So after testing 1k chips from Intel, what do you know? If you have some knowledge of CPU internals and talk to Intel verification folks, your prior (IMO) should still be that they're the most likely to have this kind of issue.
-
-
After testing 1k chips, if all 1k failed under load, I would say we need to insist on a more specific cpuid whitelist, maybe consider design changes, and get feedback from the vendor? I really think this is pretty reasonable.
1 reply 0 retweets 0 likes -
If 1k out of 1k failed under load, the chip never would've shipped in the first place, you're never going to see that. The linked bug is contemporary with the NaCl thread. How come the CPU vendor *most likely to have issues like the one you describe* is one of two whitelisted?
1 reply 0 retweets 2 likes -
If by under load you mean not overclocked but under load. And as I'm sure you know, there was a fairly serious CPU correctness bug found by your employer during that timeframe, unsurprisingly against a whitelisted vendor.
1 reply 0 retweets 0 likes -
What percentage of chips couldn't handle lock cmpxchg8b eax? We're not talking about well formed code, we're talking about adversarial code from the web, designed to trigger edge cases or exercise obscure parts of the spec. Not sure spectre was relevant to NaCl, rowhammer was.
1 reply 0 retweets 0 likes -
what percentage of Intel chips or banned Centaur chips? I'm not saying that chips never fail, I'm just saying that your whitelisted vendors have the most complex and therefore the most likely to fail chips and this is what we've seen in practice.
1 reply 0 retweets 0 likes -
NaCl only depends on a small subset of the operation for security. Not sure why you keep talking about Spectre/Meltdown, it wasn't really relevant to NaCl (wasn't a free breakout, and you didn't need NaCl to exploit it, but rowhammer was).
1 reply 0 retweets 0 likes -
Then please enlighten me, what was the "fairly serious CPU correctness bug found by [my] employer"?
2 replies 0 retweets 0 likes -
Tavis Ormandy Retweeted Dan Luu
You also mentioned it in this tweet (as far as I'm aware, I haven't brought it up at all, so one of us is very confused).https://twitter.com/danluu/status/1203453134657314816 …
Tavis Ormandy added,
Dan Luu @danluuThe Google Chromium team banning our CPUs is especially ironic in retrospect since they cited security concerns. At the time, we were mostly shipping in-order CPUs, not vulnerable to Metldown/Spectre/etc. and of course Intel is the most vulnerable these. https://twitter.com/danluu/status/779746231287328768 …Show this thread1 reply 0 retweets 0 likes
Yes, I brought it up originally and you keep saying that it's not relevant and this invalidates my objections when my objections are completely unrelated.
-
-
Alright, well, I think we've reached an impasse here.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.