Newer AMD Ryzen chips have SQUIP vulnerably

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Aug 15, 2022.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    44,669
    Likes Received:
    11,345
    GPU:
    AMD | NVIDIA
    SQUIP, which stands for Scheduler Queue Usage through Interference Probing, is a new CPU vulnerability found by security experts. This new security weakness has been discovered in Apple M1 CPUs and AM...

    Newer AMD Ryzen chips have SQUIP vulnerably
     
  2. PrMinisterGR

    PrMinisterGR Ancient Guru

    Messages:
    8,073
    Likes Received:
    907
    GPU:
    Inno3D RTX 3090
    Crap.

    Makes me wonder how many of these were known by intelligence agencies all this time.
     
  3. anticupidon

    anticupidon Ancient Guru

    Messages:
    6,832
    Likes Received:
    3,151
    GPU:
    Polaris/Vega/Navi
    Don't ask, don't tell.
     
    Brasky and mohiuddin like this.
  4. BLEH!

    BLEH! Ancient Guru

    Messages:
    6,302
    Likes Received:
    312
    GPU:
    Sapphire Fury
    Maybe it's time for some ground-up architecture design with security at the heart of it...
     

  5. southamptonfc

    southamptonfc Ancient Guru

    Messages:
    2,293
    Likes Received:
    352
    GPU:
    GB 3080ti Vision OC
    They probably knew and had a part in placing these "features" in the CPUs in the first place!
     
    Neo Cyrus likes this.
  6. Espionage724

    Espionage724 Master Guru

    Messages:
    676
    Likes Received:
    292
    GPU:
    EVGA RTX 3060 XC
    Of course it's SMT. Why are we still faking cores on 6+ core CPUs, besides bigger numbers looking better? Does anything on consumer platforms benefit enough to warrant SMT enabled by-default?
     
  7. cucaulay malkin

    cucaulay malkin Ancient Guru

    Messages:
    6,102
    Likes Received:
    3,341
    GPU:
    RTX 3060 Ti
    most games,check out 10400f vs 9400f, differences can be as high as 20-something percent
     
  8. H83

    H83 Ancient Guru

    Messages:
    4,045
    Likes Received:
    1,432
    GPU:
    MSI Duke GTX1080Ti
    Apparently that is no longer possible due to the complexity of modern CPUs.

    Thankfully, most vulnerabilities require some sort of physical access, so we are pretty much safe but for companies with tons of servers, this kind of stuff must be a nightmare.
     
  9. BLEH!

    BLEH! Ancient Guru

    Messages:
    6,302
    Likes Received:
    312
    GPU:
    Sapphire Fury
    Would going RISC, or hell, even ternary programming change that at all? Not even remotely my field of expertise, but I think we all have a vested interest given the dependence on tech these days to try and fix this. Abstract ideas (not quantum) will be needed!
     
  10. Horus-Anhur

    Horus-Anhur Ancient Guru

    Messages:
    4,644
    Likes Received:
    5,438
    GPU:
    RTX 2070 Super
    But x86 is RISC, since the P5.
     
    BLEH! and tunejunky like this.

  11. Espionage724

    Espionage724 Master Guru

    Messages:
    676
    Likes Received:
    292
    GPU:
    EVGA RTX 3060 XC
    Surely the performance is good-enough without SMT for most games? If a game is getting 300 FPS, that's an extra 60 FPS on-top of something already overkill :p

    I can also gain performance by disabling core isolation, CFG, SVM, and other mitigations at the cost of security. My opinion is that SMT is only a thing because people like higher CPU "core" counts and it looks better slapped on product boxes, and I feel as if the few benefits of SMT should be put towards making actual cores instead. Best case it gives a little more FPS in games and compress/decompress operations. Worst-case it increases latency, lowers performance, and brings security issues.

    My largest gripe about SMT (or I guess HT in this case) is that some BIOS don't allow you to even disable it. I don't know if AMD enforces some policy about this, but I've had a few Intel CPU gaming laptops and desktops (Skylake-Coffee Lake) and none of them had an option to disable HT present.
     
    Last edited: Aug 15, 2022
  12. Agonist

    Agonist Ancient Guru

    Messages:
    3,892
    Likes Received:
    997
    GPU:
    6800XT 16GB
    The difference its huge, not just FPS. Stuttering is massive when my 5600x has SMT off pushing 144fps in cpu intensive games.

    17 years of HT and 5 years of SMT and you have this narrow minded belief on it.

    Yikes.....
     
    cucaulay malkin and tunejunky like this.
  13. tunejunky

    tunejunky Ancient Guru

    Messages:
    2,647
    Likes Received:
    1,310
    GPU:
    RX6900XT, 2070
    all of them


    the NSA has folks embedded at every (meaningful) level of core IT industries. the employers usually don't know.
     
  14. mbk1969

    mbk1969 Ancient Guru

    Messages:
    12,793
    Likes Received:
    10,991
    GPU:
    GF RTX 3060TI
    Not from instruction set point of view.
     
  15. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    6,815
    Likes Received:
    3,190
    GPU:
    HIS R9 290
    I'm so bored of vulnerabilities that require physical access to the device. Vulnerabilities aren't worth anyone's concern if you have to physically be there to exploit them. While the article doesn't mention this, someone on another forum quoted a part of the publication that suggested this is the case. It's even more stupid when the exploit can be fixed via better development practices. At that point, why care at all? That's like writing a program that doesn't hide your password when you type it in - should AMD or Intel be expected to patch the CPU because of developer negligence?

    In any case, seems like SMT/HT really needs to be ditched. Intel's method has so many security holes that it hardly yields any performance advantage anymore. To my understanding, AMD's method is almost a physically complete second core, in which case: why not just make another physical core?

    Not much point. Might as well just disable most of the features that make these so vulnerable in the first place.

    For most of such companies, you need to go through multiple layers of security. I've been to companies where someone has to let you into the building, you get a body scan, you then get a special keycard, there are security guards patrolling the server room, and there are cameras everywhere. There's no phone connection or wifi in the server room, and nothing is allowed to leave the server room. Many of the servers are not connected to the internet. We're talking server rooms with hundreds of millions or even billions of dollars worth of servers, where you won't be able to extract anything useful out of just any single one of them with anything you can sneak out (especially as things like Kubernetes gets more popular, where a single server might not be processing enough data to be of any use). The easiest way to destroy such an organization is to just play dominoes with the server racks by just pulling all the drawers out.
    TL;DR: the risk of attempting to exploit these on-site vulnerabilities is too high to be worthwhile, and if you have the opportunity to exploit them, there are easier alternatives.
     
    Last edited: Aug 15, 2022

  16. Horus-Anhur

    Horus-Anhur Ancient Guru

    Messages:
    4,644
    Likes Received:
    5,438
    GPU:
    RTX 2070 Super
    It's RISC with microcode and a specific decode stage. But the whole architecture is no longer CISC.
     
  17. mbk1969

    mbk1969 Ancient Guru

    Messages:
    12,793
    Likes Received:
    10,991
    GPU:
    GF RTX 3060TI
    Still from software point of view it is CISC.

    (⊙ˍ⊙)
     
  18. Horus-Anhur

    Horus-Anhur Ancient Guru

    Messages:
    4,644
    Likes Received:
    5,438
    GPU:
    RTX 2070 Super
    But the whole execution pipeline is RISC.
    When comparing ARM to X86 CPUs, in efficiency and performance, this is what matters.
     
  19. mbk1969

    mbk1969 Ancient Guru

    Messages:
    12,793
    Likes Received:
    10,991
    GPU:
    GF RTX 3060TI
    Btw, long time ago I participated in programming of digital signal processor (from Texas Instruments) and its assembler had many variants of instructions where you do some operation on two operands and next operand is loaded into register (simultaneously).
     
    Horus-Anhur likes this.
  20. BLEH!

    BLEH! Ancient Guru

    Messages:
    6,302
    Likes Received:
    312
    GPU:
    Sapphire Fury
    And hence make it slow?
     

Share This Page