Message boards :
Number crunching :
Intel security flaw
Message board moderation
Author | Message |
---|---|
Keldon Send message Joined: 28 Nov 17 Posts: 8 Credit: 124,341,599 RAC: 214 |
For those that have not heard, nearly all Intel CPU chips for the last 10 years have a serious security flaw that cannot be fixed by a firmware update and is having to have an operating system workaround to protect against the flaw being exploited. Linux and Windows patches for the Intel kernel security flaw are said to slow down CPU performance by between 5% to 30%. A Linux patch has already been released and tested on some systems and shows a 5% slow down for some tasks. Ironically the patch is applied irrespective of chip manufacturer meaning the current patch even slows down AMD machines without some setting changes. Anyone know how the patches will affect Seti task speeds? Anyone tested with the Linux patch? The Windows patch may not be out till 16 January so the full details of the flaw are embargoed till then but it does look to be a real bad one. |
Dr.Diesel Send message Joined: 14 May 99 Posts: 41 Credit: 123,695,755 RAC: 139 |
Looks like pretty much no gaming hit, so probably the same for us. Phoronix has an initial bench set, with I/O getting hit pretty hard, might be some rough times ahead for Intel. The bug doesn't affect AMD but the initial patch hit all 64bit systems regardless of maker, I suspect AMD will submit a patch in the next day or two to fix that, if they've not already. In any case if one wishes to continue on anyhow (on Linux), the nopti kernel parameter will revert the patch at boot. Windows details won't be out for a couple more weeks. |
Ghia Send message Joined: 7 Feb 17 Posts: 238 Credit: 28,911,438 RAC: 50 |
Hehe, I know at least one here who soon will start bashing Intel (and of course continue with his Windows bashing.) There is only one King of Intel bashing.. ;-) Humans may rule the world...but bacteria run it... |
Dr.Diesel Send message Joined: 14 May 99 Posts: 41 Credit: 123,695,755 RAC: 139 |
AMD patch is now in: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/pti&id=694d99d40972f12e59a3696effee8a376b79d7c8 |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Regardless of manufacturer that's bad for computing as a whole. With the world's reliance on computers, it's bad enough having to contend with software flaws but hardware flaws... |
Advent42 Send message Joined: 23 Mar 17 Posts: 175 Credit: 4,015,683 RAC: 0 |
Ah sure it'll be grand...:-) |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30651 Credit: 53,134,872 RAC: 32 |
AMD patch is now in: Don't you mean the AMD un-patch. AMD's don't have the flaw or need the patch. |
Keith Myers Send message Joined: 29 Apr 01 Posts: 13164 Credit: 1,160,866,277 RAC: 1,873 |
Correct. The linux kernel for AMD chips needs to have the security flaw patch removed as it is not needed. Unfortunate as they were about to lockdown the latest kernels for no more features added. Seti@Home classic workunits:20,676 CPU time:74,226 hours A proud member of the OFA (Old Farts Association) |
Cavalary Send message Joined: 15 Jul 99 Posts: 104 Credit: 7,507,548 RAC: 38 |
Things are even worse than thought from a security perspective: https://twitter.com/nicoleperlroth/status/948684376249962496 for a summary, NYT article linked there too. So Meltdown affects all Intel CPUs since '95 bar pre-2013 Itanium and Atom and the software fix will result in a hefty performance hit, mainly for I/O operations, and at least in case of Windows (since MS pushed it out already, early) said fix may not be installed for those running certain security software, while Spectre is harder to exploit but affects everything, is a fundamental flaw in CPU design and will be with us for a decade to come, the only real fix being to redesign CPU architecture and replace all CPUs in existence basically. Anyone else have the feeling that we're waking up to a new world again, a heck of a lot more dangerous one? |
HAL9000 Send message Joined: 11 Sep 99 Posts: 6534 Credit: 196,805,888 RAC: 57 |
So far the details seem to be that some parts of protected kernel memory can be read. Some sites are reporting that the issue is also present in ARM processors. MS has issued the patch in November to users in the "fast ring" of updates and Apple pushed out an initial patch in early December. SETI@home classic workunits: 93,865 CPU time: 863,447 hours Join the [url=http://tinyurl.com/8y46zvu]BP6/VP6 User Group[ |
Keith Myers Send message Joined: 29 Apr 01 Posts: 13164 Credit: 1,160,866,277 RAC: 1,873 |
It will be interesting to see how fast MS pushes out a software update. Wonder if it will go into the next Patch Tuesday? Or will they get even more proactive and release an imminent patch tomorrow? Same question for the Linux distributions. How much hysteria will this flaw produce? Not a slow tech news day today at all. See that Intel stock got hit with a 3% drop after the announcement and it looks like it is continuing after hours. Would have been nice to have held an Intel short position today before announcement. See that the Intel CEO sold off stock after he was informed of the flaw back in November. Wonder if an insider trading investigation will happen. CES attendees will something to gossip about next week. Seti@Home classic workunits:20,676 CPU time:74,226 hours A proud member of the OFA (Old Farts Association) |
Grant (SSSF) Send message Joined: 19 Aug 99 Posts: 13736 Credit: 208,696,464 RAC: 304 |
AMD patch is now in: Three are 2 different security issues, and AMD (and other manufacturers) are affected by it as well. And even for those that are affected, the impact is very, very variable. Given the time frame to develop the patches, I suspect it will be some time before the true impact is known as they (the programmers) will have more time to work on the patch & work on mitigating it's effects once they are better understood. Researchers reveal Meltdown and Spectre CPU exploits Grant Darwin NT |
tullio Send message Joined: 9 Apr 04 Posts: 8797 Credit: 2,930,782 RAC: 1 |
theregister.co.uk says that all chips which allow out of order processing are vulnerable. Only immune chips are Itanium and Atom before 2013, because they don't allow out of order processing. Tullio |
Richard Haselgrove Send message Joined: 4 Jul 99 Posts: 14650 Credit: 200,643,578 RAC: 874 |
Wonder if it will go into the next Patch Tuesday?The advance 'Update Summary' for this month (which I received by email from Microsoft at 03:12 UTC this morning - about 8 hours ago) suggests that there WON'T be anything. The only critical update seems to be browser-related, not kernel. |
Keldon Send message Joined: 28 Nov 17 Posts: 8 Credit: 124,341,599 RAC: 214 |
Meltdown and Spectre have their own website which can be found here:- https://spectreattack.com/ |
Keldon Send message Joined: 28 Nov 17 Posts: 8 Credit: 124,341,599 RAC: 214 |
Good news - Meltdown, which affects almost all Intel chips, should be mitigated by patches and firmware updates with a potential slowdown dependent on activity, yet to be fully ascertained, but which may be reduced over time with more refined patches. Bad news - Spectre, which affects AMD, Arm and others as well as Intel (basically almost every computer, tablet and smartphone in the world), while more difficult to exploit is also proving more difficult to fully patch against so far. Solution from US Government - replace your CPU! https://www.kb.cert.org/vuls/id/584653 With what? Nearly all CPUs in production and development have the Spectre flaw. By implication, if you want to be secure switch off all your computers, tablets and smartphones until about 2021 when CPUs without the flaw may become available in bulk. Oh and don't buy any new ones in the meantime. Although the risk may be very low, we are going to have to live with it for at least a few years. Hopefully patches will be developed which fully mitigate Spectre. Some people are going to have to buy machines knowing they are flawed but many will probably wait. We are going to see a race. Every CPU manufacturer will have to work out how to dump existing pipelines, redesigning, testing and manufacturing completely new CPU designs. They may not all survive the inevitable lawsuits and costs. |
Mike Send message Joined: 17 Feb 01 Posts: 34258 Credit: 79,922,639 RAC: 80 |
From Tom Lendacky <> With each crime and every kindness we birth our future. |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
What the big boys said You got to love their PR guys :-) "Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers." |
Cygnus X-1 Send message Joined: 15 Feb 04 Posts: 75 Credit: 3,732,505 RAC: 175 |
I wonder if this will lead to an increased popularity for alternative architectures, assuming they are unaffected by these flaws. |
Keldon Send message Joined: 28 Nov 17 Posts: 8 Credit: 124,341,599 RAC: 214 |
Windows has an update - KB4056892 Check this is installed in Windows Update. Also requires a restart to install. BIOS updates also coming from Intel via OEMs so check BIOS and firmware update status from Dell, HP etc depending on your machine manufacturer. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.