1428552 - Speculation about potential spectre/meltdown mitigation workaround

Status: RESOLVED DUPLICATE of bug 1425462

(Core :: Security, enhancement)

Description

[Andreas Wagner [:TheOne] [use NI]]

An acquaintance of mine posted https://twitter.com/mjmdavis/status/949283457385066496 . I am not too familiar with the details of the attack, so I'll leave it to the Security experts to assess.

The code in text-form is:

function time_thing(thing)  {
    var initial_time = performance.now();
    while(performance.now()==initial_time){};
    var start_time = performance.now();
    thing();
    var end_time = performance.now();
    var end_lag = 0;
    while(performance.now() == end_time){end_lag += 1;};
    return {'time': end_time - start_time, 'lag': end_lag};
}

Comment 1

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

The timer changes we've done and have been working on can be circumvented by... many things. This looks like one of them. We're trying not to encourage people to dig too deeply on this right now, just to buy us more time, but we definitely know the timer changes we've done need a lot more work to make the attacker's job harder. (And just 'harder' - timer changes alone won't be able to mitigate the issue.)

Comment 2

[Daniel Veditz [:dveditz]]

The original speculation was in a public tweet -- should we just unhide this? And probably resolve it one way or another, too (dupe of the fuzzy time master bug?).

Comment 3

[Tom Ritter [:tjr] (OOTO until 4/30 at least)]

Let's leave it hidden for a bit longer, my cavalier comment may induce an acceleration in the research. I'm just working on getting fuzzy time done as soon as I can; cause the private research is surely advancing or has advanced.