T2 Linux Discovers (Now Patched) AMD Zen 4 Invalid Opcode Speculation Bug (youtube.com) 13
T2 SDE is not just a Linux distribution, but "a flexible Open Source System Development Environment or Distribution Build Kit," according to a 2022 announcement of its support for 25 CPU architectures, variants, and C libraries. ("Others might even name it Meta Distribution. T2 allows the creation of custom distributions with state of the art technology, up-to-date packages and integrated support for cross compilation.")
And while working on it, Berlin-based T2 Linux developer René Rebe (long-time Slashdot reader ReneR) discovered random illegal instruction speculation on AMD Ryzen 7000-Series and Epyc Zen 4 CPU.
ReneR writes: Merged to Linux 6.6 Git is a fix for the bug now known at AMD as Erratum 1485.
The discovery was possible through continued high CPU load cross-compiling the T2 Linux distribution with support for all CPU architectures from ARM, MIPS, PowerPC, RISC-V to x86 (and more) for 33 build variants. With sustained high CPU load and various instruction sequences being compiled, pseudo random illegal instruction errors were observed and subsequently analyzed.
ExactCODE Research GmbH CTO René Rebe is thrilled that working with AMD engineers lead to a timely mitigation to increase system stability of the still new and highest performance Zen4 platform.
"I found real-world code that might be similar or actually trigger the same bugs in the CPU that are also used for all the Spectre Meltdown and other side-channel security vulnerability mitigations," Rebe says in a video announcement on YouTube.
It took Rebe a tremendous amount of research, and he says now that "all the excessive work changed my mind. Mitigations equals considered harmful... If you want stable, reliable computational results — no, you can't do this. Because as Spectre Meltdown and all the other security issues have proven, the CPUs are nowadays as complex as complex software systems..."
And while working on it, Berlin-based T2 Linux developer René Rebe (long-time Slashdot reader ReneR) discovered random illegal instruction speculation on AMD Ryzen 7000-Series and Epyc Zen 4 CPU.
ReneR writes: Merged to Linux 6.6 Git is a fix for the bug now known at AMD as Erratum 1485.
The discovery was possible through continued high CPU load cross-compiling the T2 Linux distribution with support for all CPU architectures from ARM, MIPS, PowerPC, RISC-V to x86 (and more) for 33 build variants. With sustained high CPU load and various instruction sequences being compiled, pseudo random illegal instruction errors were observed and subsequently analyzed.
ExactCODE Research GmbH CTO René Rebe is thrilled that working with AMD engineers lead to a timely mitigation to increase system stability of the still new and highest performance Zen4 platform.
"I found real-world code that might be similar or actually trigger the same bugs in the CPU that are also used for all the Spectre Meltdown and other side-channel security vulnerability mitigations," Rebe says in a video announcement on YouTube.
It took Rebe a tremendous amount of research, and he says now that "all the excessive work changed my mind. Mitigations equals considered harmful... If you want stable, reliable computational results — no, you can't do this. Because as Spectre Meltdown and all the other security issues have proven, the CPUs are nowadays as complex as complex software systems..."
"Mitigations equals considered harmful" (Score:2)
What does that mean? Is it a grammatical error?
Re: (Score:3, Informative)
Re: (Score:2)
Goto is still technically there. Just effectively hidden from the noobs. Even those languages that eliminated it, someone wrote a module generally that reimplements it. I'm hard pressed to identify an instruction set (even a p-code interpreter) that doesn't have an unconditional jump within it, so the potential is always there via inlined assembly or an external library if inlining is not possible.
It's actually useful in some cases. Without question, Djikstra had a point. Actual spaghetti code was unre
Re: (Score:2)
The whole sentence seems like an exercise in linguistic puzzles... IMHO, a lot of cut and paste while doing something else at the same time
@youn: Mitigations == “considered harmful&rd (Score:2)
Re: (Score:3)
Someone has set us up the bomb.
Re: (Score:3)
What does that mean? Is it a grammatical error?
I expect what it means is - his native language is German. And while his English may not be perfect, it is far, far better than my German.
Re: (Score:2)
Re: (Score:2)
It's been ChatGPT'd. :)
Re: (Score:2)
He means you can't design a CPU with a bunch of wild OOE branches that you don't have a good handle on and then whenever somebody discovers an exploit just issue an OS mitigation for that particular case.
A CPU that doesn't speculate as much would be considerably slower and much more secure.
The cool thing is with RISC-V somebody could test this market - disable most OOE, mask it out, and see how many buyers you can find. Lots of embedded and industrial control systems would be happy to have the option.
And T2
Re: (Score:2)
No you can't. RISC-V is just an ISA. Implement the (mandatory) integer core and you can call it RISC-V officially.
There are no official RISC-V implementations - there are various open-source implementations but that's just like saying there are TTL implementations of it as well (yes, there's a TTL implementation of RISC-V using standard 74xx chips).
You do not buy a RISC-V desi