Profile cover photo
Profile photo
Jon Masters
13,920 followers -
Computer Architect | Professional Author | Linux Kernel Engineer | Hiker | Marathon Runner | Violin Player | and much more.
Computer Architect | Professional Author | Linux Kernel Engineer | Hiker | Marathon Runner | Violin Player | and much more.

13,920 followers
About
Communities and Collections
View all
Posts

Post has attachment
The future is bright and it is #ArmPowered . My Qualcomm Snapdragon connected PC running Windows 10 with binary translation shows what is possible over the next few years as the world begins to move toward.
Add a comment...

Post has attachment
Photo
Add a comment...

Post has attachment
For the record, you can turn Secure Boot off on the new Qualcomm Windows 10 devices...
Photo
Add a comment...

Post has attachment
Qualcomm falling to a company that doesn't care about innovation could have been a significant blow to the Arm server story. But now, balance will inevitably be restored to the force. Qualcomm have amazing technology and the ability to go the distance. The future always depended upon them being able to disrupt the established incumbents with their phenomenal technical advantage. Anyone who has used a Centriq knows that even the first generation is very very painful for those who make competing servers today. And that's just the start. These guys know how to make amazing high performance server technology <3

https://www.nytimes.com/2018/03/14/business/dealbook/broadcom-qualcomm-trump.html
Add a comment...

Post has shared content
Wow +Microsoft's dynamic binary translation from a legacy ISA to modern A64 is amazingly smooth. The future is bright, and it is RISC.
‪22 years later I bought my first +Microsoft +Windows PC since Windows 95. This is an #ArmPowered +HP ENVY x2 with a Qualcomm Snapdragon inside. Way to go guys! #ExperienceWhatsNotInside
Photo
Add a comment...

Post has attachment
‪22 years later I bought my first +Microsoft +Windows PC since Windows 95. This is an #ArmPowered +HP ENVY x2 with a Qualcomm Snapdragon inside. Way to go guys! #ExperienceWhatsNotInside
Photo
Add a comment...

Post has shared content
Nice observation +Thorsten Leemhuis 😀
#RHEL (and thus #CentOS) started switching over to #Retpoline for #Spectre v2 mitigation with the recently released 7.4 kernel update 3.10.0-693.21.1.el7.x86_64 No word about it the advisory (https://access.redhat.com/errata/RHSA-2018:0395 ), but one for a 7.3 kernel (released in parallel) mentions it: https://access.redhat.com/errata/RHSA-2018:0399 An it's mentioned in the kernel changelog: https://git.centos.org/blob/rpms!kernel.git/187831e0f733857d33b9a8bc78df9d75fc1bb9b0/SPECS!kernel.spec#L1597
Site note: Suse started switching from using #IBC (Indirect Branch Control) to #Retpoline about four weeks ago, Ubuntu followed two weeks later: https://plus.google.com/+ThorstenLeemhuis/posts/3PbyyPd3jwM
Photo
Add a comment...

Post has shared content
Solution to the memory spill/fill case below. This works. I explictly intend not to patent this. Originally I was going to do so last year (to keep it out of the hands of any one architecure company - and then freely license it to everyone) since there are uses beyond security but this is too fundamentally useful to solve the speculation problem, and I have told my guys as much. Just remember me when you get to keep your space rocket tricks in future cores. And ping if you want to evolve this with me further.

So here's the flow:

1. EL0 sets a bunch of registers and performs a system call into the kernel
2. uarch automatically tags those registers as unsafe for value/control flow speculation
3. EL1 state transition occurs and kernel begins running code that does bounds check
4. uarch automatically restricts speculation beyond bounds check due to unsafe tags

Here's an alternate flow:

3a. Kernel spills registers to stack
3b. uarch carries speculation tags into D$
3c. Kernel fills registers from stack
3d. uarch carries speculation tags from D$

Here's another flow:

3a. Kernel spills registers to stack
3b. uarch carries speculation tags into D$
3c. Cache line eviction occurs
3d. Kernel fills registers from stack
3e. uarch automatically defaults tags to unsafe

Alternative flows include using a bloom filter in place of direct in-cache tags with a safe default to not speculate based upon the value.

Secondarily, tag controls are added to the architecture, which allow a managed code environment to tag registers at the same EL as unsafe for speculation. This allows JavaScript to automatically prevent same EL attacks on runtime.

This scheme works. You should all be using it.
Sharing this in the public domain in the hopes that it can help with mitigation of Spectre variant 1 like attacks over time. Ping if you're interested in cleaning this up and turning it into something useful.

https://medium.com/@jonmasters_84473/speculative-data-load-mitigation-through-register-tagging-and-data-provenance-52abe24b719
Add a comment...

Post has attachment
Sharing this in the public domain in the hopes that it can help with mitigation of Spectre variant 1 like attacks over time. Ping if you're interested in cleaning this up and turning it into something useful.

https://medium.com/@jonmasters_84473/speculative-data-load-mitigation-through-register-tagging-and-data-provenance-52abe24b719
Add a comment...

Post has attachment
Photo
Add a comment...
Wait while more posts are being loaded