We test it. I think you're asking how can I be certain that it will work on every unit of that model ever produced, but obviously the answer is we can't, but we have higher confidence after checking?
-
-
Since you're whitelisting based on vendor (?), no. Testing one uarch shouldn't give you any more that another uarch works than that a Transmeta chip works. And within one uarch, how exactly are you testing? I suspect the answer is technically yes, but only in a meaningless way.
1 reply 0 retweets 1 like -
It's a compromise, I would prefer a more specific check. Not sure what alternative you're proposing, just start depending on how obscure parts of the spec works under attack without even testing?
1 reply 0 retweets 0 likes -
IMO, this answer sounds like 1. Something must be done 2. This is something 3. We should do this I think almost any competent CPU engineer would tell you that this actually has no meaningful impact. You're pointing out a real problem, but that doesn't mean this helps at all.
2 replies 1 retweet 6 likes -
Well, that's half of it. The other half of your response is that if we don't do this test that does nothing, we also shouldn't test anything? But no one is proposing removing CPUID feature checks for features you're actually using.
1 reply 0 retweets 0 likes -
What's your mental model of the failure mode you're going to catch? The reason a competent CPU engineer is going to tell you this is useless is that their model of what might fail will expect that you get no new information from running the test even on thousands of chips.
2 replies 0 retweets 0 likes -
Interesting, so if I test 1000 chips, and they all fail, your saying that it's still safe to make this security sensitive?
1 reply 0 retweets 0 likes -
Come on, do you want to have a discussion or score points? Seems like you're more interesting in just scoring points?
2 replies 0 retweets 1 like -
This is a nice soundbite that I guess could sound good to someone who doesn't understand hardware at all but doesn't address anything I said.
1 reply 0 retweets 0 likes -
Then help me understand, I test 10 Transmeta chips, and find all of them start miscalculating branches when some unit is heated with some odd instruction sequence. Should I add Transmeta to the whitelist? I would say no, but it sounds like you're saying, that means nothing.
1 reply 0 retweets 1 like
How many times did you test a set of chips from a vendor and see that outcome? I'm guessing zero? The broader point is that testing with no model of the underlying process is going to lead to testing things that aren't informative at all.
-
-
For a conventional branch predictor on a semi-modern (P6+ era) out of order processor, it would be pretty surprising to have the critical path run through the branch predictor. Ofc. a metal fix for could change this as could an unconventional design, as well as other things.
1 reply 0 retweets 0 likes -
Maybe you get "lucky" with some chip and there's some extreme manufacturing variation that causes this failure mode, maybe the wafer was bad in some particular way, etc.
1 reply 0 retweets 0 likes - 24 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.