out of order execution, which is what these bugs exploit. Whether it is actually vulnerable would have to be tested.
https://en.wikipedia.org/wiki/...

Re:Almost All processors

[zifn4b]

Oh, for FFS, at least get your facts straight.

K5 was AMD's first processor? I must have imagined a whole heap of their processors which I owned and used before that one... And meltdown STILL doesn't affect AMD, all we have on that front is speculation from intel and their fanboys who wants to paint everyone else with the same tar brush.

I should have said the AMD K5 was AMD's first in-house processor. The whole history is right here. No fan boi nonsense just facts. If you don't like facts, I can't help you.

Re:Almost All processors

[JaredOfEuropa]

Interesting. I can see why the speculative instruction to read a memory location wouldn't be subject to all checks, but in that case why does the parent process even have access to the prefetch cache? Either that access needs to go, or the speculative memory read needs to be subject to all regular controls.

Re:Almost All processors

[ilguido]

Well, not really. Spectre is a problem only for applications that run trusted code alongside untrusted code (i.e. interpreters, JIT vm), that is a small subset of all software. Why do you want to tamper all your software, then?

Re:Almost All processors

[sl3xd]

Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations.

I'd caution against a false sense of security, based on one's choice of processor for your personal desktop.

There's no disagreement that "Meltdown" is the greater problem, and affects pretty much any Intel chip still functioning. It's important to remember that it's virtually guaranteed that connect to many servers that uses an affected processor every day. Those of us who maintain cloud infrastructures are particularly unhappy with the situation.

The fact that Meltdown is worse shouldn't distract from the fact that Spectre is bad.

The paper on Spectre is written by a number of people working for a number of organizations, but Intel isn't one of them. It has the following statement:

We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones

They go on to state they've verified the weakness on x86 using C and JavaScript (+ Google V8 JIT) bytecode.

Much like JavaScript cryptocurrency mining , the fact that something is hard doesn't mean it's not worth doing to those interested, and having browser-based JavaScript exposing data isn't a good thing.

Meltdown can be fixed fairly easily (AMD certainly shows it's possible to avoid the problem). Spectre, however, will be with us for a long time.

Re:Almost All processors

[silverdirk]

The attack checks which rows of cache got evicted by reading across a large array, requesting behavior by another process, and then re-reading the array timing how long each read takes. Each iteration of the attack reveals a byte of memory by identifying which cache row it affected.

Re:Almost All processors

[swillden]

Spectre is a red herring - there is no known way it can be exploited.

Yet.

non-Intel users have not been compromised

So far.

Frankly, this whole hoopla about Spectre seems like a well orchestrated deflection stunt by Intel PR operations. And your posts smells a bit of sockpuppetry.

Intel had nothing to do with it; all three issues were found by Google Project Zero (who didn't name them; GPZ doesn't do silly vulnerability marketing games), and then independently by other researchers.

Note that I'm not trying to defend Intel. I'm an AMD fanboy from way back, and I'd love to see this give AMD a major boost in sales for a few years. But let's not get overconfident. This is a brand new class of attack and few security researchers have focused on it yet. There will be more attacks.

Re:Almost All processors

[martyros]

Spectre is a red herring - there is no known way it can be exploited.

Google has exploited it. Look at Google Project Zero's write-up of these bugs. Spectre corresponds to "Variant 1 and Variant 2" in that blog post. You'll see that they successfuly exploit both, the second from a KVM guest.

It is true that Google cheat a little here, by using Linux's eBPF JIT engine (which, I hear, is normally disabled by default). From the blog post:

To be able to actually use this behavior for an attack, an attacker needs to be able to cause the execution of such a vulnerable code pattern in the targeted context with an out-of-bounds index. For this, the vulnerable code pattern must either be present in existing code, or there must be an interpreter or JIT engine that can be used to generate the vulnerable code pattern. So far, we have not actually identified any existing, exploitable instances of the vulnerable code pattern; the PoC for leaking kernel memory using variant 1 uses the eBPF interpreter or the eBPF JIT engine, which are built into the kernel and accessible to normal users.

Re:Almost All processors

I once had a job with a company contracted to install server farms for the DOD and some other agencies. I had a fairly low level clearance and was hired right away. I was promoted when they found out I had a Solaris cert, becasue most of the server farms were running Sun blade servers with Sparc processors even though intel blades which were faster and cheaper were available.

One day, at lunch, I asked about this, and his comment stuck with me. he basically told me that most of the DOD and other intelligence agencies want to put in a varied amount of architectures to prevent a "uni-culture" that makes security of the nation compromised, should vulnerabilities incapacitate whole networks using one architecture. He told me that it was getting harder and harder as vast variety of architectures were disappearing in the face of competition from Intel, with only some companies with architectures out side of the x86 being kept alive by specialty needs and government contracts. The next month, he told me (although this was not a secret) he was supervising an installment of servers that will run OpenVMS.

As more and more architecture and OS become deprecated, we are fast falling into an architectural uni-culture that will be deleterious to national security.

Re:Almost All processors

[bongey]

No you are confused, reading other processes ONLY applies to Intel processors.

Re:Almost All processors

[bongey]

Only on Intel processors. AMD processors check the address of the read before actually reading it, thus there is nothing in the cache.

They did not test AMD or ARM

[Zorpheus]

You can find this information at the end of the article:

At the time of writing, Google believes that "every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013)" is affected by Meltdown. Google says it verified Meltdown only against Intel CPUs, but not ARM and AMD. Nonetheless, Intel has a market share of than 80% on desktops and more than 90% on the laptop and server markets, meaning that a large number of desktops, laptops, and servers are affected.

Re:They did not test AMD or ARM

[Misagon]

No, they did test their Meltdown code on AMD and ARM but were not able to reproduce it on the chips they tested on.
That does not prove that a Meltdown-like attack on AMD or ARM is impossible, either on a different chip they did not test on or with a tweaked version of Meltdown.

From the actual article ("meltdown.pdf"):

We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD. The reasons for this can be manifold. First of all, our implementation might simply be too slow and a more optimized version might succeed. For instance, a more shallow out-of-order execution pipeline could tip the race condition towards against the data leakage. Similarly, if the processor lacks certain features, e.g., no re-order buffer, our current implementation might not be able to leak data. However, for both ARM and AMD, the toy example as described in Section 3 works reliably, indicating that out-of-order execution generally occurs and instructions past illegal memory accesses are also performed.

Re:They did not test AMD or ARM

[Zorpheus]

Yes. What we read in this article is: Google believes that AMD is vulnerable, but they could not prove it. What we don't read here is: AMD says they are not vulnerable.

Re:They did not test AMD or ARM

[neo00]

Meltdown only impacts Intel processors. Meltdown can be thought to be a special case of Spectre that exploits an Intel-specific flaw that makes it simpler to execute the exploit.

Spectre, which is more of a generalized class of attacks, but more difficult to implement, impacts Intel, AMD, and ARM as per the original spectre paper. https://spectreattack.com/spec..., from which I quote:

Hardware. We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.

and

Unlike Meltdown, the Spectre attack works on non-Intel processors, including AMD and ARM processors. Furthermore, the KAISER patch [19], which has been widely applied as a mitigation to the Meltdown attack, does not protect against Spectre.

References:
Spectre https://spectreattack.com/spec...
Meltdown https://meltdownattack.com/mel...

Re:They did not test AMD or ARM

[sl3xd]

The paper also appears to insinuate that RISC-V and MIPS might be vulnerable as well.

RISC-V is so new it's not widely deployed, but MIPS... well, that's in most routers.

Better link and description than story

[xxxJonBoyxxx]

https://meltdownattack.com/

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.

Re:Better link and description than story

[martyros]

There's a pretty good summary in the XenProject Security Advisory:

Processors give the illusion of a sequence of instructions executed one-by-one. However, in order to most efficiently use cpu resources, modern superscalar processors actually begin executing many instructions in parallel. In cases where instructions depend on the result of previous instructions or checks which have not yet completed, execution happens based on guesses about what the outcome will be. If the guess is correct, execution has been sped up. If the guess is incorrect, partially-executed instructions are cancelled and architectural state changes (to registers, memory, and so on) reverted; but the whole process is no slower than if no guess had been made at all. This is sometimes called "speculative execution".

Unfortunately, although architectural state is rolled back, there are other side effects, such as changes to TLB or cache state, which are not rolled back. These side effects can subsequently be detected by an attacker to determine information about what happened during the speculative execution phase. If an attacker can cause speculative execution to access sensitive memory areas, they may be able to infer what that sensitive memory contained.

Furthermore, these guesses can often be 'poisoned', such that attacker can cause logic to reliably 'guess' the way the attacker chooses. This advisory discusses three ways to cause speculative execution to access sensitive memory areas (named here according to the discoverer's naming scheme):

SP1, "Bounds-check bypass": Poison the branch predictor, such that operating system or hypervisor code is speculatively executed past boundary and security checks. This would allow an attacker to, for instance, cause speculative code in the normal hypercall / emulation path to execute with wild array indexes.

SP2, "Branch Target Injection": Poison the branch predictor. Well-abstracted code often involves calling function pointers via indirect branches; reading these function pointers may involve a (slow) memory access, so the CPU attempts to guess where indirect branches will lead. Poisoning this enables an attacker to speculatively branch to any code that exists in the hypervisor.

SP3, "Rogue Data Load": On some processors, certain pagetable permission checks only happen when the instruction is retired; effectively meaning that speculative execution is not subject to pagetable permission checks. On such processors, an attacker can speculatively execute arbitrary code in userspace with, effectively, the highest privilege level.

The "some processors" for SP3 means Intel.

Re:Now I am confused

[Lunix+Nutcase]

No, KPTI doesn’t help for Spectre.

Easy Fix

Just patch all the CPUs so they process things introspectively, with a glass of wine and some light jazz.

486

[thegreatbob]

Time to bust out my 486!

Vulnerability comes down to race condition

[JoeyRox]

I read through Google's Meltdown paper (https://meltdownattack.com/meltdown.pdf). While there are several cumulative vulnerabilities that make this exploit possible, the most important of which is kernel address-space discovery via speculative data accesses which leave DCACHE lines in their wake, the root vulnerability of actually being able to read the contents of data comes down to an exception race condition. From the document:

1 ; rcx = kernel address
2 ; rbx = probe array
3 retry:
4 mov al, byte [rcx]
5 shl rax, 0xc
6 jz retry
7 mov rbx, qword [rbx + rax]

Listing 2: The core instruction sequence of Meltdown. An inaccessible kernel address is moved to a register, raising an exception. The subsequent instructions are already executed out of order before the exception is raised, leaking the content of the kernel address through the indirect memory access.
...
When the uOPs finish their execution, they retire inorder, and, thus, their results are committed to the architectural state. During the retirement, any interrupts and exception that occurred during the execution of the instruction are handled. Thus, if the MOV instruction that loads the kernel address is retired, the exception is registered
and the pipeline is flushed to eliminate all results of subsequent instructions which were executed out of order. However, there is a race condition between raising this exception and our attack step 2 which we describe below.

And why AMD and ARM may not be vulnerable to Meltdown:

6.4 Limitations on ARM and AMD
We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD. The reasons for this can be manifold. First of all, our implementation might simply be too slow and a more optimized version might succeed. For instance, a more shallow out-of-order execution pipeline could tip the race condition towards against the data leakage. Similarly, if the processor lacks certain features, e.g., no re-order buffer, our current implementation might not be able tol leak data. However, for both ARM and AMD, the toy example as described in Section 3 works reliably, indicating that out-of-order execution generally occurs and instructions past illegal memory accesses are also performed.

Google says no such thing

[nagora]

Someone at Intel has spun BeepingComputer - Google said that nearly all CPUs MADE BY INTEL since 1995 are likely to be vulnerable. Way to rescue your stock price, man. Good work from msmash and /. for repeating the lie too.

How does Javascript make illegal mem references?

[Sloppy]

One of the things I've seen flying around, is some people are saying this can be exploited in a web browser, thanks to Javascript JIT-compiling to machine code.

I am pretty damn out of date on Javascript compilers, so I was hoping someone could explain how this is possible. Javascript doesn't have pointers. I'd think that if a Javascript programmer is capable of writing Javascript code that compiles in such a way that the programmer can create a pointer of their own making (perhaps pointing to kernel memory) and can cause code to dereference that pointer, we would all call that a severe and inexcusible compiler bug.

I mean, even if there were no processor flaw at all, but the Javascript-compiled-to-x86 code could read arbitrary memory in its own browser process, that alone would be a severe web-user-killing nightmare. How is that not a compiler bug?

Am I mistaken that a Javascript exploit is possible?

Re:How does Javascript make illegal mem references

[CustomSolvers2]

Am I mistaken that a Javascript exploit is possible?

The fact that a given programming language gives you more or less freedom regarding how to deal with the memory management aspects doesn't change the fact that the generated applications rely on memory. In any case all these bugs seem fairly theoretically and very difficult to be actually exploited. It seems more a matter of making sure that computers are 100% safe at their most basic level than actually avoiding imminent threats.

arm32 versus AArch64

[emil]

32-bit ARM may be safer, because speculative execution is much, much more difficult there.

The program counter is a visible register that can be manipulated by any opcode - an explicit JUMP or BRANCH is not necessary. This makes branch prediction mostly impossible.

Most opcodes are conditional. This dependency between adjacent instructions is also a huge obstacle for speculative execution.

32-bit ARM is mostly in-order for these reasons.

https://www.jwhitham.org/2016/02/risc-instruction-sets-i-have-known-and.html

Design errors, like having r15 as the program counter or making every instruction conditional, are problems for CPU architects rather than programmers, and it's no surprise that they disappeared in the 64-bit version of the ARM architecture. They must have made it awfully hard to implement superscalar, out-of-order execution.

Re:arm32 versus AArch64

[tlhIngan]

32-bit ARM may be safer, because speculative execution is much, much more difficult there.

The program counter is a visible register that can be manipulated by any opcode - an explicit JUMP or BRANCH is not necessary. This makes branch prediction mostly impossible.

Most opcodes are conditional. This dependency between adjacent instructions is also a huge obstacle for speculative execution.

32-bit ARM is mostly in-order for these reasons.

:

This attack is a side effect of out-of-order execution. This did not happen to ARM until the Cortex A8 line of processors (Cortex A7 was still in-order). Not to be confused with ARMv7/ARMv8, since Cortex A7 and A8 implement ARMv7.

And yes, even in 64-bit ARM PC is a user-visible register - AArch32 and AArch64 are very similar to each other down to instruction coding, too. The only big thing AArch64 eliminates is conditional execution which ARM found with the Cortex A8 to interfere with superscalar execution. But just because it's harder to speculatively execute doesn't mean it's impossible. It just means you execute the instruction and then evaluate the condition later - if the condition turns out to be false, you retire the instruction without posting the effects to the architectural registers. If the instruction is true, you retire it normally. Either way, you consume the same time (an instruction not executed conditionally on ARM is considered a NOP and only wastes processor time. This fact alone makes it worthwhile to execute all conditional instructions and retire them when the end result of the condition is known - you're using up time anyhow).

Also, I'm sure the Cortex A8 notes which instructions potentially could adjust the PC (the register field of every instruction is well defined, so it's trivial to examine it and determine if it's the PC. In fact, a JMP is syntactic sugar for a MOV, as is RET. They are internally MOV instructions (you'll note that every function ends with "mov pc,lr", which moves the link register (old PC before call) to the PC, thus returning.

Modern thumb interworking though uses "blx" which is branch-to-link-and-exchange because you need to load both the LR and the old CPSR register (which controls the THUMB state), so you return back to the right mode and is the only way if you're mixing ARM and THUMB instructions together (aka interworking).

Spectre vulnerability vs. bad design

[DrYak]

If the defect is in the microcode and they patch it in software, isn't it still vulnerable?

The defect that is happening, is that (by careful timing of cache) it's possible to see information to which the process has full access anyway.

The stupidity of some browsers is to store sensitive information in the same process as where the remotely provided javascript is JITed and executed, relying on "well, we do array boundary checks before reading them, so we should be safe from buffer overflows" for security.

Spectre works in a few corner cases because there are situation where software has full access to it's own data, but doesn't actually want to access any arbitrary data : mainly, it wants the Javascript to only read the data inside its array, and not outside were some sensitive information would be stored.

Which would fix ?
The blunder which gives access to already accessible data ?
The stupid software which keeps sensitive data and arbitrary code within reach of each other.

The first only works in a few key cases.
The second is a problem waiting to happen. If it's not Spectre today, it might be a completely different exploit tomorrow.

Doesn't seem like it would be difficult to undo or work around the software patch to access the original defective microcode.

The quick'n'dirty software correction would be :
- disabled JIT, so the arbirary code doesn't generate a thigh compact group of machine instruction that can all fit inside the CPU pipeline.
That's going to be order of magnitude more difficult to circumvent, at the cost of performance hit specific to the formelly JIT-ed code.
(But you still have a broken software that is going to get b0rken by the next coming exploit).

The formally correct software correction would be:
- keep the sensitive data and arbitrary code separate from each other. Thus even if a different exploit happens to your system, it would still not be able to access the sensitive data. You've fixed the problem forever.

The microcode/CPU correction would be :
- completely disable speculative execution, meaning a performance hit whenever there's a conditionnal jump in the code (basically everywhere).
You computer now runs like shit, and you still have broken-by-design software sitting waiting for the next exploit.

Scale of the attacks.

[DrYak]

Meltdown uses out-of-order execution and a side channel attack that is unique to Intel. Spectre uses speculative execution and is more generalized, with tested proof-of-concept attack code on AMD and ARM.

On the other hand, Spectre only enables access to data to which the process had access to begin with. (Meh...)
Only a very small subset of software can actually be usefully abused, mostly due to bad software design :

- Google's demo relied on a non standard setting that turns on a JIT engine that runs user-provide arbitrary byte-code in-kernel (common, in-kernel ? What could possibly go wrong ! Seriously, there's a reason why this setting is non-standard).

- There are browser with bad designs that manage to keep sensitive data in the same context as remotely-provided Javascript code.
In other words, a problem waiting to happen. Spectre just happens to be the exploit which bit them now, but any other completely different exploit could have come in a couple of months and done similar damage.

Yup, it's bad that speculative execution may lead to some side effect, but it's working as intended.
It's the software which is stupid (or dangerous options turned on, as in the kernel) and should be fixed before another problems comes again.

---

Whereas Meltdown is an entire different level of worrying.

On Intel CPU, access rights are checked way to late, by that time speculative execution has had time to do stuff which can also be timed.
Other CPU (like AMD's) work much more sanely, doing the check first and not progressing anything. It cost a tiny bit of performance, but is more formally correct and ends up protecting against such problems.

That means that on Intel CPUs the whole set of guarantee that memory protection is supposed to give don't hold true any more.
It's the whole memory protection scheme flying out of the window.

On Intel CPUs memory protection has stoped working as it should.
The software is correct on relying on memory protection for security, it's Intel's protection that suddenly doesn't work anymore.
No matter if you write correct software.

On any other CPU protection works as it should, and non-stupid software is safe.

Spectre

[DrYak]

Technically, Spectre only reveals data to which the process had already access to begin with.

In the Google demo, it works because all in-kernel code (here: JIT-ed bytecode) has access to in-kernel data.
There's a reason why the option is non-standard.

In the few affected browser, it works because said browsers were stupid enough to keep sensitive data (passwords ?) in the same process as where remotely provided Javascript code is JITed and executed.
(I.e.: stupid design that should be fixed anyway. If not Spectre today, there's sure to be another exploitable flaw discovered before the end of this year which could also be leaking sensitive data. Always keep your sensitive data and arbitrary code execution segregated).

But correctly designed software should be unaffected.

Looks like "drive by attacks" ARE possible

[Sloppy]

(BTW, thanks to the people who suggested I read the Spectre paper.)

I haven't seen anything that would make me think that a drive by attack through a web browser could actually be performed.

One of the things that makes Spectre so interesting, is that we're wrong!

Long story short, is that though Javascript doesn't have pointers, it can have an array of bytes. And the compilers are amazing and apparently do a really great job of turning the Javascript into machine language.

So the Javascript basically asks for somearray[i], where i is totally out of bounds but nevertheless does correspond to some memory location that would be used, if we weren't checking array bounds. Of course, array bounds are checked, but by the time they're checked, the conditional execution has already read and used somearray[i] to touch something else. Though somearray[i] is never directly exposed, its value can be later inferred by checking to see what memory page got loaded into the cache.

Fuck. Now I see why everyone is freaking out.

If I were in charge of the Internet (heh) I'd say let's just remove all of Javascript's ability to interface with the clock, so that you can't ever figure out what was in cache vs what wasn't. No, let's not kid ourselves: my imperial directive as God of the Internet would be that web browsers should no longer ever execute any code of any kind from web pages. (Gee, I could have told myself that 20 years ago, and I probably did but I eventually had to come to accept that Javascript on the web ain't going away, no matter how much we all hate it.) You just can't sandbox things good enough.

Oh, fuckfuckfuck.

Thios one is CPU specific

[DrYak]

Sigh, did anyone actually read the spectre paper;

Exploiting Indirect Branches.

The bit about execution beyond software checks is explaining a specific detail about memory side effects. The above section builds on that concept to show that you can induce these memory side effects by tricking the branch predictor to execute existing code in an unexpected way.

Okay, to go into more details :
there are two things that are call spectre, which are both based around speculative execution.

The first one, which gets around software check, to which every single deeply-pipelined/out-of-order CPU that does speculative execution (lots of vendors, some as long back as mid 90s), and which is basically still "speculative execution working as intended", is the one I've described in my post.

That the one to which every piece of software running on nearly any CPU (except perhaps older Intel Atoms, Intel Xeon Phis, and older ARM 32bits as those don't do speculative execution, because as a matter of fact they have way to short pipelines) is susceptible, but which in practice isn't very concerning because it basically targets software which has "please exploit me!" design flaws written all-over it.

The second things which is called "spectre", also uses speculative execution, but is an extremely specific stuff that only targets specific CPUs :
only specific Intel CPUs are concerned, only in extremely specific circumstances. AMD CPUs are not affected. And that's expected because each CPU uses an entirely different strategy to predict branches.

Just like with Meltdown, it against boils down to Intel CPU trying to be way too much clever, trading security to shave a few performance points.
It boils down to an address (here a jump target) to even being known at the time when instruction start to pour into the pipeline. Some CPUs may try to guesstimate where the execution would go next.
The way some specific Intel CPU store their estimations means there's a risk of aliasing/confusion (CPU has learned that instruction A usually jumps to point B, but when the CPU sees instruction C it get things mixed up and think that there's a high chance it will also jump to point B and start speculatively executing there, even if that ends up not being the case and C actually jumps to a different point B).

By knowing the specific make of affected Intel CPUs, and by knowing the exact way in which this aliasing and confusion happens in that specific Intel CPUs, and by allocating a shit ton of memory (so you end up with an address that can actually be confused/aliased with your target) and by the way knowing in advance the foreign address you're trageting (because, you know, ASLR gets in the way) and spending around half an hour doing stuff (according to the Google demo) in order to get the exact thing you need so that specific Intel CPU confuses the thing exactly the way you need, then you can have the CPU guess wrong and jumping speculatively to the completely random address you've asked it to jump to (until it notice it's wrong, throws nearly everything out - except the already prefetched cache - and jumps back to the actual correct execution).

This is not something that affects every speculatively executing CPU in existence, this is not a CPU still working as it should (unlike the other exploit).

This is some specific CPU (happens to be by Intel) that each take wild guesses - way too much wild guesses - and if you know exactly how this CPU takes its too wild guesses, you can abuse to make it guess wrong. No other CPU will be affect.

Given the complexity of the taks, this is not something that you're going to see a lot in the wild and automated (not in drive-by Javascript attacks). This is something that is going to be specially crafted manually, for some very specific attacks (an attacker want to break the specific hyper visor in which it's currently staying).