Intel security flaw

Message boards : Number crunching : Intel security flaw
Message board moderation

To post messages, you must log in.

Previous · 1 . . . 3 · 4 · 5 · 6

AuthorMessage
Profile Kissagogo27 Special Project $75 donor
Avatar

Send message
Joined: 6 Nov 99
Posts: 715
Credit: 8,032,827
RAC: 62
France
Message 1914107 - Posted: 19 Jan 2018, 22:51:18 UTC

security is a feeling , not a real fact , if you trust you're secure then why install the patch ?

like with cars, without siting belts or air bags , you can drive away with it ..

for most people in a personnal environnement , who cares ?

that's sound different for professional use indeed ...

no patch for my XP with my old XP2800+ on Epox 8RDA3+ with an old Radeon 9500 (R300) it's already slow by the WEB 2.0 "revolution"
all old DX9 / Flash 9 optimisations code were deleted from actuals medias .. .


no more for W7 or other personal usage ... who cares about me ? really ? H4k3rs ? Cr4K3rs ? for what ?

on the other side of the web, passwords/ Credits cards codes were already find by them thru majors web companies ...
ID: 1914107 · Report as offensive
Grant (SSSF)
Volunteer tester

Send message
Joined: 19 Aug 99
Posts: 13720
Credit: 208,696,464
RAC: 304
Australia
Message 1914120 - Posted: 20 Jan 2018, 0:35:05 UTC
Last modified: 20 Jan 2018, 0:35:25 UTC

From the horse's mouth.
For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead.

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems.


More on the issue.
If there's a bright side to all this, it's that the PCID feature in Intel's x86-64 chips since 2010 can reduce the performance hit from patching Meltdown. (If you have a 32-bit system, you're on your own.)

Remediating Meltdown – which is present in modern Intel processors – involves enforcing complete separation between user processes' virtual memory spaces and the kernel's virtual memory areas. Rather than map the kernel into the top portion of every process's virtual memory space where it remains invisible unless required to handle an interrupt or system call, the kernel is moved to a separate virtual address space and context. This fix prevents malware from exploiting the Meltdown CPU bug to read kernel memory from user mode, and is referred to as Kernel Page Table Isolation.

Switching back and forth between these contexts – from the user process context to the kernel context and back to the user process – involves reloading page tables, one set describing the user process and another describing the kernel. These tables map the process or kernel's virtual memory to physical blocks of RAM or swap space.

These context switches from user process to kernel to process not only takes time, it also flushes any cached virtual-to-physical memory translations, all in all causing a performance hit, particularly on workloads that involve a lot of IO or system calls. But with PCID, there's no need to flush the entire translation lookaside buffer (TLB) cache on every context switch as selected TLB entries can be retained in the processor.

While most casual desktop users and gamers won't notice any prolonged slowdown, or any performance hit at all, people running IO or system-call intensive software, such as databases on backend servers, may notice the difference.
Grant
Darwin NT
ID: 1914120 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1915455 - Posted: 27 Jan 2018, 16:53:19 UTC
Last modified: 27 Jan 2018, 16:54:56 UTC

The Meltdown view according to Intel:


Intel Announces 'In-Silicon' Fixes For Meltdown And Spectre Coming This Year, 10nm Update

... Intel's financial performance has always been solid, often led by stellar +60% margins, but this briefing was somewhat different as some predict that the shadow of the Meltdown and Spectre vulnerabilities threaten to blot out some of Intel's black ink. That surely didn't happen, though, as Intel posted record results yet again and its stock is up 4% after hours...

... said the company would begin to ship products with "in-silicon" fixes for the vulnerabilities this year. He did not elaborate, but logically this means that the company will include these fixes in the 10nm generation of products...

... Some analysts are predicting that Intel could experience higher sales as companies refresh their hardware to offset the lost performance from the patches...




My personal reading and understanding of all that is that Intel enjoys (or has 'contrived') "stellar +60% margins" (that we overpay for) for a certain critically flawed CPU that Intel then expects us to 'buy again' for further profit... All without any assurance that there are no other security compromises/shortcomings in the name of Marketing and profit.

In my humble opinion, all very curiously monopolistic...


One NOT to buy into if at all possible...

IT is what we allow it to be,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1915455 · Report as offensive
Profile Keith Myers Special Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 29 Apr 01
Posts: 13161
Credit: 1,160,866,277
RAC: 1,873
United States
Message 1915466 - Posted: 27 Jan 2018, 18:01:06 UTC

Yes, caveat emptor. Linus Torvalds, the father of Linux posted a public email where he expressed his thoughts on what Intel is doing and the proposed fixes. He calls it "utter garbage"

From a thread in the Linux-Kernel forums. restrict/unrestrict Indirect Branch Speculation
Seti@Home classic workunits:20,676 CPU time:74,226 hours

A proud member of the OFA (Old Farts Association)
ID: 1915466 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1915810 - Posted: 29 Jan 2018, 20:40:42 UTC - in response to Message 1915466.  
Last modified: 29 Jan 2018, 20:57:24 UTC

Yes, caveat emptor. Linus Torvalds, the father of Linux posted a public email where he expressed his thoughts on what Intel is doing and the proposed fixes. He calls it "utter garbage"

From a thread in the Linux-Kernel forums. restrict/unrestrict Indirect Branch Speculation

That's since been picked up by The Register and made a little more readable for us mere mortals:


'WHAT THE F*CK IS GOING ON?' Linus Torvalds explodes at Intel spinning Spectre fix as a security feature

Patches slammed as 'complete and utter garbage' as Chipzilla U-turns on microcode

Intel's fix for Spectre variant 2 – the branch target injection design flaw affecting most of its processor chips – is not to fix it.

Rather than preventing abuse of processor branch prediction by disabling the capability and incurring a performance hit, Chipzilla's future chips – at least for a few years until microarchitecture changes can be implemented – will ship vulnerable by default but will include a protection flag that can be set by software. Intel explained its approach...

... The decision to address the flaw with an opt-in flag rather than activating defenses by default has left Linux kernel steward Linus Torvalds apoplectic.

Known for incendiary tirades, Torvalds does not disappoint...

... Marketing spin

The expectation here, at least on Torvald's part, is that a future chip addressing past flaws should include a flag or version number that tells the kernel it's not vulnerable, so no unneeded and potentially performance-killing mitigations need to be applied. In other words, the chip should indicate to the kernel that its hardware design has been revised to remove the Spectre vulnerability, and thus does not need any software mitigations or workarounds.

Intel's approach is backwards, making the fix opt-in...

... Annoyed by this convoluted approach, Torvalds himself suggested Intel's motivation is avoiding legal liability...




My personal understanding of that is that Intel's approach is really nasty and leaves a convoluted mess where the default is that all (including all other vendors') CPUs are assumed defective by default so as to be clobbered, but with a 'special Intel boot-time bit-flip for Intel chips' to enable for a 'security enhancement' (rather than simply use a 'bug is fixed' flag as is done for their FDIV and f00f bugs...). Utter vandalism against ALL CPUs! Or at least some bad unnecessarily convoluted code to differentiate what is or isn't 'fixed'...


A follow-on fun bit:

I want life to be boring, says Linus Torvalds as Linux 4.15 debuts

But Linux overlord braces for more Meltdown/Spectre excitement as kernelistas clean up remaining CPU messes

Linus Torvalds has hit the Go button on version 4.15 of the Linux kernel, blaming the Meltdown and Spectre CPU design flaws for the [unusual two weeks of] delay and warning of more pain to come as fixes trickle out for silicon architectures...




And now for a real mind-bender for part of the fix:

What is a retpoline and how does it prevent the recent kernel information disclosure attacks?

... As far as I can piece this together from the limited information at the moment, a retpoline is a return trampoline that uses an infinite loop that is never executed to prevent the CPU from speculating on the target of an indirect jump. The basic approach can be seen in...



As always for those articles, the comments make for some very good reading. Warning: Keep your favored beverage well away from anything electronic or electrical whilst imbibing! :-P

To summarize my personal reading and personal opinion and personal random understanding:

All "very unprofessional" of Intel and a total spin of deception from the Marketing and Legal people to ... cheaply extort yet more cash from their customers.

My view is that a better game is not to be a customer of Intel...!

There must be some rules/laws/morals against such trickery? Especially so for such essential infrastructure that is critical to our modern livelihoods and daily lives...


IT is what we allow it to be...
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1915810 · Report as offensive
PhonAcq

Send message
Joined: 14 Apr 01
Posts: 1656
Credit: 30,658,217
RAC: 1
United States
Message 1915815 - Posted: 29 Jan 2018, 21:17:04 UTC - in response to Message 1915810.  

Or, rather than whinging, pouting, baiting, and otherwise speaking and behaving badly, one could, even pseudo-dieties, suggest ways to resolve the issue and overall to improve the technology. "just sayin'"
ID: 1915815 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1915818 - Posted: 29 Jan 2018, 21:30:07 UTC - in response to Message 1915815.  
Last modified: 29 Jan 2018, 21:33:20 UTC

Or, rather than whinging, pouting, baiting, and otherwise speaking and behaving badly, one could, even pseudo-dieties, suggest ways to resolve the issue and overall to improve the technology. "just sayin'"

Oh... That's easy:

Remove the greedy pressure to: cut corners; compromise; rush with too much haste and too little time to design/test; cook up big numbers for the sake of Marketing; and worse...


A start for doing that is to promote some real and fair competition between at least five similarly sized players.

And REQUIRE MEANINGFUL STANDARDS for compatibility to remove to abuse of lock-in and monopolistic lock-in.

Even add some positive morals?


A good start is to expand the use of FLOSS and the adoption of a fully open Meritocracy.

But then again, that is a discussion to be taken up over in the politics forum... Please start your thread there?


Another angle is just to compare with the background surrounding AMD, ARM, Raspberry Pi, and RISC V...


IT really is what we allow it to be,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1915818 · Report as offensive
Profile Gary Charpentier Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 30608
Credit: 53,134,872
RAC: 32
United States
Message 1915825 - Posted: 29 Jan 2018, 22:19:47 UTC - in response to Message 1915818.  

Martin, why all that, much simpler, fire the customer, he demands too much.
ID: 1915825 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1916076 - Posted: 31 Jan 2018, 14:17:29 UTC
Last modified: 31 Jan 2018, 14:19:58 UTC

This may well make for an interesting twist:


Intel alerted Chinese cloud giants 'before US govt' about CPU bugs

'We certainly would have liked to have been notified of this' says Homeland Security

... The disclosure timeline raises the possibility that elements of the Chinese government may have known about the vulnerabilities before US tech giant Intel disclosed them to the American government and the public...

... a leaked memo from Intel to computer makers suggests that notification of the problem for at least one group of as-yet unnamed OEMs took place on November 29 via a non-disclosure agreement...

... Smaller cloud service providers were left playing "catch up." ... "Other folks had a six-month head start,"...




All at who's expense and profit?...

IT is what we allow it to be...
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1916076 · Report as offensive
Profile Mike Special Project $75 donor
Volunteer tester
Avatar

Send message
Joined: 17 Feb 01
Posts: 34253
Credit: 79,922,639
RAC: 80
Germany
Message 1916078 - Posted: 31 Jan 2018, 14:21:50 UTC
Last modified: 31 Jan 2018, 14:23:20 UTC

Doesn`t surprise me much Martin.
When i read about the chinese hacker group in canada last year which hacked a closed system in less than a minute without any tool all was clear to me.


With each crime and every kindness we birth our future.
ID: 1916078 · Report as offensive
kittyman Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Jul 00
Posts: 51468
Credit: 1,018,363,574
RAC: 1,004
United States
Message 1916080 - Posted: 31 Jan 2018, 14:23:25 UTC

Well, ya gotta ask yourself one question....................
If it took this long for this bug to come to light, how much of a problem is it really?
I am thinking that the medicine is worse than the disease here.

Meow.
"Freedom is just Chaos, with better lighting." Alan Dean Foster

ID: 1916080 · Report as offensive
Profile Mike Special Project $75 donor
Volunteer tester
Avatar

Send message
Joined: 17 Feb 01
Posts: 34253
Credit: 79,922,639
RAC: 80
Germany
Message 1916081 - Posted: 31 Jan 2018, 14:24:36 UTC - in response to Message 1916080.  
Last modified: 31 Jan 2018, 14:26:36 UTC

Well, ya gotta ask yourself one question....................
If it took this long for this bug to come to light, how much of a problem is it really?
I am thinking that the medicine is worse than the disease here.

Meow.


For a private person maybe not for big servers like a cloud and so on.
Even tough i dont like how Intel deals with it.
I know everything can get hacked but it shouldn`t be that easy.


With each crime and every kindness we birth our future.
ID: 1916081 · Report as offensive
Ghia
Avatar

Send message
Joined: 7 Feb 17
Posts: 238
Credit: 28,911,438
RAC: 50
Norway
Message 1916097 - Posted: 31 Jan 2018, 15:46:05 UTC - in response to Message 1916080.  
Last modified: 31 Jan 2018, 15:46:27 UTC

Well, ya gotta ask yourself one question....................
If it took this long for this bug to come to light, how much of a problem is it really?
I am thinking that the medicine is worse than the disease here.

Meow.

Well said...but then again, NOW every hacker knows about it and can take advantage of the weaknesses.
And of course, conspiracy theories will flourish...I'm sure there will be more :).
Humans may rule the world...but bacteria run it...
ID: 1916097 · Report as offensive
Sleepy
Volunteer tester
Avatar

Send message
Joined: 21 May 99
Posts: 219
Credit: 98,947,784
RAC: 28,360
Italy
Message 1916098 - Posted: 31 Jan 2018, 15:47:32 UTC - in response to Message 1916081.  
Last modified: 31 Jan 2018, 15:48:00 UTC

I also think for small end users the patch gives more problems than it solves.
For big datafarms, with plenty of information about their customers in their databases is of course another story. And to add damage, these contexts seem those more impacted in terms of performance by the patch.

Concerning Intel business, my home main PC is 8 years old now. It was a good one, so it is still good enough, but 8 years are 8 years and I was considering its replacement.

Given the facts, I think I will wait a little while to allow the dust to settle. This will make no good to Intel's business if I will be not alone doing so.

Sleepy
ID: 1916098 · Report as offensive
Profile Dimly Lit Lightbulb 😀
Volunteer tester
Avatar

Send message
Joined: 30 Aug 08
Posts: 15399
Credit: 7,423,413
RAC: 1
United Kingdom
Message 1917256 - Posted: 6 Feb 2018, 1:00:39 UTC - in response to Message 1916076.  

This may well make for an interesting twist:


Intel alerted Chinese cloud giants 'before US govt' about CPU bugs

'We certainly would have liked to have been notified of this' says Homeland Security

... The disclosure timeline raises the possibility that elements of the Chinese government may have known about the vulnerabilities before US tech giant Intel disclosed them to the American government and the public...

... a leaked memo from Intel to computer makers suggests that notification of the problem for at least one group of as-yet unnamed OEMs took place on November 29 via a non-disclosure agreement...

... Smaller cloud service providers were left playing "catch up." ... "Other folks had a six-month head start,"...




All at who's expense and profit?...

IT is what we allow it to be...
Martin

I was wondering when you'd pop up with a biased response.

Member of the People Encouraging Niceness In Society club.

ID: 1917256 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1917261 - Posted: 6 Feb 2018, 1:16:01 UTC - in response to Message 1917256.  
Last modified: 6 Feb 2018, 1:16:36 UTC

I was wondering when you'd pop up with a biased response.



Please explain the bias that you see?

Are we not at the wrong end of an effective monopoly??


IT is what we allow it to be...
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1917261 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1918327 - Posted: 11 Feb 2018, 20:50:12 UTC
Last modified: 11 Feb 2018, 21:24:32 UTC

A bit of an update from Intel:


Intel Releases Fixed Spectre Patch For Skylake CPUs

... After about two weeks since its last update on the issue, Intel would like us all to know that it hasn’t forgotten about fixing the faulty BIOS updates that were distributed en masse ...

If this sounds sarcastic, it’s because it’s hard not to be after reading Intel’s latest progress update on its efforts. Yes, briefly mentioned in there is the statement that Intel has released a fixed microcode update to system OEMs for Skylake CPUs, but the other 65% is just to teach us all ... That statement would be more relevant if the updates didn’t cause said systems to randomly reboot.

... Earlier, we reported that examples of Meltdown and Spectre exploits have already been spotted on the net, so what was once consolation in there being no evidence of Spectre-based exploits might be disappearing.

Intel’s microcode updates are given to system OEMs that distribute them to users in the form of system BIOS updates. ...




No comment from me lest the Intel fanboys/indoctrinated/faithful/blind or simply those embarrassingly overly overcharged/empoored give a random whimper...

:-(


IT is whatever we allow it to be...
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1918327 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20147
Credit: 7,508,002
RAC: 20
United Kingdom
Message 1918332 - Posted: 11 Feb 2018, 21:05:08 UTC
Last modified: 11 Feb 2018, 21:28:30 UTC

And as for a little more of the detail of what part of the Intel flaw(s?) it is that has caused such a (IT/Cloud) world tizzy these past few weeks, see this beautifully clear description:


Comment: On Understanding Spectre Meltdown CPU Vulnerabilities

... the CPU thinks that both indirect jumps look alike and starts speculatively executing at the usual address where the attacker code jumps...

... but until then speculative execution has executed pieces of code of the attacker's choosing. Code that would never be executed under normal circumstances...

... the CPU confuses them both (in the PDF's slide: ...because the CPU only stores the lower 3 nibbles "0x000" and they are exactly the same)...



My reading is that for the Spectre vulnerability, Intel CPUs are vulnerable due to the Intel design/circuitry incompletely testing a cache address. IIRC, that then allows an exploit to be consistently contrived, as demonstrated by a Google example.

In contrast, AMD is very much less vulnerable to Spectre due to (IIRC) hashing of ALL the address bits to determine a cache hit. IIRC, the hashing in effect randomizes the addresses to greatly complicate any exploitation for the AMD CPUs.

For the Meltdown vulnerability, IIRC, this is far more serious in that all privilege checks/restrictions effectively 'melt away' so that any/all memory locations can be read completely unrestricted, by any software. My understanding is that is unique to Intel's implementation/design.


All still a very big OUCH!

And this looks set to roll on for some time yet... :-(


IT is what we allow it to be,
Martin

IIRC: If I (personally) Read Correctly (and all just my own personal most humble opinion). Find out for yourself!
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 1918332 · Report as offensive
Previous · 1 . . . 3 · 4 · 5 · 6

Message boards : Number crunching : Intel security flaw


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.