NVIDIA GPUs Weren't Immune To Spectre Security Flaws Either

Nvidia has became the latest chipmaker to release software patches for the Spectre microchip security threat, indicating that the chipset flaw was affecting graphic processors as well as CPUs. From a report: To that end, NVIDIA has detailed how its GPUs are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue. All its GeForce, Quadro, NVS, Tesla and GRID chips appear to be safe from Meltdown (aka variant 3 of the attacks), but are definitely susceptible to at least one version of Spectre (variant 1) and "potentially affected" by the other (variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second. Most of the updates are available now, although Tesla and GRID users will have to wait until late January.

Oh, dang!

[cdreimer]

Time to switch back to AMD. I would rather have a slower video card than a compromised video card.

Re:Oh, dang!

AMD processor are affected by spector flaw... we will have to wait if they video card are also vulnerable

Re: Oh, dang!

Youâ(TM)d rather have blue screens launching games?

Re:Oh, dang!

There you are spamming amazon and youtube affiliate links with yet another fake account, you revenue stream hogging disgusting fat sexist tube of lard, Christopher Dale Reimer!

You can be sure I will be watching this fake account too. I know this is you because you told me you were working on your freepass 11 file server and you are so dumb that you can't even masquerade yourself properly.

Now, I told you I was out of meds last week and you didn't even care to contact me you lazy fucker.

How many times do I have to express the emergency of the situation??????

The python click script you wrote for my pheromone revenue stream web site suddenly stopped to work!!!!!!

You fucking incompetent python script writer!!!

When it works, I get 4000+ clicks a day on my pheromone revenue stream web site but only 5 or 6 without it!!!!

Now, it seems like you dont care and that you have abandoned me you heartless fucking pig!

Bonus:
Here is a story that creimer told me when convincing me what a hard life he had:

The tree was him and the tree knot was his butt hole!

So, his uncle packed his fat ass with lard and with his cock! Not that it makes much of a difference but anyway, there it is!

Signed:
The girl that used to love you and now hates you, burn in hell where you belong you sexist pig!

Re:Oh, dang!

What the fuck

Re:Oh, dang!

Please do not feed the trolls.

Re:Oh, dang!

You must be new here. It seems silly but once upon a time creimer was posting advertisements all over the forum so now we spam his every comment with shit so nobody ever accidentally mods him up so he can shit the place up. Do not give him a second chance he was quite smug back then under the misconception that he had a massive karma surplus so there was nothing anyone could do to stop him. "If you don't like it talk to management" was his typical response.

Re:Oh, dang!

Time to switch back to AMD. I would rather have a slower video card than a compromised video card.

Be careful what you wish for! You may end up with both slow and compromised like it already happened to you:

http://ibb.co/mRVSaG

Re: Oh, dang!

You do realize that when you spam him, you're spamming the rest of us as well, right?

Re:Oh, dang!

[Hal_Porter]

These attacks seem to affect anything with speculative execution. If they affect Intel, ARM and AMD CPUs and NVidia GPUs it's not all that unlikely that they affect AMD GPUs too.

Re: Oh, dang!

Collateral damage is an unfortunate but necessary part of the war on paedophiles like creimer.

Re:Oh, dang!

[sexconker]

Variant One (Spectre, lamer version that no one should be afeared of.)

Bounds Check Bypass
Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.

Variant Two (Spectre, legit version that can nizz your nozz.)

Branch Target Injection
Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.

Variant Three (Meltdown, AMD is unaffected. Intel is affected for every damned thing lol. One ARM CPU - Cortex A57 - has been found to be affected by Meltdown / something so similar ARM threw it under the Meltdown umbrella / bus.)

Rogue Data Cache Load
Zero AMD vulnerability due to AMD architecture differences.

Re: Oh, dang!

[sexconker]

I don't mind it. I find the current moderation on creimer's post to be funny (-1, Interesting).

Re: Oh, dang!

I suppose that speculative execution is what makes nvidia and intel, among other things, faster processors than their AMD counterparts?

Re: Oh, dang!

Is there some kind of law describing when shilling and trolling are indistinguishable?

Re: Oh, dang!

He uses sock puppets to mod himself +1 interesting

Re: Oh, dang!

Oh the rest of you who read 8 level nested score 0 posts? Only a handful of criemer responses are usually ever visible from the main thread. Or I suppose we can let him shitpost unchecked until his karma eventually allows him to make multiple score 0 posts wherever he thinks they will be most visible so that he can scrape up random clicks and karma.

If you're doubting he'll do this just remember he's weird as fuck and we seem weird to him for not making it a life goal to collect oodles of karma under our real names or post amazon referrer links all over the internet so we can get the "free" money.

Re: Oh, dang!

@sexconker don't forget posting with +2 karma brings attention to the bottom of his comment pits!

Re: Oh, dang!

It's what gives Intel the advantage in single thread performance. As for Nvidia...the architecture of an AMD gpu is geared towards the newer APIs. Developers should be using them in everything by now but aren't. The question is why and I almost wonder if Nvidia is getting them to stick with dx11 to hamper performance on AMD like they used to do with gameworks.

I have a GTX 1080 and my old 290x can just about keep up with it in doom and Wolfenstein 2 then in Hitman and tomb raider (dx12 mode) I can do the same.

Of course the latter 2 games are dx11 engines with some dx12 function calls so performance sees minimal enhancement. That said between architecture and drivers Nvidia is way behind in everything but dx11.

I wouldn't mind multiple Vega cores tied together with infinity fabric as the next AMD gpu. That should offer amazing performance since they shrunk it down to 7nm

Re: Oh, dang!

AMD and most full blown processors since y2k have speculative execution. I have no idea why anyone would delve so deeply into make believe to use it as the reason why intel has such better single thread performance compared to amd.
The reason is simple, AMD just has less R&D money to throw around.

Wow

[110010001000]

The current generation of computers are going to be even slower than the last generation. Nice job all around!

Re:Wow

[cdreimer]

That's what happens when you make $50K per year in Silicon Valley cleaning out IT closets.

Re:Wow

[110010001000]

Actually I work in IT for $50k to protect the country. I don't just leech off of taxpayers money all day.

Re:Wow

Actually I work in IT for $50k to protect the country. I don't just leech off of taxpayers money all day.

I see. So the security of this country boils down to "Have you tried turning it off and on again?"

When folks say how brave Navy SEALs are do you respong with, "Pfft! I'm an Admin! I chew up SEALs for lunch! I"d like to see those pussies run cable under the floor!"

Re:Wow

Right on!

Re:Wow

Here in San Francisco 50k is janitor money. We pay interns $130k/year. No wonder our government is so hopeless if they're pulling from 50k talent... Why work in IT if you can't drive a Porsche?

Re:Wow

Since all CPUs since 1995 are affected they're not, because that generation is slower now as well if you're running the latest updates.

Re:Wow

[war4peace]

Are you doing a good job?
And if so, are you sure those you work for are doing a good job?

Re:Wow

Chris' case is getting worse, he spends all day replying to himself as AC on /.

The tests we ran on Chris have shown that Chris has the intelligence of an ameba:
https://en.wikipedia.org/wiki/...

So, technically, he is able to conceive some kind of agenda but it will be silly or impossible to follow on a human scale.

For example, Chris had an agenda to post anything he felt like on Slashdot which did not work well because it was based on his false beliefs that he had an infinite number of karma points as he wrote here several times.

Several people here explained to Chris that karma maxed out at some level like 50 or so but Chris kept on insisting that his python script had confirmed that he had millions of karma points!

Oh well, as I wrote before: "It isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody."

For the valuable /. users that might already have read the following, please note that there is an important update.

IMPORTANT UPDATE:
Special Education for the Santa Clara County Office of Education has invested money to buy Chris a new chair:
http://www.keynamics.com/image...

Information about Christopher Dale Reimer and autistic people:

Autistic people have obsessions about things normal people don't care. For example, one of our autistic patient went haywire when he realized that there was a penny missing in his pocket change.

To calm him down, one of our educator pretended to have found it on the floor and gave a penny to him.

The autistic patient condition went even worse because he realized it wasn't the same penny!

Chris has an obsession with budgeting every penny. He doesn't understand that most people do not budget to the penny and have a flexible amount they allow for miscellaneous items.

I am Nancy Guerrero and I am Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a. creimer,cdreimer) picture in our document because he is the hardest case we have ever had to handle:
http://www.sccoe.org/depts/stu...

Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
https://ibb.co/gVad65

Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
http://ibb.co/mRVSaG

But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.

Thank You dear users,
---
Nancy Guerrero
Director
Special Education
Santa Clara County Office of Education

Re:Wow

That's not entirely true. For every engineer who gets paid six figures, a half-dozen support staff gets paid five figures. The janitors are more likely get paid minimum wage ($10 per hour).

Re:Wow

I don't just leech off of taxpayers money all day.

Says the guy who spends most of his day posting on /.

Re:Wow

If you are working for 50K per year to "protect the country" I might assume you are working for the military. Or some other arm of government like the NSA.

In which case you are indeed supported by the tax payer everyday.

Or am I guessing wrong?

Re:Wow

110010001000 works for the Government Publishing Office, making toilet paper for the media to wipe their collective asses.

Re:Wow

For a car analogy: if your car is used for a carpool, the manufacturer will cripple your car with 30% efficiency cut. You may not use your car for carpools, but you'll still be forced to take the performance hit...because, reasons.

Has everyone forgot the fact that most consumers don't need or care about this kind of "protection" that Intel is making everyone choke on? The only folks who really need this in the consumer OS are DRM folks... to ensure that users can't glimpse the keys hidden deep in the system (and corporate security).

(yes, data center folks really care about this---any multi-user environment would... but crippling a gamer's personal desktop that is only used by 1 user who is also the owner of the hardware... is just stupid, and/or evil).

Re: Wow

To his credit he said "all day". Maybe he leech occasionally, or maybe half a day?

Re:Wow

[cdreimer]

So the security of this country boils down to "Have you tried turning it off and on again?"

In a nutshell, yes. Most users think they have a God given right to remain logged into "their" computer 7/24, preventing admins from automatically applying patches and updates to protect systems on the network. A reboot is the fastest way to clear a pending reboot state.

Re:Wow

Only computers that have their resources shared among strangers will need the patches. It would be extremely silly for a regular home user to apply any of them.

Re:Wow

[EndlessNameless]

Intel isn't releasing the patches though. It's Microsoft, the Linux devs, the BSD devs, etc. who are releasing these patches.

personal desktop that is only used by 1 user who is also the owner of the hardware

You are using software made by other people. You either accept their judgement or roll your own.

Go ahead and fork pre-Spectre Linux if you really believe the Spectre mitigations are a bad idea. You might even find a few people who care about that marginal performance hit to help you---but I doubt it.

Re:Wow

Except that javascript, basically running in all browsers, or rather running all the browsers for a "richer" Internet experience, is a stranger on your own hardware.
The "richer" experience is for the ones spying on you and your electric utility (the amount of power consumed by a browser running javascript is not negligible, especially once you multiply it by the number of devices).

Re:Wow

[FatCashewsSlapMe]

Cousin! It's bad enough that you fuck the neighbors' goats. But a horse is going too far! http://www.al.com/news/index.ssf/2018/01/irivington_man_appears_in_cour.html

Re:Wow

Chris, I thought you threw away the emails for all your sockpuppet accounts?

Now that I know what you look and sound like, your replies have taken on an even more comical, desperate, and sad tone.

A toothless virgin sitting in his 475 square feet of squalor, waiting two hours on the bus to read my latest reply.

Re:Wow

You do know that the cashews accounts belong to Joe Dragon? You're probably too stupid to make that connection.

Re:Wow

[FatCashewsSlapMe]

Cousin! It's bad enough that you fuck the neighbors' goats. But a horse is going too far! http://www.al.com/news/index.ssf/2018/01/irivington_man_appears_in_cour.html

Re:Wow

That should be addressed by the web-browser. e.g. better sandboxing not to let javascript leak uninitialized memory.

So the only concern is native apps that you don't trust... well, do you currently trust many? (e.g. how do you know your keyboard driver isn't leaking your excel files to some 3rd party, and how will fixing this Intel bug prevent your keyboard driver from leaking your excel files to some 3rd party?).

Re:Wow

What's "comical desperate and sad" are these comments. You're not stopping creimer from doing anything. He's going to post videos. He's going to pimp his videos on Slashdot. He's going to use YOU to help promote his YouTube channel.

Re:Wow

In a creimershell, we know all that, Chris. We imagine your mongoloid fingers mashing on the keyboard while your upper lip twitches to suck up your drool.

How you deal with all the women throwing themselves at your sculpted physique, yet aren't interested in your 5000$ stash of silver coins, is a mystery.

You must be made of stern stuff to resist all that temptation.

Re: Wow

Nice weasel word "releasing". Even though Intel isn't releasing it the patch is still written mostly by Intel. It is no coincidence Intel is the biggest contributor to the Linux kernel because they submit the code for their own cpus and amd does the same for theirs.

Re:Wow

Sure, but at the end of the day, your videos are horrendous, your views are pathetic, and I'm not you.

No one is trying to stop you, Chris, we are simply telling you how ineffective, awful, and laughable you are.

By all means continue your work. You are a perpetual entertainment machine, Chris.

Re:Wow

But Chris, 99999$ a year is a five figure salary, you make half that. That's a 2:1 spread, almost as wide as your customized office chair.

Re:Wow

Well the exploit works from JavaScript provided by a web page. So with your attitude I guess you can kiss your banking passwords good bye.

Re:Wow

Yes, Chris, obsessively responding to people you claim are trolls and constant references to zoophilia, that totally proves what a normal person you are.

Your PlentyOfFat dating profile must be getting more views than all your shitty sewer-grade videos combined!

Ladies! Want a stable man with a well-paying job and a nice personality AND the body of a Greek God (of buffets)?

Re:Wow

What's entertainment is when you assume every AC is Chris. Is Joe Dragon the new fuck toy since Chris is using you to pimp his YouTube channel?

Re:Wow

You have 12 views on your latest youtube video, Chris. Nobody's trying to stop you (because who cares if there's yet one more Youtube video), we're just making fun of how you're bragging about something you're doing so poorly at.

I dunnow. Maybe Joe Dragon is just another shitposter, maybe he's one more of your dozen+ fake accounts, who knows, who cares.

Re:Wow

[antdude]

Slower than Pentiums?

Re:Wow

He's hilarious but don't tell him it's ok to try and make money off slashdot.
It's not ok, we all come here to read the news and have a little chat I don't need someone shitting the place up like a 2007 myspace

Re:Wow

Even more entertaining: when you think you're talking to the same "you" each time, Chris.

". Is Joe Dragon the new fuck toy"

Wow, there's an expression you never hear except from Slashdot's mumbling Sasquatch: Christopher Dale Reimer!

Were you born with a cleft palate BTW? The missing upper teeth, lisp, and upper lip movement seem to suggest it.

Re: Wow

How did you access my GPU with JavaScript, and how the hell did my banking password make it into GPU memory??

Re: Wow

WebGL/HTML5 you knuckledragger.

Re:Wow

Here is the story of creimy the mountain and his royalties!

Listen to the audio version here:
https://www.youtube.com/watch?...

"Creimy The Mountain"

includes quotes from Pomp and Circumstance March No. 1 in D major (Edward Elgar), Johnny's Theme (Paul Anka), Off We Go Into The Wild Blue Yonder (Crawford), O Mein Papa (Paul Burkhard), Over The Rainbow (Harburg/Arlen), Star-Spangled Banner (Smith/Key), Suite: Judy Blue Eyes (Stephen Stills)

One, two, three

CREIMY the Mountain
CREIMY the Mountain
A regular picturesque
Postcardy mountain
Residing between lovely
Rosamond and Gorman
With his stunning wife ETHELL, A tree! A tree!

CREIMY was a mountain ETHELL was a tree Growing off of his shoulder

CREIMY was a mountain
(CREIMY was a mountain!)
ETHELL was a tree Growing off of his shoulder
(ETHELL was a tree growing off of his shoulder)
(hey, hey hey!)

Creimy had two big
Caves for eyes,
With a cliff for a jaw
That would go up 'n down,
And whenever it did,
He'd puff out some dust,
And hack up a boulder (HACK!) Hack up a boulder (HACK! HACK!)
Hack up a boulder (HACK! HACK! HACK!) Up a boulder

Now, one day, now I believe it was on a Tuesday, a man in a checkered double-knit suit drove up in a large El Dorado Cadillac, leased from BOB SPREEN

("Where the freeways meet in Downey!")

And he laid a HUGE, BULGING ENVELOPE right at the corner of CREIMY THE MOUNTAIN, that was right where his 'foot' was supposed to be.

Now, CREIMY THE MOUNTAIN, he couldn't believe it! All those postcards he'd posed for, for ALL OF THOSE YEARS, and finally, now, AT LAST, his Royalties!

Royalties! Royalties Royalties! Royalty check is in, honey!

Yes, CREIMY THE MOUNTAIN was RICH! Yes, and his eyeball-caves, they widened in amazement, and his jaw (which was a cliff), well it dropped thirty feet!

A bunch of dust puffed out! Rocks and boulders hacked up, (hack! hack!) crushing 'The LINCOLN'!

I gave him the money He acted real funny He hocked up a rock and It TOTALLED my car!

Oh, do you Know any trucks Might be bound for THE VALLEY?
I don't wanna stand here All night in this bar (Dear Lord)

I don't wanna stand here All night in this bar (No shit!)

I don't wanna stand here All night in this bar!

By two o'clock, when the bars are already closed down, CREIMY had broken 'THE BIG NEWS' to ETHELL. And with dust and boulders everywhere, CREIMY, choked with excitement, announced

"ETHELL, we're going on a VACATION!"

Yes, and they WERE going on a vacation! (Oh, and ETHELL, ETHELL, ETHELL, like every little woman, she of course was very excited! She creaked a little bit, and some old birds flew off of her.) CREIMY told ETHELL they were going to Yes! They were going to NEW YORK!

"ETHELL, we're going to New York!"

But first they were gonna stop in LAS VEGAS

It's off to LAS VEGAS to check out the lounges Pull a few handles,
And drink a few beers, (Oh, ETHELL!)

ETHELL, my darling, you know that I love you!
I'm glad we could have a Vacation this year! (Oh, NEET-O!)

Glad we could have a Vacation this year!

They left that night, crunchin' across the Mojave Desert their voices echoing through the canyons of your minds (POO-AAH!)

"ETHELL, wanna get a cuppa cawfee?"

(Howard Johnson's! Howard Johnson's!
Howard Johnson's! Howard Johnson's!)

"Ahhh! there's a HOWARD JOHNSONS! Wanna eat some CLAMS?"

The first noteworhty piece of real estate they destroyed was EDWARDS AIR FORCE BASE

And TO THIS VERY DAY, 'Wing Nuts' and Data Reduction Clerks alike, speak in reverent whispers about that fateful night when TEST STAND #1 and THE ROCKET SLED ITSELF (We have ignition!) got LUNCHED! I said LUNCHED! (Lunched!) By a FAMOUS MOUNTAIN-IN and his SMALL, WOODEN WIFE.

"Word just in to the KTTV News Service undeniably links THIS MOUNTAIN and HIS WIFE to drug abuse and

Obvious question, what about AMD?

[drinkypoo]

If this is another thing that AMD got right while the competition got it wrong, they're really going to come out looking like the only responsible parties.

Re:Obvious question, what about AMD?

[MiliusXP]

AMD is also not immude to Spectre... only Meltdown!

Re:Obvious question, what about AMD?

Dude, you're shilling so fast you're not even spending the time to get your spelling right. Slow down. Intel pays by the hour.

Re:Obvious question, what about AMD?

[RedK]

What about AMD ? They are vulnerable to Spectre too. What did they get right in this case exactly ?

Re:Obvious question, what about AMD?

[Luthair]

Actually they were only shown to have issues with one variant of spectre.

Re:Obvious question, what about AMD?

[Chatterton]

Has AMD (ATI) video cards do some speculative execution, Spectre is most probably also a problem for them.

From there, there is some possibilities:
- They tried to let it go under the rug by not talking about it for their video card products
- They are still in the process of working around
- They don't think that problem is a problem for video card workload (non sensitive)
- They are greedy and won't lose money working on it
- They don't have the problem
- They are incompetent

Pick your best guess

Re:Obvious question, what about AMD?

They didn't license Intel's patents for implementation methods. AFAICT they were simply lucky that these methods and other methods that were similar enough to risk patent infringement suits turned out to be vulnerable to Meltdown and some of the Spectre attacks, I've seen no evidence that they knew anything about SE attacks that anybody else did. But by avoiding Intels patents they also avoided most of the solution space that turned out to be risky.
Conversely, Intel will likely find when they try to redesign their execution engines that AMD has the viable non-risky methods already patented. They may well have to license AMD's patents to move forward. I doubt AMD will be gentle with them, though I suppose the most cost effective way out is for Intel to bribe congress to declare this a matter of national security and void AMD's patents.

Re:Obvious question, what about AMD?

[Luthair]

Don't they already have cross licensing agreements?

Re:Obvious question, what about AMD?

A variant that requires physical access to the hardware no less.

Re:Obvious question, what about AMD?

[Luthair]

I assume this is tied to either the virtual GPU work or some sort of shared compute, maybe AMD hasn't advanced as far nvidia in architecting in this area?

Re:Obvious question, what about AMD?

Sorry AMD defense squad, but no variants require physical access. They all require local code execution though, I don't know why many media sources describe this as physical access.

Re:Obvious question, what about AMD?

[war4peace]

Missing option: "most of the above". "most" because "They don't have a problem" is N/A.

Re:Obvious question, what about AMD?

They got confused by the AMD PSP (security coprocessor in Zen-based CPUs) vulnerability. That one requires physical access and the researchers couldn't even get it to work on real systems and used an emulator instead. AMD patched it anyway in the AGESA BIOS just to be on the safe side.

Re: Obvious question, what about AMD?

That's actually for the sps security hole, not spectre

Re:Obvious question, what about AMD?

[mikael]

If you look at some of the papers on GPU architecture research, they are eliminating the out-of-order and speculation execution of instructions as well. They were doing so since 2011.

Re:Obvious question, what about AMD?

[EndlessNameless]

AMD is offers fuller preemptive multitasking. If anything, their hardware is more advanced than NVIDIA's for general compute. (NVIDIA has added some very nice hardware for deep learning though.)

AMD's bigger problem is that NVIDIA did a very good job of promoting CUDA and related proprietary tools. NVIDIA has a huge headstart in putting tools for programming their GPUs in front of developers. Honestly, they've always been better at software and industry partnership than AMD.

Re: Obvious question, what about AMD?

That's for their CPU, no mention about GPU

Re: Obvious question, what about AMD?

Actually, if we've learnt anything at all it's that Intel doesn't give a flying crap about correctness, so the spelling isn't really an isue.

NVIDIA GPUs are not susceptible

NVIDIA GPUs do not do speculative execution. They do not have access to kernel memory. They are not susceptible to these flaws. These are patches in their drivers to account for CPU (not GPU) exploits. I.E. Intel and AMD flaws. I bet NVIDIA releases a clarification soon.

Re:NVIDIA GPUs are not susceptible

[Stormy+Dragon]

They do not have access to kernel memory.

Spectre has nothing to do with kernel memory. You're confusing the Spectre flaw with the Meltdown flaw.

Re:NVIDIA GPUs are not susceptible

Spectre is about branch prediction - training the predictor so that timing attacks are possible. GPUs do support branching so it likely is an issue with the GPU itself. They shouldn't suffer from the similar but distinct Meltdown (Intel) attack though.

Re: NVIDIA GPUs are not susceptible

Branching and branch prediction (an optimising technique for speculative execution) are two different things.

IAFAIK no nVidia GPU implements speculative execution. nVidia released a driver update to patch CPU related Spectre. This article is just making a wild assumption for hits.

Re:NVIDIA GPUs are not susceptible

[angel'o'sphere]

And the code running on a GPU has no access to main memory ...

Re:NVIDIA GPUs are not susceptible

There are problems on consumer graphics cards, that when you create a large texture, the contents are not zero'ed, so you see what was in the video memory previously. For "trusted" computer systems, all memory is cleared before use.

Re:NVIDIA GPUs are not susceptible

[Stormy+Dragon]

No, but the code running on a GPU memory has access to video memory, which means Spectre style flaws could be exploited to expose sensitive data stored in video memory that the code would not normally have access to.

Re:NVIDIA GPUs are not susceptible

[EndlessNameless]

This is not entirely accurate. You have unified memory access in CUDA, and it's been that way for years. The CUDA driver has system-level privileges.

A quick google turned up this NVIDIA blog post. You can dig into the details on CUDA Zone if you're really curious.

Unified memory is also supported in DirectX 12 if the underlying hardware supports it.

In both cases, the driver shuffles data transparently. There are already a lot of attacks that rely on manipulative accesses of memory/cache to ensure that data is being read from desirable locations, so it is conceivable that GPU code could expose kernel memory. After all, the driver that provides memory management would have access to it.

Cryptocurrency mining

[forkfail]

Wonder what impact this will have on cryptocurrency markets. Regardless of actual slowdown in mining, it is the perception that will probably matter...

Re:Cryptocurrency mining

[war4peace]

My guess is none.
The patches only make sense if the computers running the hardware do hold sensitive information. Cryptomining drone systems generally don't; furthermore they are generally isolated from the Internet.

Re:Cryptocurrency mining

[forkfail]

Perhaps.

My thought was more along of the line of the perceived impact in the overhead of a patch that for a CPU is going to drop instruction processing by between 5% and 20%. If the BitCoiners think that mining rates would suffer the same amount of throttling (decreasing supply) if it will impact the market.

Note, though, I am referring to perception more than actual mining rate changes.

Re:Cryptocurrency mining

[Highdude702]

Can't mine without an Internet connection..

Re:Cryptocurrency mining

[war4peace]

As a standalone miner, you can't.
In mining datacenter, you cave a local pool which is controlled by a PC connected to the Internet, and miners connect to the local pool without being connected to the Internet themselves.

Re:Cryptocurrency mining

[war4peace]

CPUs have very, very, very little impact in GPU mining. As in "insignificant".

Re:Cryptocurrency mining

[forkfail]

Ya. But - how will the market see this thing?

Technically, yep. Agree completely. Just pondering the difference between technical reality and perception, and how it impacts things :-)

Re:Cryptocurrency mining

[Highdude702]

Didn't think of that, But I personally don't call that isolated if the network is connecting to a box with internet access. There is always a way in, Finding it is the hard part.

The timing is great

Didn't they forbid datacenters from consumer-level driver upgrades a few days ago?

Re:The timing is great

[OneAhead]

Oh wow you're right, that's nasty (even if entirely coincidental).

WILL YALL PLEASE STOP DROPPING THE SOAP!

This is some bad, bad hurt.

GPUs vulnerable to Spectre security flaw?

[DontBeAMoran]

Oh noes! The bad guys will access my game textures!

Re:GPUs vulnerable to Spectre security flaw?

[hcs_$reboot]

They might also witness the bitcoin data being mined by a malware.

Re:GPUs vulnerable to Spectre security flaw?

[Arkh89]

Or your screen main framebuffer...

Re:GPUs vulnerable to Spectre security flaw?

Or the primary framebuffer while you are doing something sensitive.

Re:GPUs vulnerable to Spectre security flaw?

If you're doing anything sensitive on a computer running Windows, you're part of the problem.

Re:GPUs vulnerable to Spectre security flaw?

No, just the Pr0n on your screen :) You know, for advertisement reasons

Please do some research before spouting off

NVIDIA’s core business is GPU computing. We believe our GPU hardware is immune to the reported security issue and are updating our GPU drivers to help mitigate the CPU security issue. As for our SoCs with ARM CPUs, we have analyzed them to determine which are affected and are preparing appropriate mitigations.

Horribly inaccurate article/summary

[Nemyst]

Holy shit this is bad reporting. Nowhere on the Nvidia page does it say that GPUs are actually affected by Spectre or Meltdown. It's in fact impossible since GPUs don't perform speculative execution. On top of that, GPUs don't run kernel code (so cannot leak it), don't run an OS, have a completely different architecture to begin with and so on.

So what's this announcement about? It's a driver update to mitigate Spectre/Meltdown which could potentially affect the driver's CPU code. This has also been confirmed by Nvidia many days ago.

Shameful reporting by Engadget, not that I'm surprised considering they barely qualify as "tech" reporting.

Re:Horribly inaccurate article/summary

Yes, and if anything with even a quarter of a clue about GPUs had read it they would have known it almost certainly isn't about the GPU.
Everyone who runs code in kernel space (i.e. all vendors with kernel-level drivers) need to publish updates, otherwise their driver code might be possible to misuse to trigger the issue described as "Spectre" - or at least that's the cautious approach, with Spectre it is a bit unsure what exactly is necessary to exploit it.

Re:Horribly inaccurate article/summary

This isn't about what a GPU engineer would have known, it's about Engadget doing a shit job writing the article. You know, the article that is supposed to be general access?

Re:Horribly inaccurate article/summary

[tlhIngan]

On top of that, GPUs don't run kernel code (so cannot leak it)

No, GPUs have access to kernel memory and can leak that. I don't care about the GPU memory contents. But the GPU has access, because of its design, to the OS kernel's memory, and potentially it has write access to that memory.

(The GPU drivers generally reside in the kernel, and for fast efficient transfers of data, the system may map the entire system RAM into PCIe memory space so the GPU can rapidly access all the buffers - the command buffers from the kernel, the texture and model buffers from the userspace application, etc.)

I wouldn't be surprised if other devices started having similar flaws, though the GPU one is particularly serious since a lot of the data comes from userspace applications - other devices like a sound card also have access to kernel memory, but the interface is usually much more limited with few soundcards having a programmable command interface directly controllable from userspace applications.

Re:Horribly inaccurate article/summary

Sure got a lot of hits though, didn't it?

You call it "shameful," but they stand unashamed. Their goal is to get clicks. They did what they had to do to get clicks. And it worked. That's called "success," and it is highly-regarded in our society.

Re:Horribly inaccurate article/summary

[sl3xd]

On top of that, GPUs don't run kernel code (so cannot leak it),

It's entirely different from saying it's a problem with the GPU, but: There is the much-maligned NVIDIA kernel module which does interact with the GPU.

It's not far-fetched to say that there may be Meltdown/Spectre related patches -- though it's far more reasonable to say that any fixes would be a mitigation between the kernel module/driver and the CPU.

Why attack a GPU?

Even if the Nvidia chips are exposed, why would anyone attack a GPU that has no access to any personal information? GPU's store pixel data and other display data not personal data. I guess for myself I would be more concerned about Intel's and AMD's new chip combinations that at least implies a closer connection between the two. Not suggestion a current security threat, but certainly might be a potential target if a flaw were to exist.

Re:Why attack a GPU?

[gwjgwj]

GPU has access to the CPU memory via PCI Express.

Re:Why attack a GPU?

PCIe devices can read any part of host physical memory anytime they like.

Re:Why attack a GPU?

>GPU's store pixel data and other display data not personal data

*Runs hack tool on you*

The real question is, why are you watching dwarf throwing porn, Mr. Not So Anonymous with social security number X?

Re:Why attack a GPU?

So if your bank account data is on the screen, and i capture a screenshot remotely and wipe your bank account clean... That's cool with you because bitmaps aren't personal data to you?

Fucking idiot.

Perhaps there is some good to all of this

[wjcofkc]

These flaws having been introduced so widely and having existed for so long is a side effect of petal to the metal semiconductor advancement. I can only suspect other flaws will be found in time. If this forces an extra layer of thoughtfulness to a technology that stands as the centerpiece of modern civilization and represents (at least to me) the greatest technological realization of the modern scientific age (arguable) then things can only be that much better moving forward. Dye fabrication size is already introducing fantastic new engineering challenges. The more architectural hurdles that can be recognized the better.

I do wonder that if we eventually turn semiconductor design and other future computing technologies over to AI in what now seems likely a very near future, if at some point those tools may introduce features too subtle for us to notice or even understand in order to benefit themselves or itself alone, perhaps even ensuring their own protection. Without ever telling us, of course.

Re:Perhaps there is some good to all of this

[angel'o'sphere]

An AI is only as "smart" as its trainers/programmers.

It won't find a random security hole in an obscure spot the programmers never thought about.

Re:Perhaps there is some good to all of this

[wjcofkc]

Yes. That is true today.

Re:Perhaps there is some good to all of this

An AI is only as "smart" as its trainers/programmers.

It won't find a random security hole in an obscure spot the programmers never thought about.

It can (but is not guaranteed to) find a random security hole (from a known class of security holes) in an obscure spot the programmers (of the checked application, not the "AI" developers) never thought about. That is already very helpful.

Fake news

[OneAhead]

GP is right. Some tech journalist made a flawed deduction and the resulting entirely false story spread virally, even to slashdot. According to their official statement, Nvidia is simply updating its GPU drivers to help mitigate the CPU security issue, a normal and expected move that will be followed by many software vendors since spectre (specifically CVE-2017-5753) actually represents a new class of security vulnerabilities - like "buffer over-read" but different.

In answer to your post, while GPUs do support branching, they don't engage in branch prediction, which makes them immune. In simple terms, superscalar CPUs process data in a "scalar" fashion, but use all kinds of tricks (like speculative execution) to perform more ops per cycle than would be possible for an equivalent scalar design (hence "super"). While superscalar designs fulfill strong market pressure for high per-thread performance, they comes at the cost of using a lot of silicon (and power). Also, one of these "superscalar tricks" just now has turned out too tricky for its own good.

In contrast, GPUs take a whole different approach in getting around the inherent bottleneck of a scalar design: they perform simple operations on a whole array worth of data at once, and can be seen as a cluster of hundreds of simplified scalar CPUs running in parallel (to give an example of "simplified": they commonly share instruction decoding logic to some extent). The advantage of this approach is that you can use silicon for actual computations that would otherwise be "wasted" on "superscalar tricks", which is why GPUs have such phenomenal computational throughput per unit of power consumption compared to CPUs. The disadvantage is that your workload needs to be optimized for this design, which isn't always possible, leave alone easy. They're great for graphic rendering, though. ;)

Anyhow, given the above, you can see that some would argue that going superscalar would defeat the whole point of a GPU living alongside a CPU in the same box...

Re:Fake news

[OneAhead]

I just stumbled upon a very nice explanation on why GPUs don't have branch predictors that is far more rigorous (although also somewhat more technical) than what I wrote.

Re:Fake news

[overheardinpdx]

NVIDIA's own Security Bulletin says that their GPUs are subject to Spectre and Meltdown exploits: https://nvidia.custhelp.com/ap...

Re:Fake news

Learn to read...

"We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue."

Re:Fake news

[exomondo]

The title and heading of that page is:
Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities

CPU, not GPU. It goes on to say:
We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue.

Comment removed

[account_deleted]

Comment removed based on user account deletion

that's no problem just

follow the white rabbit...
Knock knock Arkh89

Comment removed

[account_deleted]

Comment removed based on user account deletion

What happens after Intel "fixes" this mess

Well, I for one, would like to thank you for being there.

It is worrisome that everyone is issuing patches for something not entirely their fault. This cannot become a trend.

And today's captcha is reacting

Re:What happens after Intel "fixes" this mess

I had a captcha for incest. Not surprisingly, I was responding to one of creimer's trolls. You can't get any more inbred than that.

Re: What happens after Intel "fixes" this mess

Creimer doesn't have trolls. He is the troll.

Re: What happens after Intel "fixes" this mess

A troll who post on topic comments and then gets shitposted 30+ comments? That's not a troll. That's someone who is being followed by trolls.

Re: What happens after Intel "fixes" this mess

This is on-topic to you?

"That's what happens when you make $50K per year in Silicon Valley cleaning out IT closets. "

"Time to switch back to Tylenol. I would rather have liver disease than a limp dick. "

"Alexa, please flush the toilet.

Sorry, Dave, I can't do that until you wipe your ass."

"If the probe was sent to Uranus, the soundtrack would be "Lucy in the Sky with Diamonds"."

"That's a good thing. Otherwise, we wouldn't have Bill Gates Does Windows screensaver for the Mac back in the day. "

Really? This lowest-effort useless shit, this noise on the wire, that's on-topic comments to you, Chris?

Stuff that a sixth-grader wouldn't find funny?

Re: What happens after Intel "fixes" this mess

Stuff that a sixth-grader wouldn't find funny?

This is Slashdot. You must be new around here.

Re: What happens after Intel "fixes" this mess

Yes, Chris, Slashdot is a place a sixth-grader wouldn't find funny because its intended audience is adults who can discuss things normally.

Glad you can see that.

Why you don't act like an adult or discuss things normally is entirely up to you.

And we see how you act, and treat you accordingly: somewhere between a tapeworm and brain cancer.

Re: What happens after Intel "fixes" this mess

Every AC is Chris. We all float.

Re: What happens after Intel "fixes" this mess

Nope, just the ACs (since you can only post once or twice a day as cdreimer) that are obviously, patently you, Chris.

It's as unmistakable as your chins or your lithp. You must have gotten bullied, teased, and mocked as a kid.

Looks like I was RIGHT (again, as usual, lol)

Days ago I got the Win7 update (as Malwarebytes who helps me a LOT in my work patched the registry for it last Friday) early & I suspected DRIVERS would be affected on GAMING (usermode in Win NT 4.0 onward or not, DirectX DOES talk to kernelmode back INTO usermode memory address space) https://news.slashdot.org/comments.pl?sid=11564899&cid=55862769/ (on IP stack PnP hybrid design) & DIRECTLY (pun intended) on DirectX relation to NVidia drivers https://news.slashdot.org/comments.pl?sid=11564899&cid=55862695/

* Yes, folks - it's NOT EASY being "world-class" (like me, lol)...

APK

P.S.=> I am just glad it's all getting fixed - Microsoft did an EXCELLENT job & I'm FASTER for it (I 'felt it' on reboot after patch & LATER TechSpot released FORMAL testing bearing it out https://hardware.slashdot.org/comments.pl?sid=11574131&cid=55874785/)... apk

Anybody invulnerable, other than Itanium?

I find it ironic that the much-maligned Itanium seems to be the only modern processor that Meltdown and Spectre can't break.

nVidia Control Panel Crashes

My nVidia control panel started crashing after messing around with these Windows meltdown patches.
Maybe these new drivers have something to fix this crap.

Fake news: Hyperthreading.

Sounds to me that hyper-threading instead of speculation is the way things should have gone.