@GossiTheDog Hah. This is weird, but not that kind of weird, I strongly suspect.
Although I wouldn't mind getting that farm.
@GossiTheDog Hah. This is weird, but not that kind of weird, I strongly suspect.
Although I wouldn't mind getting that farm.
https://gist.github.com/anarazel/ca7d1db68fb7380d21f6fd819a147df1
How can two cores on the same CPU such crazily different icache behaviour? For the same process!
Well, color me very confused. In a CPU bound workload two cores on the same socket have substantially different performance (32% slowdown). If I just migrate the running process between the cores, performance changes immediately.
This is on 2x Xeon 5215 system.
I checked that it's not thermals, cpu frequency/boost and the system is idle.
Here's the odd part: The biggest difference evident in perf counters is
a 2.5x difference in icache_64b.iftag_stall, with ~same icache_64b.iftag_miss.
The "new" Linux CVE approach seems ... unhelpful at best. I know from experience that dealing with security reports is a pain and I assume that's way worse for Linux than for Postgres. But this just seems to purely be aimed at annoying everyone.
@hyc @carnildo From what I can tell, the check for permitted algorithms is after RSA_public_decrypt() has already been called, at least on some relevant paths.
@praseodym Hah. I've apparently been doing this stuff for a while.
@bcantrill @ahl Now we just need to avoid derailing into a heated debate about solaris/illumos being good/bad...
@bcantrill @ahl There might be more agreement on that :)
I did not think that finding a security vulnerability would lead to tabloids digging around my life. Including "analyzing" (aka making things up) the one personal-ish picture I've ever shared on social media. FFS.
Oddly enough, they weren't interested in lots of kinda pretty graphs.
@GossiTheDog I think there are a few people looking into that.
If I were the team behind "jia", I'd have looked at getting into dissimilar projects, not the same project multiple times, not multiple compression libs. But of course there are other actors...
The scariest areas I can think of are, in that order, compilers / binutils, buildsystems, "build executors" like make/ninja.
I am a bit concerned by all the focus on small-ish projects with overwhelmed maintainers. There indeed are a lot of problems in that area.
But I am certain that lots of experienced OSS devs can think of a few large and crucial projects where they fairly easily could have hidden something small in a larger change. Without a lot of prior contributions to the project.
One more aspect that I think emphasizes the number of coincidences that had to come together to find this:
I run a number "buildfarm" instances for automatic testing of postgres. Among them with valgrind. For some other test instance I had used -fno-omit-frame-pointer for some reason I do not remember. A year or so ago I moved all the test instances to a common base configuration, instead of duplicate configurations. I chose to make all of them use -fno-omit-frame-pointer.
There are more coincidences that are even less interesting. But even the above should make it clear how unlikely it was that I found this thing.
Afaict valgrind would not have complained about the payload without -fno-omit-frame-pointer. It was because _get_cpuid() expected the stack frame to look a certain way.
Additionally, I chose to use debian unstable to find possible portability problems earlier. Without that valgrind would have had nothing to complain.
Without having seen the odd complaints in valgrind, I don't think I would have looked deeply enough when seeing the high cpu in sshd below _get_cpuid().
Just to be clear: I didn't mean that I didn't do good - I did. I mean that we got unreasonably lucky here, and that we can't just bank on that going forward.
I wholeheartedly agree with what Russ wrote here:
"Also if there's anything the community can do for Lasse personally, please pass that along."
"Anyone can be the victim of social engineering."
"I suspect many of us here have had nightmares about being in Lasse's
position, and probably will have more of them in the future."
Indeed.
@dgilman Unfortunately I suspect we'll see a lot more such attacks going forward, in all likelihood with more success in some cases.
I accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.
Really required a lot of coincidences.
Long time postgres developer, working at Microsoft.Account about tech, not politics. For the latter look to @AndresFreundPol
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.