[Public WebGL] EXT_disjoint_timer_query disabled

Florian Bösch [email protected]
Fri May 18 02:53:39 PDT 2018


 The glitch paper suggests that:

To protect the system against both GPU and CPU sidechannel attacks,
> currently the only practical solution in the browser is disabling all
> possible timing sources.
>

You see the issue with this is that it breaks our ability to measure time.
That's a big deal.



This is one of the early marine chronometers. It's the device that enabled
precise naval navigation because now not only could you determine latitude
(from the stars) but you could also pinpoint longitude fairly precisely.

As the name suggests "real-time" rendering has a time component (that's the
time, in "real-time"). You might infer from that fact that "time" is a
rather important quantity in "real-time", and you'd be absolutely correct.
Breaking time alone wouldn't be a problem if everybody had the same
hardware. But that's in fact, surprisingly, not the case. Developers need
to write software for hardware whose real-time performance can differ up to
a factor 1000x at the extremes, up to 100x between major device categories
and up to around 10x within a device category.

Measuring time is therefore rather important if you want to keep it "real".
Not just your time, and not just the time of individual samples of hardware
you luckily happen to have access to, but time as broadly as possible. We
can't do that now can we anymore? No we can't.


> With Site Isolation enabled, the amount of data exposed to side-channel
> attacks is reduced as Chrome renders content for each website in a separate
> process


 The glitch paper does not suggest that "putting stuff into a process" is a
mitigation strategy.

Accordingly, they will remain disabled in Chrome until Site Isolation is on
> by default
>

When is site isolation going to be on by default? When do other UAs have
this?

at which point they will be re-enabled with sufficiently reduced precision
> to mitigate GLitch attacks


What does that mean exactly? So imprecise we can't practically use them
anymore to measure any performance or what?

-----------

This whole episode is so unacceptable at so many levels. You're breaking
the tools we need to build applications. Native applications don't have
this problem (they just ignore it, any natively installed game can now
steal your whatevers). You're breaking the empirical method. Now there's
nothing left but blindly stabbing in the dark. Well done you, well done.

On Tue, May 15, 2018 at 2:54 PM, Nicolas Capens <[email protected]> wrote:

> As mentioned here <https://www.chromium.org/Home/chromium-security/ssca>,
> the WebGL timer extensions "will remain disabled in Chrome until Site
> Isolation is on by default, at which point they will be re-enabled with
> sufficiently reduced precision to mitigate GLitch attacks".
>
>
> On Sun, May 13, 2018 at 1:51 PM Florian Bösch <[email protected]> wrote:
>
>> 20 years on writing hardware accelerated code we have no way to measure
>> the performance of the programs we write, on the machines our users use to
>> run these programs. You've got to be fucking kidding me man.
>>
>> On Sun, May 13, 2018 at 6:48 PM, Aleksandar Rodic <
>> [email protected]> wrote:
>>
>>> My guess is the extension has been disabled due to recently discovered "
>>> GLitch <https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf>"
>>> rowhammer attack vector.
>>>
>>> > EXT_DISJOINT_TIMER_QUERY is an OpenGL extension developed to provide
>>> developers with more detailed information about the performance of their
>>> applications [46]. This extension, if made available to the system by the
>>> GPU driver, is accessible from both WebGL and WebGL2, and provides the
>>> JavaScript runtime with two timing sources: (1) TIME_ELAPSED_EXT and (2)
>>> TIMESTAMP_EXT. Such timers allow an attacker to measure the timing of
>>> secret operations (e.g., memory accesses) performed either by the CPU or
>>> the GPU.
>>>
>>> On Sun, May 13, 2018 at 4:32 PM Florian Bösch <[email protected]> wrote:
>>>
>>>> On Fri, Apr 6, 2018 at 12:50 AM, Ken Russell <[email protected]> wrote:
>>>>
>>>>> We can not currently discuss why the extension has been disabled. We
>>>>> should be able to do so in about a month.
>>>>>
>>>>
>>>> It's now been a month and a week since this statement.
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://khronos.org/pipermail/public_webgl_khronos.org/attachments/20180518/c0dad31d/attachment.html>


More information about the public_webgl mailing list