NVIDIA GPUs Weren't Immune To Spectre Security Flaws Either

Nvidia has became the latest chipmaker to release software patches for the Spectre microchip security threat, indicating that the chipset flaw was affecting graphic processors as well as CPUs. From a report: To that end, NVIDIA has detailed how its GPUs are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue. All its GeForce, Quadro, NVS, Tesla and GRID chips appear to be safe from Meltdown (aka variant 3 of the attacks), but are definitely susceptible to at least one version of Spectre (variant 1) and "potentially affected" by the other (variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second. Most of the updates are available now, although Tesla and GRID users will have to wait until late January.

Wow

[110010001000]

The current generation of computers are going to be even slower than the last generation. Nice job all around!

Re:Wow

[110010001000]

Actually I work in IT for $50k to protect the country. I don't just leech off of taxpayers money all day.

Re:Wow

Since all CPUs since 1995 are affected they're not, because that generation is slower now as well if you're running the latest updates.

Re:Wow

[war4peace]

Are you doing a good job?
And if so, are you sure those you work for are doing a good job?

Re:Wow

[EndlessNameless]

Intel isn't releasing the patches though. It's Microsoft, the Linux devs, the BSD devs, etc. who are releasing these patches.

personal desktop that is only used by 1 user who is also the owner of the hardware

You are using software made by other people. You either accept their judgement or roll your own.

Go ahead and fork pre-Spectre Linux if you really believe the Spectre mitigations are a bad idea. You might even find a few people who care about that marginal performance hit to help you---but I doubt it.

Re:Wow

[antdude]

Slower than Pentiums?

Obvious question, what about AMD?

[drinkypoo]

If this is another thing that AMD got right while the competition got it wrong, they're really going to come out looking like the only responsible parties.

Re:Obvious question, what about AMD?

[MiliusXP]

AMD is also not immude to Spectre... only Meltdown!

Re:Obvious question, what about AMD?

[RedK]

What about AMD ? They are vulnerable to Spectre too. What did they get right in this case exactly ?

Re:Obvious question, what about AMD?

[Luthair]

Actually they were only shown to have issues with one variant of spectre.

Re:Obvious question, what about AMD?

[Chatterton]

Has AMD (ATI) video cards do some speculative execution, Spectre is most probably also a problem for them.

From there, there is some possibilities:
- They tried to let it go under the rug by not talking about it for their video card products
- They are still in the process of working around
- They don't think that problem is a problem for video card workload (non sensitive)
- They are greedy and won't lose money working on it
- They don't have the problem
- They are incompetent

Pick your best guess

Re:Obvious question, what about AMD?

[Luthair]

Don't they already have cross licensing agreements?

Re:Obvious question, what about AMD?

A variant that requires physical access to the hardware no less.

Re:Obvious question, what about AMD?

[Luthair]

I assume this is tied to either the virtual GPU work or some sort of shared compute, maybe AMD hasn't advanced as far nvidia in architecting in this area?

Re:Obvious question, what about AMD?

[war4peace]

Missing option: "most of the above". "most" because "They don't have a problem" is N/A.

Re:Obvious question, what about AMD?

[mikael]

If you look at some of the papers on GPU architecture research, they are eliminating the out-of-order and speculation execution of instructions as well. They were doing so since 2011.

Re:Obvious question, what about AMD?

[EndlessNameless]

AMD is offers fuller preemptive multitasking. If anything, their hardware is more advanced than NVIDIA's for general compute. (NVIDIA has added some very nice hardware for deep learning though.)

AMD's bigger problem is that NVIDIA did a very good job of promoting CUDA and related proprietary tools. NVIDIA has a huge headstart in putting tools for programming their GPUs in front of developers. Honestly, they've always been better at software and industry partnership than AMD.

NVIDIA GPUs are not susceptible

NVIDIA GPUs do not do speculative execution. They do not have access to kernel memory. They are not susceptible to these flaws. These are patches in their drivers to account for CPU (not GPU) exploits. I.E. Intel and AMD flaws. I bet NVIDIA releases a clarification soon.

Re:NVIDIA GPUs are not susceptible

[Stormy+Dragon]

They do not have access to kernel memory.

Spectre has nothing to do with kernel memory. You're confusing the Spectre flaw with the Meltdown flaw.

Re: NVIDIA GPUs are not susceptible

Branching and branch prediction (an optimising technique for speculative execution) are two different things.

IAFAIK no nVidia GPU implements speculative execution. nVidia released a driver update to patch CPU related Spectre. This article is just making a wild assumption for hits.

Re:NVIDIA GPUs are not susceptible

[angel'o'sphere]

And the code running on a GPU has no access to main memory ...

Re:NVIDIA GPUs are not susceptible

[Stormy+Dragon]

No, but the code running on a GPU memory has access to video memory, which means Spectre style flaws could be exploited to expose sensitive data stored in video memory that the code would not normally have access to.

Re:NVIDIA GPUs are not susceptible

[EndlessNameless]

This is not entirely accurate. You have unified memory access in CUDA, and it's been that way for years. The CUDA driver has system-level privileges.

A quick google turned up this NVIDIA blog post. You can dig into the details on CUDA Zone if you're really curious.

Unified memory is also supported in DirectX 12 if the underlying hardware supports it.

In both cases, the driver shuffles data transparently. There are already a lot of attacks that rely on manipulative accesses of memory/cache to ensure that data is being read from desirable locations, so it is conceivable that GPU code could expose kernel memory. After all, the driver that provides memory management would have access to it.

Cryptocurrency mining

[forkfail]

Wonder what impact this will have on cryptocurrency markets. Regardless of actual slowdown in mining, it is the perception that will probably matter...

Re:Cryptocurrency mining

[war4peace]

My guess is none.
The patches only make sense if the computers running the hardware do hold sensitive information. Cryptomining drone systems generally don't; furthermore they are generally isolated from the Internet.

Re:Cryptocurrency mining

[forkfail]

Perhaps.

My thought was more along of the line of the perceived impact in the overhead of a patch that for a CPU is going to drop instruction processing by between 5% and 20%. If the BitCoiners think that mining rates would suffer the same amount of throttling (decreasing supply) if it will impact the market.

Note, though, I am referring to perception more than actual mining rate changes.

Re:Cryptocurrency mining

[Highdude702]

Can't mine without an Internet connection..

Re:Cryptocurrency mining

[war4peace]

As a standalone miner, you can't.
In mining datacenter, you cave a local pool which is controlled by a PC connected to the Internet, and miners connect to the local pool without being connected to the Internet themselves.

Re:Cryptocurrency mining

[war4peace]

CPUs have very, very, very little impact in GPU mining. As in "insignificant".

Re:Cryptocurrency mining

[forkfail]

Ya. But - how will the market see this thing?

Technically, yep. Agree completely. Just pondering the difference between technical reality and perception, and how it impacts things :-)

Re:Cryptocurrency mining

[Highdude702]

Didn't think of that, But I personally don't call that isolated if the network is connecting to a box with internet access. There is always a way in, Finding it is the hard part.

GPUs vulnerable to Spectre security flaw?

[DontBeAMoran]

Oh noes! The bad guys will access my game textures!

Re:GPUs vulnerable to Spectre security flaw?

[hcs_$reboot]

They might also witness the bitcoin data being mined by a malware.

Re:GPUs vulnerable to Spectre security flaw?

[Arkh89]

Or your screen main framebuffer...

Please do some research before spouting off

NVIDIA’s core business is GPU computing. We believe our GPU hardware is immune to the reported security issue and are updating our GPU drivers to help mitigate the CPU security issue. As for our SoCs with ARM CPUs, we have analyzed them to determine which are affected and are preparing appropriate mitigations.

Horribly inaccurate article/summary

[Nemyst]

Holy shit this is bad reporting. Nowhere on the Nvidia page does it say that GPUs are actually affected by Spectre or Meltdown. It's in fact impossible since GPUs don't perform speculative execution. On top of that, GPUs don't run kernel code (so cannot leak it), don't run an OS, have a completely different architecture to begin with and so on.

So what's this announcement about? It's a driver update to mitigate Spectre/Meltdown which could potentially affect the driver's CPU code. This has also been confirmed by Nvidia many days ago.

Shameful reporting by Engadget, not that I'm surprised considering they barely qualify as "tech" reporting.

Re:Horribly inaccurate article/summary

[tlhIngan]

On top of that, GPUs don't run kernel code (so cannot leak it)

No, GPUs have access to kernel memory and can leak that. I don't care about the GPU memory contents. But the GPU has access, because of its design, to the OS kernel's memory, and potentially it has write access to that memory.

(The GPU drivers generally reside in the kernel, and for fast efficient transfers of data, the system may map the entire system RAM into PCIe memory space so the GPU can rapidly access all the buffers - the command buffers from the kernel, the texture and model buffers from the userspace application, etc.)

I wouldn't be surprised if other devices started having similar flaws, though the GPU one is particularly serious since a lot of the data comes from userspace applications - other devices like a sound card also have access to kernel memory, but the interface is usually much more limited with few soundcards having a programmable command interface directly controllable from userspace applications.

Re:Horribly inaccurate article/summary

[sl3xd]

On top of that, GPUs don't run kernel code (so cannot leak it),

It's entirely different from saying it's a problem with the GPU, but: There is the much-maligned NVIDIA kernel module which does interact with the GPU.

It's not far-fetched to say that there may be Meltdown/Spectre related patches -- though it's far more reasonable to say that any fixes would be a mitigation between the kernel module/driver and the CPU.

Why attack a GPU?

Even if the Nvidia chips are exposed, why would anyone attack a GPU that has no access to any personal information? GPU's store pixel data and other display data not personal data. I guess for myself I would be more concerned about Intel's and AMD's new chip combinations that at least implies a closer connection between the two. Not suggestion a current security threat, but certainly might be a potential target if a flaw were to exist.

Re:Why attack a GPU?

[gwjgwj]

GPU has access to the CPU memory via PCI Express.

Perhaps there is some good to all of this

[wjcofkc]

These flaws having been introduced so widely and having existed for so long is a side effect of petal to the metal semiconductor advancement. I can only suspect other flaws will be found in time. If this forces an extra layer of thoughtfulness to a technology that stands as the centerpiece of modern civilization and represents (at least to me) the greatest technological realization of the modern scientific age (arguable) then things can only be that much better moving forward. Dye fabrication size is already introducing fantastic new engineering challenges. The more architectural hurdles that can be recognized the better.

I do wonder that if we eventually turn semiconductor design and other future computing technologies over to AI in what now seems likely a very near future, if at some point those tools may introduce features too subtle for us to notice or even understand in order to benefit themselves or itself alone, perhaps even ensuring their own protection. Without ever telling us, of course.

Re:Perhaps there is some good to all of this

[angel'o'sphere]

An AI is only as "smart" as its trainers/programmers.

It won't find a random security hole in an obscure spot the programmers never thought about.

Re:Perhaps there is some good to all of this

[wjcofkc]

Yes. That is true today.

Fake news

[OneAhead]

GP is right. Some tech journalist made a flawed deduction and the resulting entirely false story spread virally, even to slashdot. According to their official statement, Nvidia is simply updating its GPU drivers to help mitigate the CPU security issue, a normal and expected move that will be followed by many software vendors since spectre (specifically CVE-2017-5753) actually represents a new class of security vulnerabilities - like "buffer over-read" but different.

In answer to your post, while GPUs do support branching, they don't engage in branch prediction, which makes them immune. In simple terms, superscalar CPUs process data in a "scalar" fashion, but use all kinds of tricks (like speculative execution) to perform more ops per cycle than would be possible for an equivalent scalar design (hence "super"). While superscalar designs fulfill strong market pressure for high per-thread performance, they comes at the cost of using a lot of silicon (and power). Also, one of these "superscalar tricks" just now has turned out too tricky for its own good.

In contrast, GPUs take a whole different approach in getting around the inherent bottleneck of a scalar design: they perform simple operations on a whole array worth of data at once, and can be seen as a cluster of hundreds of simplified scalar CPUs running in parallel (to give an example of "simplified": they commonly share instruction decoding logic to some extent). The advantage of this approach is that you can use silicon for actual computations that would otherwise be "wasted" on "superscalar tricks", which is why GPUs have such phenomenal computational throughput per unit of power consumption compared to CPUs. The disadvantage is that your workload needs to be optimized for this design, which isn't always possible, leave alone easy. They're great for graphic rendering, though. ;)

Anyhow, given the above, you can see that some would argue that going superscalar would defeat the whole point of a GPU living alongside a CPU in the same box...

Re:Fake news

[OneAhead]

I just stumbled upon a very nice explanation on why GPUs don't have branch predictors that is far more rigorous (although also somewhat more technical) than what I wrote.

Re:Fake news

[overheardinpdx]

NVIDIA's own Security Bulletin says that their GPUs are subject to Spectre and Meltdown exploits: https://nvidia.custhelp.com/ap...

Re:Fake news

[exomondo]

The title and heading of that page is:
Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities

CPU, not GPU. It goes on to say:
We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue.

Re:The timing is great

[OneAhead]

Oh wow you're right, that's nasty (even if entirely coincidental).

Re:Oh, dang!

[Hal_Porter]

These attacks seem to affect anything with speculative execution. If they affect Intel, ARM and AMD CPUs and NVidia GPUs it's not all that unlikely that they affect AMD GPUs too.

Re:Oh, dang!

[sexconker]

Variant One (Spectre, lamer version that no one should be afeared of.)

Bounds Check Bypass
Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.

Variant Two (Spectre, legit version that can nizz your nozz.)

Branch Target Injection
Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.

Variant Three (Meltdown, AMD is unaffected. Intel is affected for every damned thing lol. One ARM CPU - Cortex A57 - has been found to be affected by Meltdown / something so similar ARM threw it under the Meltdown umbrella / bus.)

Rogue Data Cache Load
Zero AMD vulnerability due to AMD architecture differences.

Re: Oh, dang!

[sexconker]

I don't mind it. I find the current moderation on creimer's post to be funny (-1, Interesting).

Re: Oh, dang!

Is there some kind of law describing when shilling and trolling are indistinguishable?