NVIDIA GPUs Weren't Immune To Spectre Security Flaws Either (engadget.com) 139
Nvidia has became the latest chipmaker to release software patches for the Spectre microchip security threat, indicating that the chipset flaw was affecting graphic processors as well as CPUs. From a report: To that end, NVIDIA has detailed how its GPUs are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue. All its GeForce, Quadro, NVS, Tesla and GRID chips appear to be safe from Meltdown (aka variant 3 of the attacks), but are definitely susceptible to at least one version of Spectre (variant 1) and "potentially affected" by the other (variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second. Most of the updates are available now, although Tesla and GRID users will have to wait until late January.
Wow (Score:5, Funny)
Re: (Score:3, Insightful)
Since all CPUs since 1995 are affected they're not, because that generation is slower now as well if you're running the latest updates.
Re: (Score:2)
Intel isn't releasing the patches though. It's Microsoft, the Linux devs, the BSD devs, etc. who are releasing these patches.
personal desktop that is only used by 1 user who is also the owner of the hardware
You are using software made by other people. You either accept their judgement or roll your own.
Go ahead and fork pre-Spectre Linux if you really believe the Spectre mitigations are a bad idea. You might even find a few people who care about that marginal performance hit to help you---but I doubt it.
Re: (Score:2)
Slower than Pentiums?
Re: (Score:2)
Re: (Score:2)
Are you doing a good job?
And if so, are you sure those you work for are doing a good job?
Obvious question, what about AMD? (Score:4, Interesting)
If this is another thing that AMD got right while the competition got it wrong, they're really going to come out looking like the only responsible parties.
Re: (Score:1)
Re: (Score:3)
Re: (Score:1)
A variant that requires physical access to the hardware no less.
Re: (Score:2)
What about AMD ? They are vulnerable to Spectre too. What did they get right in this case exactly ?
Re: (Score:2)
Re: (Score:2)
Has AMD (ATI) video cards do some speculative execution, Spectre is most probably also a problem for them.
From there, there is some possibilities:
- They tried to let it go under the rug by not talking about it for their video card products
- They are still in the process of working around
- They don't think that problem is a problem for video card workload (non sensitive)
- They are greedy and won't lose money working on it
- They don't have the problem
- They are incompetent
Pick your best guess
Re: (Score:2)
Re: (Score:2)
AMD is offers fuller preemptive multitasking. If anything, their hardware is more advanced than NVIDIA's for general compute. (NVIDIA has added some very nice hardware for deep learning though.)
AMD's bigger problem is that NVIDIA did a very good job of promoting CUDA and related proprietary tools. NVIDIA has a huge headstart in putting tools for programming their GPUs in front of developers. Honestly, they've always been better at software and industry partnership than AMD.
Re: (Score:2)
Missing option: "most of the above". "most" because "They don't have a problem" is N/A.
Re: (Score:2)
If you look at some of the papers on GPU architecture research, they are eliminating the out-of-order and speculation execution of instructions as well. They were doing so since 2011.
NVIDIA GPUs are not susceptible (Score:5, Informative)
NVIDIA GPUs do not do speculative execution. They do not have access to kernel memory. They are not susceptible to these flaws. These are patches in their drivers to account for CPU (not GPU) exploits. I.E. Intel and AMD flaws. I bet NVIDIA releases a clarification soon.
Re: (Score:2)
Spectre has nothing to do with kernel memory. You're confusing the Spectre flaw with the Meltdown flaw.
Re: (Score:2)
And the code running on a GPU has no access to main memory ...
Re: (Score:2)
No, but the code running on a GPU memory has access to video memory, which means Spectre style flaws could be exploited to expose sensitive data stored in video memory that the code would not normally have access to.
Re: (Score:3)
This is not entirely accurate. You have unified memory access in CUDA, and it's been that way for years. The CUDA driver has system-level privileges.
A quick google turned up this NVIDIA blog post [nvidia.com]. You can dig into the details on CUDA Zone if you're really curious.
Unified memory is also supported in DirectX 12 [microsoft.com] if the underlying hardware supports it.
In both cases, the driver shuffles data transparently. There are already a lot of attacks that rely on manipulative accesses of memory/cache to ensure that data i
Re: NVIDIA GPUs are not susceptible (Score:1)
Branching and branch prediction (an optimising technique for speculative execution) are two different things.
IAFAIK no nVidia GPU implements speculative execution. nVidia released a driver update to patch CPU related Spectre. This article is just making a wild assumption for hits.
Comment removed (Score:5, Informative)
Comment removed (Score:5, Informative)
Re: (Score:1)
Re: (Score:2)
The title and heading of that page is:
Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities
CPU, not GPU. It goes on to say:
We believe our GPU hardware is immune to the reported security issue. As for our driver software, we are providing updates to help mitigate the CPU security issue.
Cryptocurrency mining (Score:2)
Wonder what impact this will have on cryptocurrency markets. Regardless of actual slowdown in mining, it is the perception that will probably matter...
Re: (Score:3)
My guess is none.
The patches only make sense if the computers running the hardware do hold sensitive information. Cryptomining drone systems generally don't; furthermore they are generally isolated from the Internet.
Re: (Score:2)
Perhaps.
My thought was more along of the line of the perceived impact in the overhead of a patch that for a CPU is going to drop instruction processing by between 5% and 20%. If the BitCoiners think that mining rates would suffer the same amount of throttling (decreasing supply) if it will impact the market.
Note, though, I am referring to perception more than actual mining rate changes.
Re: (Score:2)
CPUs have very, very, very little impact in GPU mining. As in "insignificant".
Re: (Score:2)
Ya. But - how will the market see this thing?
Technically, yep. Agree completely. Just pondering the difference between technical reality and perception, and how it impacts things :-)
Re: (Score:2)
Can't mine without an Internet connection..
Re: (Score:2)
As a standalone miner, you can't.
In mining datacenter, you cave a local pool which is controlled by a PC connected to the Internet, and miners connect to the local pool without being connected to the Internet themselves.
Re: (Score:2)
Didn't think of that, But I personally don't call that isolated if the network is connecting to a box with internet access. There is always a way in, Finding it is the hard part.
Re: (Score:2)
GPUs vulnerable to Spectre security flaw? (Score:5, Funny)
Oh noes! The bad guys will access my game textures!
Re: (Score:3)
Re: (Score:2)
Or your screen main framebuffer...
Please do some research before spouting off (Score:1)
NVIDIA’s core business is GPU computing. We believe our GPU hardware is immune to the reported security issue and are updating our GPU drivers to help mitigate the CPU security issue. As for our SoCs with ARM CPUs, we have analyzed them to determine which are affected and are preparing appropriate mitigations.
Horribly inaccurate article/summary (Score:5, Informative)
So what's this announcement about? It's a driver update to mitigate Spectre/Meltdown which could potentially affect the driver's CPU code. This has also been confirmed by Nvidia [geforce.com] many days ago.
Shameful reporting by Engadget, not that I'm surprised considering they barely qualify as "tech" reporting.
Re: (Score:3)
No, GPUs have access to kernel memory and can leak that. I don't care about the GPU memory contents. But the GPU has access, because of its design, to the OS kernel's memory, and potentially it has write access to that memory.
(The GPU drivers generally reside in the kernel, and for fast efficient transfers of data, the system may map the entire system RAM into PCIe memory space so the GPU can rapidly access all the buffers - the command buffers f
Re: (Score:2)
On top of that, GPUs don't run kernel code (so cannot leak it),
It's entirely different from saying it's a problem with the GPU, but: There is the much-maligned NVIDIA kernel module which does interact with the GPU.
It's not far-fetched to say that there may be Meltdown/Spectre related patches -- though it's far more reasonable to say that any fixes would be a mitigation between the kernel module/driver and the CPU.
Why attack a GPU? (Score:1)
Even if the Nvidia chips are exposed, why would anyone attack a GPU that has no access to any personal information? GPU's store pixel data and other display data not personal data. I guess for myself I would be more concerned about Intel's and AMD's new chip combinations that at least implies a closer connection between the two. Not suggestion a current security threat, but certainly might be a potential target if a flaw were to exist.
Re: (Score:1)
Perhaps there is some good to all of this (Score:2)
Re: (Score:2)
An AI is only as "smart" as its trainers/programmers.
It won't find a random security hole in an obscure spot the programmers never thought about.
Re: (Score:2)
Re: (Score:2)
These attacks seem to affect anything with speculative execution. If they affect Intel, ARM and AMD CPUs and NVidia GPUs it's not all that unlikely that they affect AMD GPUs too.
Re: (Score:2)
I don't mind it. I find the current moderation on creimer's post to be funny (-1, Interesting).
Re: (Score:3)
Variant One (Spectre, lamer version that no one should be afeared of.)
Bounds Check Bypass
Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two (Spectre, legit version that can nizz your nozz.)
Branch Target Injection
Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three (Meltdown, AMD is u
Re: Oh, dang! (Score:1)
Is there some kind of law describing when shilling and trolling are indistinguishable?