League of Legends decides to fuck up the Linux kernel
-
@Vixen I will be sticking to making single-player games methinks. Whenever I manage to get my ass into gear and start developing. Right now still stuck on the "making website" part, although it is, um, getting sorta close to a state where I can release it? Writing content be hard, though.
-
@Captain said in League of Legends decides to fuck up the Linux kernel:
@topspin said in League of Legends decides to fuck up the Linux kernel:
But does anything actually work like that? From what I can tell, every major OS in the last 30 years (probably longer) just used rings 0 and 3.
No, they use a bunch more rings than are even listed here. It's mostly the hardware guys though. And maybe some aspects of high security stuff.
In ways that the chip designers don't understand. This leads to a LOT of undefined behavior. Typically this okay, stuff "just works" but sometimes... you get shit like slowloris.
I googled slowloris and it seems to be a DoS vulnerability. I don't get what it has to do with low level rings like hypervisors?!
Rings lower than 0 are also interesting, too, but not really what I had in mind with regard to this "classic" explanation of OS rings, where it seems usually the divide is just kernel/userland.
-
@topspin It's a DoS vulnerability caused by the unwanted interaction of security layers in ring -n (where n is some number). IIRC
I could be mixing up my vulnerabilities though.
I was specifically thinking about that one from about 18 - 36 months ago that Intel had that required us to patch all our firmwares and slowed down CPUs by like 20%. Edit: yeah, Meltdown and Spectre.
They're called "microcode exploits".
-
@Captain said in League of Legends decides to fuck up the Linux kernel:
@topspin It's a DoS vulnerability caused by the unwanted interaction of security layers in ring -n (where n is some number). IIRC
I could be mixing up my vulnerabilities though.
I was specifically thinking about that one from about 18 - 36 months ago that Intel had that required us to patch all our firmwares and slowed down CPUs by like 20%. Edit: yeah, Meltdown and Spectre.
They're called "microcode exploits".
My understanding of those was that they were timing attacks that could be used to infer values in privileged memory from the execution time of different instructions because of speculative execution.
The mitigation involves either disabling this feature or the OS being much more careful/thorough during context switching, either of which hurts performance.
Edit: ISTR another stopgap mitigation which was to reduce the precision of timers in JS to make the precise measurements needed impossible
-
@topspin said in League of Legends decides to fuck up the Linux kernel:
I googled slowloris and it seems to be a DoS vulnerability.
it is. and an insidious one.
basically your classid DOS involves pointing a fire hose at someone so all they can do is try to handle the stream of water and you keep turning up the flow until they can't.
slow Loris exploits limitations in an entirely different way. instead of shoving as much data through as fast as possible it goes REALLY slow. so that the server ends up spending all its time waiting for the request to complete, and menawhile it's not servicing other requests because the slow loris attacker has just opened enough connections to saturate the connection pool and is sending out a packet every couple of seconds with another byte of the request that just never ends so the server doesn't close the connection from inactivity.\
is actually realkly ingenious. very clever. much impress.
-
@error It's more than just a race condition.
"Intel chips allow for the speculative execution of instructions that write to Ring 0 memory, even from Ring 3 programs. The execution may start, but it is (correctly) blocked, so the user program shouldn’t be able to access anything in Ring 0. Unfortunately, it appears that there’s a side effect to this speculative execution, in that Ring 0 data is loaded into a cache. The vulnerability seems to be that the Ring 0 data loaded into cache can be read under certain conditions, allowing for a user program to gain access to sensitive data."
The bug is happening in the some ring (-n) -- the microcode byte compiler is writing interpreters/processors that 1) are vulnerable to timing attacks and 2) was breaking privileged data out of its lockbox.
Apparently, though, the bug has its origins in like 1990s x86 design, which our processors now emulate in software. Indeed, "speculative execution" means the processor is emulating what a hardware x86 would do, before it's needed by the main processor "thread".
-
@PleegWat said in League of Legends decides to fuck up the Linux kernel:
@JBert said in League of Legends decides to fuck up the Linux kernel:
But just in case you really want to know rather than joking
tdemsyr
no u
-
@Captain said in League of Legends decides to fuck up the Linux kernel:
@error It's more than just a race condition.
"Intel chips allow for the speculative execution of instructions that write to Ring 0 memory, even from Ring 3 programs. The execution may start, but it is (correctly) blocked, so the user program shouldn’t be able to access anything in Ring 0. Unfortunately, it appears that there’s a side effect to this speculative execution, in that Ring 0 data is loaded into a cache. The vulnerability seems to be that the Ring 0 data loaded into cache can be read under certain conditions, allowing for a user program to gain access to sensitive data."
Not quite. The description I saw of Meltdown (the variants of Spectre are all very different from this) goes like this (Intel-style mnemonics, sorry):
mov rcx,(((some address in a protected part of virtual space))) ; force-clear cache in some way mov rax,0 mov al,[rcx] ; load a byte from there (triggers page protection fault) shl rax,12 ; happens anyway, converts rax to page-sized offset mov bl,[rax+address_in_ring_3] ; happens anyway, puts the first cache line of that page into cache ; the fault finally takes over, gets neutered by an SEH handler or similar and eventually jumps to zogger: zogger: ; loop over the pages in the table and measure the timing of each access, identifying the one that got cached above.The key point is that it's a read of Ring 0 space followed by another read (of Ring 3 space) that happens anyway (speculatively) even though it shouldn't because there's a data dependency on the result of the read from Ring 0 space, and in fact neither read should go to memory.
-
@Vixen said in League of Legends decides to fuck up the Linux kernel:
free to play it may be and..... well League of Legends has managed to keep their promise of cosmetic only so far but..... at this point i've seen too many games go to the dark side to trust that free to play won't turn into pay to win.....
I think they'll keep their promise; they've kept to it for ten years, now, and have shown no signs of reneging on it.
AFAICT, they're the main reason that WoW switched to FtP for most of their content instead of a monthly subscription, and there's enough players that they'd lose too much if they switched to a PtW model.
-
@Captain said in League of Legends decides to fuck up the Linux kernel:
Indeed, "speculative execution" means the processor is emulating what a hardware x86 would do, before it's needed by the main processor "thread".
I'm sorry, but this has to be the most ass-backward way of describing speculative execution that I've heard. "Emulating"? "Main processor thread"? I can guess what those refer to, but, honestly, I'm still debating if that analogy makes any sense at all.
The bug is happening in the some ring (-n) -- the microcode byte compiler [...]
Microcode byte compiler? ring -n? What are you talking about?
-
@cvi said in League of Legends decides to fuck up the Linux kernel:
I'm sorry, but this has to be the most ass-backward way of describing speculative execution that I've heard. "Emulating"? "Main processor thread"? I can guess what those refer to, but, honestly, I'm still debating if that analogy makes any sense at all.
You do realize that intel chips today are literally bytecode compilers emulating x86, right?
Yeah, it happens in parallel, in terms of "real" threads.
But each "real" thread has its own speculative execution thread-like things which just run the different branches of what an x86 would do.
-
@Vixen said in League of Legends decides to fuck up the Linux kernel:
@topspin said in League of Legends decides to fuck up the Linux kernel:
I googled slowloris and it seems to be a DoS vulnerability.
it is. and an insidious one.
basically your classid DOS involves pointing a fire hose at someone so all they can do is try to handle the stream of water and you keep turning up the flow until they can't.
slow Loris exploits limitations in an entirely different way. instead of shoving as much data through as fast as possible it goes REALLY slow. so that the server ends up spending all its time waiting for the request to complete, and menawhile it's not servicing other requests because the slow loris attacker has just opened enough connections to saturate the connection pool and is sending out a packet every couple of seconds with another byte of the request that just never ends so the server doesn't close the connection from inactivity.\
is actually realkly ingenious. very clever. much impress.
I did that by accident when I was learning to program, and made my very first network thing. Well... Tried to make.
I took down a couple of game servers that way.
-
@Captain said in League of Legends decides to fuck up the Linux kernel:
You do realize that intel chips today are literally bytecode compilers emulating x86, right?
Yes, but there is a commonly accepted terminology for that. E.g., your byte code compiler would probably be referring to the front-end (or possibly specifically the decoding part, perhaps including some of the fusion stages)?
Yeah, it happens in parallel, in terms of "real" threads.
By "threads" you presumably refer to the execution units? They don't really have that much in common with threads, other than possibly the fact that they execute in parallel (sometimes).
But each "real" thread has its own speculative execution thread-like things which just run the different branches of what an x86 would do.
As far as I remember, the speculative execution state is stored outside of the execution units. When an instruction is incorrectly speculatively executed, the state is "simply" rolled back.
Here's a reasonable overview of a core.
-
@Captain said in League of Legends decides to fuck up the Linux kernel:
You do realize that intel chips today
are literally bytecode compilers emulating x86, right?have the journalistic integrity of ...
-
@Captain said in League of Legends decides to fuck up the Linux kernel:
You do realize that intel chips today are literally bytecode compilers emulating x86, right?
Fun fact. You can in fact run DOS 6.22 on a Intel I7-9700k
you SHOULDN'T, but you can.
you can probably go farther back to like DOS 4 or DOS 3, but i don't have copies of those floppies to test.
-
GitHub - microsoft/MS-DOS: The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes
The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes - microsoft/MS-DOS
-
@PleegWat i could probably find disc images of the floppies if i wanted to but......
-
@Vixen Maybe this will get you off your knees
-
Riot is owned by Tencent which is in turn owned by the Chinese government, like every company in that regime. Nice excuse to have root access to your computer.
-
@djls45 said in League of Legends decides to fuck up the Linux kernel:
AFAICT, they're the main reason that WoW switched to FtP for most of their content instead of a monthly subscription
WoW still is mandatory monthly subscription to play. It's a rare case of an MMO that hasn't gone the free-to-play route, and you can't buy any advantage there either.
-
@Atazhaia said in League of Legends decides to fuck up the Linux kernel:
WoW still is mandatory monthly subscription to play.
It's not fully FtP, but it is free to start, so to progress beyond level 20 requires a subscription, which basically means all the expansion content has a monthly charge. And they have tokens that can be purchased with the in-game currency to substitute for real-money subscriptions.
-
@Steve_The_Cynic said in League of Legends decides to fuck up the Linux kernel:
The description I saw of Meltdown (the variants of Spectre are all very different from this) goes like this (Intel-style mnemonics, sorry):
I've read the abstract description (speculative execution changes what's in cache, exploited by timing side channel) for how meltdown works several times, but this was the first time I actually saw a code sample. Surprisingly understandable.
Thanks!
-
@djls45 The original level cap was 60, and you can pretty much only do the starting zones + 1 meaningfully with the starter edition. So a lot of the original zones are still out of scope for starter accounts. The current level cap is 120 however.
-
@djls45 said in League of Legends decides to fuck up the Linux kernel:
@Atazhaia said in League of Legends decides to fuck up the Linux kernel:
WoW still is mandatory monthly subscription to play.
It's not fully FtP, but it is free to start, so to progress beyond level 20 requires a subscription, which basically means all the expansion content has a monthly charge. And they have tokens that can be purchased with the in-game currency to substitute for real-money subscriptions.
All social content (not just guild membership, but also talking in chat and using the group finder for the few instance accepting players at that low level) requires a subscription to be active. I'm not entirely sure and
to look up, but standard 'say' to nearby players might still work, and I'm not entirely sure about reply whispers either.
A lot of that is probably to ensure starter accounts can't send spam.And as @Atazhaia mentioned the original level cap was 60, and the current cap is 120, so way higher than the 20 the starter edition allows.
-
@PleegWat But with the next expansion they're going to pull the level cap back down to 60 again, as the amount of levels is... kinda big right now. Also, the maximum level allowed by the engine may be 127 due to a few lvl 127 NPCs from back in TBC...
-
@Atazhaia I don't recall any level 127 NPCs, but I wouldn't be entirely surprised. The original code for stuff like that would date back to the early 2000s, or even the late 1990s if it was inherited from WC3. One could always peek in the wc3 editor.
I'm pretty sure they upgraded the combat code to 64-bit for warlords (and then ended up doing the stat squish anyway). During mists they ran into the unsigned 32-bit threat and hit point caps.
I don't think they've said yet what they'll do for starter edition with the level squish.
-
@djls45 said in League of Legends decides to fuck up the Linux kernel:
@Atazhaia said in League of Legends decides to fuck up the Linux kernel:
WoW still is mandatory monthly subscription to play.
It's not fully FtP, but it is free to start, so to progress beyond level 20 requires a subscription, which basically means all the expansion content has a monthly charge. And they have tokens that can be purchased with the in-game currency to substitute for real-money subscriptions.
The tokens are bought for real money by one player, then sold for in-game money to another, typically in the auction house. It's an efficacious way to get other players to farm gold for you.
-
@Steve_The_Cynic said in League of Legends decides to fuck up the Linux kernel:
typically in the auction house.
Always in the auction house. It's not even one type of token: There is a token that can be bought for real money and sold on the auction house, but that can't be cashed in for game time or traded to other players. When the token is sold on the auction house it converts into a different kind of token which also can't be traded to other players, cannot be sold on the auction house again, and can only be cashed in for game time.
Blizzard also specifically made a point of not charging auction house fees on tokens, but that's an empty gesture since buying tokens for real money is significantly more expensive than buying game time directly.
Boppin'
