{"id":62327,"date":"2021-04-06T09:17:23","date_gmt":"2021-04-06T07:17:23","guid":{"rendered":"https:\/\/www.planet3dnow.de\/cms\/?p=62327"},"modified":"2021-04-06T09:27:27","modified_gmt":"2021-04-06T07:27:27","slug":"amd-untersucht-eine-mit-zen-3-eingefuehrte-spectre-like-schwachstelle","status":"publish","type":"post","link":"https:\/\/www.planet3dnow.de\/cms\/62327-amd-untersucht-eine-mit-zen-3-eingefuehrte-spectre-like-schwachstelle\/","title":{"rendered":"AMD<\/span> untersucht eine mit Zen 3 eingef\u00fchrte Spectre-like Schwachstelle"},"content":{"rendered":"

Im Gro\u00ad\u00dfen und Gan\u00adzen hat die neue Zen-3-Archi\u00adtek\u00adtur von AMD<\/span><\/a> viel Lob ein\u00adge\u00adheimst: aber\u00admals ver\u00adbes\u00adser\u00adte IPC<\/span> bei gleich geblie\u00adbe\u00adnem Takt, deut\u00adlich ver\u00adbes\u00adser\u00adte Spie\u00adle-Per\u00adfor\u00admance dank \u00fcber\u00adar\u00adbei\u00adte\u00adter Cache-Archi\u00adtek\u00adtur, etli\u00adche neue Fea\u00adtures und Funk\u00adtio\u00adnen und das alles bei erheb\u00adlich nied\u00adri\u00adge\u00adrem Strom\u00adver\u00adbrauch trotz h\u00f6he\u00adrer Anzahl an Ker\u00adnen gegen\u00ad\u00fcber den j\u00fcngs\u00adten Intel-CPUs.<\/p>\n

Doch es gab auch ein paar schie\u00adfe Zwi\u00adschen\u00adt\u00f6\u00adne<\/a>. Da w\u00e4re zum einen die man\u00adgel\u00adhaf\u00adte Ver\u00adf\u00fcg\u00adbar\u00adkeit<\/a> der Ryzen 5000. Daf\u00fcr zeig\u00adten Kun\u00adden und Medi\u00aden aller\u00addings wei\u00adtest\u00adge\u00adhend Ver\u00adst\u00e4nd\u00adnis. Wer fremd\u00adfer\u00adti\u00adgen l\u00e4sst wie AMD<\/span> es tut und sich im Vor\u00adfeld auf eine bestimm\u00adte Anzahl an Wafer fest\u00adle\u00adgen muss, die er bucht, fin\u00addet sich dann eben in der Fal\u00adle, wenn ein Pro\u00addukt auf\u00adgrund guter Leis\u00adtun\u00adgen st\u00e4r\u00adker nach\u00adge\u00adfragt wird als vermutet\/erhofft. Mit ein\u00adzel\u00adnen Model\u00adlen wird das erst jetzt, mehr als 4 Mona\u00adte nach der Markt\u00adein\u00adf\u00fch\u00adrung, lang\u00adsam bes\u00adser. Noch immer liegt der Stra\u00ad\u00dfen\u00adpreis jedoch \u00fcber der UVP<\/span>.<\/p>\n

Der zwei\u00adte Punkt betrifft die Aspek\u00adte WHEA-Errors im Event\u00adlog ggf. flan\u00adkiert von Abst\u00fcr\u00adzen, sowie USB-Pro\u00adble\u00admen mit den neu\u00aden Chip\u00ads\u00e4t\u00adzen der 500er Serie, die wom\u00f6g\u00adlich ihren gemein\u00adsa\u00admen Ursprung in den erwei\u00adter\u00adten Strom\u00adspar\u00adtech\u00adni\u00adken haben, die mit Zen 3 ein\u00adge\u00adf\u00fchrt wur\u00adden. AMD<\/span> unter\u00adsucht das gera\u00adde und die letz\u00adten AGE\u00adSA-Ver\u00adsio\u00adnen brach\u00adten wohl Lin\u00adde\u00adrung<\/a>, was zeigt, dass AMD<\/span> auf der rich\u00adti\u00adgen Spur ist.<\/p>\n

Nun jedoch hat AMD<\/span> selbst ein White\u00adpa\u00adper<\/a> ver\u00ad\u00f6f\u00adfent\u00adlicht, aus\u00adge\u00adrech\u00adnet zur Markt\u00adein\u00adf\u00fch\u00adrung der Ser\u00adver-Ver\u00adsi\u00adon von Zen 3 namens Milan<\/a>, das eine mit Zen 3 neu ein\u00adge\u00adf\u00fchr\u00adte Schwach\u00adstel\u00adle beschreibt, die \u00e4hn\u00adlich wie Spect\u00adre V4<\/span><\/a> ein\u00adzu\u00adstu\u00adfen ist. Wir erin\u00adnern uns: Anfang 2018 wur\u00adde eine neue Klas\u00adse an Schwach\u00adstel\u00adlen in moder\u00adnen Pro\u00adzes\u00adso\u00adren<\/a> bekannt, die deren leis\u00adtungs\u00adstei\u00adgern\u00adde Fea\u00adtures wie Spe\u00adcu\u00adla\u00adti\u00adve Exe\u00adcu\u00adti\u00adon, Branch Pre\u00addic\u00adtion und Out of Order Exe\u00adcu\u00adti\u00adon f\u00fcr Sei\u00adten\u00adka\u00adnal-Angrif\u00adfe aus\u00adnut\u00adzen. Inzwi\u00adschen sind ein Dut\u00adzend die\u00adser Schwach\u00adstel\u00adlen in bestimm\u00adten Vari\u00adan\u00adten bekannt<\/a>. Ziel ist es dabei stets, Daten eines Tasks, Pro\u00adzes\u00adses oder einer Instanz abzu\u00adgrei\u00adfen, auf den\/die man eigent\u00adlich kei\u00adnen Zugriff haben sollte.<\/p>\n

W\u00e4h\u00adrend Zen 3 und Zen 2 eini\u00adge Miti\u00adga\u00adtio\u00adnen in Hard\u00adware erhiel\u00adten zur Absi\u00adche\u00adrung gegen die alten, bekann\u00adten Spect\u00adre-like L\u00fccken, hat AMD<\/span> bei Zen 3 offen\u00adbar eine neue Schwach\u00adstel\u00adle auf\u00adge\u00adris\u00adsen. Die Rede ist dabei von Pre\u00addic\u00adti\u00adve Store For\u00adwar\u00adding (PSF<\/span>), eine Tech\u00adno\u00adlo\u00adgie, die ein\u00adge\u00adf\u00fchrt wur\u00adde, um Abh\u00e4n\u00adgig\u00adkei\u00adten zwi\u00adschen Load und Store auf\u00adzu\u00adl\u00f6\u00adsen und dem Pro\u00adzes\u00adsor damit die M\u00f6g\u00adlich\u00adkeit zu er\u00f6ff\u00adnen, spe\u00adku\u00adla\u00adtiv wei\u00adter vor\u00adaus\u00adzu\u00adrech\u00adnen mit dem Ziel, die Leis\u00adtung zu erh\u00f6\u00adhen. Die\u00adses Fea\u00adture schafft jedoch laut AMD<\/span> zwei M\u00f6g\u00adlich\u00adkei\u00adten f\u00fcr einen Angrei\u00adfer \u00e4hn\u00adlich wie bei Spect\u00adre V4<\/span> \u00fcber Umwe\u00adge an Daten zu gelan\u00adgen, die ihn nichts angehen:<\/p>\n

CAUSES<\/span> OF<\/span> INCORRECT<\/span> PSF<\/span>
\nIncor\u00adrect PSF<\/span> pre\u00addic\u00adtions can occur due to at least the fol\u00adlo\u00adwing two reasons. First, it is pos\u00adsi\u00adble that the store\/load pair had a depen\u00adden\u00adcy for a while but later stops having a depen\u00adden\u00adcy. This can occur if the address of eit\u00adher the store or load chan\u00adges during the exe\u00adcu\u00adti\u00adon of the program.<\/p>\n

The second source of incor\u00adrect PSF<\/span> pre\u00addic\u00adtions can occur if the\u00adre is an ali\u00adas in the PSF<\/span> pre\u00addic\u00adtor struc\u00adtu\u00adre. The PSF<\/span> pre\u00addic\u00adtor is desi\u00adgned to track stores\/load pairs based on por\u00adti\u00adons of their RIP<\/span>. It is pos\u00adsi\u00adble that a store\/load pair which does have a depen\u00adden\u00adcy may ali\u00adas in the pre\u00addic\u00adtor with ano\u00adther store\/load pair which does not. This may result in incor\u00adrect spe\u00adcu\u00adla\u00adti\u00adon when the second store\/load pair is executed.<\/p>\n

[..]
\nSECURITY<\/span> ANALYSIS<\/span>
\nPre\u00advious rese\u00adarch has shown that when CPUs spe\u00adcu\u00adla\u00adte on non-archi\u00adtec\u00adtu\u00adral paths it can lead to the poten\u00adti\u00adal of side chan\u00adnel attacks. In par\u00adti\u00adcu\u00adlar, pro\u00adgrams that imple\u00adment iso\u00adla\u00adti\u00adon, also known as \u2018sand\u00adboxing\u2019, enti\u00adre\u00adly in soft\u00adware may need to be con\u00adcer\u00adned with incor\u00adrect CPU<\/span> spe\u00adcu\u00adla\u00adti\u00adon, which can occur due to bad PSF<\/span> predictions.<\/p>\n

Becau\u00adse PSF<\/span> spe\u00adcu\u00adla\u00adti\u00adon is limi\u00adt\u00aded to the cur\u00adrent pro\u00adgram con\u00adtext, the impact of bad PSF<\/span> spe\u00adcu\u00adla\u00adti\u00adon is simi\u00adlar to that of spe\u00adcu\u00adla\u00adti\u00adve store bypass (e.g., Spect\u00adre v4). In both cases, a secu\u00adri\u00adty con\u00adcern ari\u00adses if code exists that imple\u00adments some kind of secu\u00adri\u00adty con\u00adtrol which can be bypas\u00adsed when the CPU<\/span> spe\u00adcu\u00adla\u00adtes incor\u00adrect\u00adly. This may occur if a pro\u00adgram (such as a web brow\u00adser) hosts pie\u00adces of untrus\u00adted code and the untrus\u00adted code is able to influence how the CPU<\/span> spe\u00adcu\u00adla\u00adtes in other regi\u00adons in a way that results in data leaka\u00adge. This is simi\u00adlar to the secu\u00adri\u00adty risk with other Spect\u00adre-type attacks.<\/p><\/blockquote>\n

In dem White\u00adpa\u00adper beschreibt AMD<\/span> auch, wie PSF<\/span> per MSR-Regis\u00adter-\u00c4nde\u00adrun\u00adgen deak\u00adti\u00adviert wer\u00adden kann, emp\u00adfiehlt jedoch nicht, dies gene\u00adrell zu tun.<\/p>\n

In der Zwi\u00adschen\u00adzeit hat die auf Linux spe\u00adzia\u00adli\u00adsier\u00adte Web\u00adsei\u00adte Pho\u00adro\u00adnix eini\u00adge Tests durch\u00adge\u00adf\u00fchrt<\/a> mit akti\u00advier\u00adtem und deak\u00adti\u00advier\u00adtem PSF<\/span>. Die\u00adse zei\u00adgen im Mit\u00adtel eine ver\u00adnach\u00adl\u00e4s\u00adsig\u00adba\u00adre Aus\u00adwir\u00adkung auf die Per\u00adfor\u00admance (59,38 vs. 59,19, also nicht ein\u00admal 1 Pro\u00adzent). Bei ein\u00adzel\u00adnen Auf\u00adga\u00adben k\u00f6n\u00adnen die Aus\u00adwir\u00adkun\u00adgen aller\u00addings durch\u00adaus gr\u00f6\u00ad\u00dfer sein, die Ein\u00adzel\u00adwer\u00adte der Bench\u00admark-Suite hat Pho\u00adro\u00adnix lei\u00adder nicht ein\u00adzeln aufgeschl\u00fcsselt.<\/p>\n

 <\/p>\nngg_shortcode_0_placeholder ","protected":false},"excerpt":{"rendered":"

AMD<\/span> hat selbst ein White\u00adpa\u00adper ver\u00ad\u00f6f\u00adfent\u00adlicht, aus\u00adge\u00adrech\u00adnet zur Markt\u00adein\u00adf\u00fch\u00adrung der Ser\u00adver-Ver\u00adsi\u00adon von Zen 3 namens Milan, das eine mit Zen 3 neu ein\u00adge\u00adf\u00fchr\u00adte Schwach\u00adstel\u00adle beschreibt, die \u00e4hn\u00adlich wie Spect\u00adre V4<\/span> ein\u00adzu\u00adstu\u00adfen ist. Wir erin\u00adnern uns: Anfang 2018 wur\u00adde eine neue Klas\u00adse an Schwach\u00adstel\u00adlen in moder\u00adnen Pro\u00adzes\u00adso\u00adren bekannt, die deren leis\u00adtungs\u00adstei\u00adgern\u00adde Fea\u00adtures wie Spe\u00adcu\u00adla\u00adti\u00adve Exe\u00adcu\u00adti\u00adon, Branch Pre\u00addic\u00adtion und Out of Order Exe\u00adcu\u00adti\u00adon f\u00fcr Sei\u00adten\u00adka\u00adnal-Angrif\u00adfe aus\u00adnut\u00adzen. (\u2026) Wei\u00adter\u00adle\u00adsen \u00bb<\/a><\/p>\n","protected":false},"author":2,"featured_media":35751,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0,"footnotes":""},"categories":[12],"tags":[966,985,2075,2550,1420,1309],"class_list":["post-62327","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aktuelles","tag-amd","tag-linux","tag-milan","tag-psf","tag-spectre","tag-zen-3","entry"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/62327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/comments?post=62327"}],"version-history":[{"count":14,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/62327\/revisions"}],"predecessor-version":[{"id":62343,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/62327\/revisions\/62343"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media\/35751"}],"wp:attachment":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media?parent=62327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/categories?post=62327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/tags?post=62327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}