Intel security flaw

Message boards : Number crunching : Intel security flaw
Message board moderation

To post messages, you must log in.

1 · 2 · 3 · 4 . . . 7 · Next

AuthorMessage
Keldon Special Project $250 donor

Send message
Joined: 28 Nov 17
Posts: 7
Credit: 14,926,176
RAC: 170,177
Channel Islands
Message 1910313 - Posted: 3 Jan 2018, 13:31:45 UTC

For those that have not heard, nearly all Intel CPU chips for the last 10 years have a serious security flaw that cannot be fixed by a firmware update and is having to have an operating system workaround to protect against the flaw being exploited. Linux and Windows patches for the Intel kernel security flaw are said to slow down CPU performance by between 5% to 30%. A Linux patch has already been released and tested on some systems and shows a 5% slow down for some tasks. Ironically the patch is applied irrespective of chip manufacturer meaning the current patch even slows down AMD machines without some setting changes. Anyone know how the patches will affect Seti task speeds? Anyone tested with the Linux patch? The Windows patch may not be out till 16 January so the full details of the flaw are embargoed till then but it does look to be a real bad one.
ID: 1910313 · Report as offensive
Profile Dr.Diesel Special Project $75 donor

Send message
Joined: 14 May 99
Posts: 35
Credit: 38,325,400
RAC: 91,594
United States
Message 1910318 - Posted: 3 Jan 2018, 14:27:52 UTC - in response to Message 1910313.  

Looks like pretty much no gaming hit, so probably the same for us.

Phoronix has an initial bench set, with I/O getting hit pretty hard, might be some rough times ahead for Intel. The bug doesn't affect AMD but the initial patch hit all 64bit systems regardless of maker, I suspect AMD will submit a patch in the next day or two to fix that, if they've not already.

In any case if one wishes to continue on anyhow (on Linux), the nopti kernel parameter will revert the patch at boot. Windows details won't be out for a couple more weeks.
ID: 1910318 · Report as offensive
Tutankhamon
Volunteer tester
Avatar

Send message
Joined: 1 Nov 08
Posts: 7103
Credit: 44,155,298
RAC: 2,644
Sweden
Message 1910341 - Posted: 3 Jan 2018, 16:48:55 UTC
Last modified: 3 Jan 2018, 16:51:45 UTC

Hehe, I know at least one here who soon will start bashing Intel (and of course continue with his Windows bashing.)
He just can't refrain himself.....

Waiting....
Waiting...
Waiting...
ID: 1910341 · Report as offensive
Ghia
Avatar

Send message
Joined: 7 Feb 17
Posts: 163
Credit: 13,221,836
RAC: 26,572
Norway
Message 1910352 - Posted: 3 Jan 2018, 17:43:27 UTC - in response to Message 1910341.  

Hehe, I know at least one here who soon will start bashing Intel (and of course continue with his Windows bashing.)
He just can't refrain himself.....

Waiting....
Waiting...
Waiting...

There is only one King of Intel bashing.. ;-)
Humans may rule the world...but bacteria run it...
ID: 1910352 · Report as offensive
Profile Dr.Diesel Special Project $75 donor

Send message
Joined: 14 May 99
Posts: 35
Credit: 38,325,400
RAC: 91,594
United States
Message 1910355 - Posted: 3 Jan 2018, 17:51:21 UTC - in response to Message 1910352.  

AMD patch is now in:

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/pti&id=694d99d40972f12e59a3696effee8a376b79d7c8
ID: 1910355 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 18140
Credit: 2,511,173
RAC: 1,817
Ireland
Message 1910357 - Posted: 3 Jan 2018, 17:57:29 UTC - in response to Message 1910341.  

Regardless of manufacturer that's bad for computing as a whole. With the world's reliance on computers, it's bad enough having to contend with software flaws but hardware flaws...
ID: 1910357 · Report as offensive
Profile Advent42
Avatar

Send message
Joined: 23 Mar 17
Posts: 175
Credit: 3,660,923
RAC: 13,503
Ireland
Message 1910382 - Posted: 3 Jan 2018, 20:20:02 UTC - in response to Message 1910357.  

Ah sure it'll be grand...:-)
ID: 1910382 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 22443
Credit: 36,674,743
RAC: 32,245
United States
Message 1910439 - Posted: 4 Jan 2018, 1:32:58 UTC - in response to Message 1910355.  
Last modified: 4 Jan 2018, 1:33:43 UTC

AMD patch is now in:

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/pti&id=694d99d40972f12e59a3696effee8a376b79d7c8

Don't you mean the AMD un-patch. AMD's don't have the flaw or need the patch.
ID: 1910439 · Report as offensive
Profile Keith Myers Special Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 29 Apr 01
Posts: 4395
Credit: 262,735,949
RAC: 598,653
United States
Message 1910441 - Posted: 4 Jan 2018, 1:36:05 UTC - in response to Message 1910439.  

Correct. The linux kernel for AMD chips needs to have the security flaw patch removed as it is not needed. Unfortunate as they were about to lockdown the latest kernels for no more features added.
Seti@Home classic workunits:20,676 CPU time:74,226 hours
ID: 1910441 · Report as offensive
Cavalary

Send message
Joined: 15 Jul 99
Posts: 71
Credit: 5,822,475
RAC: 2,609
Romania
Message 1910452 - Posted: 4 Jan 2018, 2:57:39 UTC

Things are even worse than thought from a security perspective: https://twitter.com/nicoleperlroth/status/948684376249962496 for a summary, NYT article linked there too. So Meltdown affects all Intel CPUs since '95 bar pre-2013 Itanium and Atom and the software fix will result in a hefty performance hit, mainly for I/O operations, and at least in case of Windows (since MS pushed it out already, early) said fix may not be installed for those running certain security software, while Spectre is harder to exploit but affects everything, is a fundamental flaw in CPU design and will be with us for a decade to come, the only real fix being to redesign CPU architecture and replace all CPUs in existence basically.

Anyone else have the feeling that we're waking up to a new world again, a heck of a lot more dangerous one?
ID: 1910452 · Report as offensive
Profile HAL9000
Volunteer tester
Avatar

Send message
Joined: 11 Sep 99
Posts: 6530
Credit: 184,514,245
RAC: 47,251
United States
Message 1910453 - Posted: 4 Jan 2018, 2:59:16 UTC

So far the details seem to be that some parts of protected kernel memory can be read.
Some sites are reporting that the issue is also present in ARM processors.

MS has issued the patch in November to users in the "fast ring" of updates and Apple pushed out an initial patch in early December.
SETI@home classic workunits: 93,865 CPU time: 863,447 hours
Join the BP6/VP6 User Group today!
ID: 1910453 · Report as offensive
Profile Keith Myers Special Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 29 Apr 01
Posts: 4395
Credit: 262,735,949
RAC: 598,653
United States
Message 1910457 - Posted: 4 Jan 2018, 4:15:37 UTC

It will be interesting to see how fast MS pushes out a software update. Wonder if it will go into the next Patch Tuesday? Or will they get even more proactive and release an imminent patch tomorrow? Same question for the Linux distributions. How much hysteria will this flaw produce? Not a slow tech news day today at all. See that Intel stock got hit with a 3% drop after the announcement and it looks like it is continuing after hours. Would have been nice to have held an Intel short position today before announcement. See that the Intel CEO sold off stock after he was informed of the flaw back in November. Wonder if an insider trading investigation will happen.

CES attendees will something to gossip about next week.
Seti@Home classic workunits:20,676 CPU time:74,226 hours
ID: 1910457 · Report as offensive
Grant (SSSF)
Volunteer tester

Send message
Joined: 19 Aug 99
Posts: 9808
Credit: 126,689,566
RAC: 85,201
Australia
Message 1910473 - Posted: 4 Jan 2018, 6:59:14 UTC - in response to Message 1910439.  

AMD patch is now in:

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/pti&id=694d99d40972f12e59a3696effee8a376b79d7c8

Don't you mean the AMD un-patch. AMD's don't have the flaw or need the patch.

Three are 2 different security issues, and AMD (and other manufacturers) are affected by it as well. And even for those that are affected, the impact is very, very variable. Given the time frame to develop the patches, I suspect it will be some time before the true impact is known as they (the programmers) will have more time to work on the patch & work on mitigating it's effects once they are better understood.

Researchers reveal Meltdown and Spectre CPU exploits
Grant
Darwin NT
ID: 1910473 · Report as offensive
Profile tullio Project Donor
Volunteer moderator
Volunteer tester

Send message
Joined: 9 Apr 04
Posts: 6673
Credit: 1,955,767
RAC: 859
Italy
Message 1910482 - Posted: 4 Jan 2018, 9:24:40 UTC
Last modified: 4 Jan 2018, 9:25:23 UTC

theregister.co.uk says that all chips which allow out of order processing are vulnerable. Only immune chips are Itanium and Atom before 2013, because they don't allow out of order processing.
Tullio
ID: 1910482 · Report as offensive
Richard Haselgrove Project Donor
Volunteer tester

Send message
Joined: 4 Jul 99
Posts: 11969
Credit: 117,658,784
RAC: 53,337
United Kingdom
Message 1910486 - Posted: 4 Jan 2018, 11:17:34 UTC - in response to Message 1910457.  

Wonder if it will go into the next Patch Tuesday?
The advance 'Update Summary' for this month (which I received by email from Microsoft at 03:12 UTC this morning - about 8 hours ago) suggests that there WON'T be anything. The only critical update seems to be browser-related, not kernel.
ID: 1910486 · Report as offensive
Keldon Special Project $250 donor

Send message
Joined: 28 Nov 17
Posts: 7
Credit: 14,926,176
RAC: 170,177
Channel Islands
Message 1910487 - Posted: 4 Jan 2018, 11:39:38 UTC

Meltdown and Spectre have their own website which can be found here:-

https://spectreattack.com/
ID: 1910487 · Report as offensive
Keldon Special Project $250 donor

Send message
Joined: 28 Nov 17
Posts: 7
Credit: 14,926,176
RAC: 170,177
Channel Islands
Message 1910494 - Posted: 4 Jan 2018, 13:36:44 UTC - in response to Message 1910487.  

Good news - Meltdown, which affects almost all Intel chips, should be mitigated by patches and firmware updates with a potential slowdown dependent on activity, yet to be fully ascertained, but which may be reduced over time with more refined patches.

Bad news - Spectre, which affects AMD, Arm and others as well as Intel (basically almost every computer, tablet and smartphone in the world), while more difficult to exploit is also proving more difficult to fully patch against so far. Solution from US Government - replace your CPU!

https://www.kb.cert.org/vuls/id/584653

With what?

Nearly all CPUs in production and development have the Spectre flaw. By implication, if you want to be secure switch off all your computers, tablets and smartphones until about 2021 when CPUs without the flaw may become available in bulk. Oh and don't buy any new ones in the meantime.

Although the risk may be very low, we are going to have to live with it for at least a few years. Hopefully patches will be developed which fully mitigate Spectre. Some people are going to have to buy machines knowing they are flawed but many will probably wait.

We are going to see a race. Every CPU manufacturer will have to work out how to dump existing pipelines, redesigning, testing and manufacturing completely new CPU designs. They may not all survive the inevitable lawsuits and costs.
ID: 1910494 · Report as offensive
Profile Mike Special Project $75 donor
Volunteer tester
Avatar

Send message
Joined: 17 Feb 01
Posts: 31063
Credit: 62,672,670
RAC: 27,694
Germany
Message 1910495 - Posted: 4 Jan 2018, 13:37:22 UTC

From Tom Lendacky <>
Subject [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors
Date Tue, 26 Dec 2017 23:43:54 -0600


AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kernel/cpu/common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c47de4e..7d9e3b0 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)

setup_force_cpu_cap(X86_FEATURE_ALWAYS);

- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);

fpu__init_system(c);

With each crime and every kindness we birth our future.
ID: 1910495 · Report as offensive
Sirius B Project Donor
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 18140
Credit: 2,511,173
RAC: 1,817
Ireland
Message 1910497 - Posted: 4 Jan 2018, 13:58:20 UTC

What the big boys said

You got to love their PR guys :-)

"Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers."
ID: 1910497 · Report as offensive
Cygnus X-1
Volunteer tester

Send message
Joined: 15 Feb 04
Posts: 61
Credit: 2,009,563
RAC: 1,340
Canada
Message 1910500 - Posted: 4 Jan 2018, 14:24:22 UTC

I wonder if this will lead to an increased popularity for alternative architectures, assuming they are unaffected by these flaws.
ID: 1910500 · Report as offensive
1 · 2 · 3 · 4 . . . 7 · Next

Message boards : Number crunching : Intel security flaw


 
©2018 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.