Moderators: richierich, ua900, PanAm_DC10, hOMSaR

 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 6:32 pm

https://www.theregister.co.uk/2018/01/0 ... sign_flaw/ is all the rage in nerd circles today.

I think 'redesign' is overkill, but it does indeed force major workarounds with significant performance hits to be installed into all the major OSes.

If I wanted to hype it, I'd say it's probably going to end up being the most expensive bug of all time. Just think of all the the software images that will need to be rebuilt, retested, re-installed, etc all around the world. Pretty much any OS running on any Intel hardware from the last two decades. Since there's lots more of that stuff than what we had running in the year 2000, it'll probably be more expensive.

It'll be interesting to see if the world pressures Intel to fix the hardware such as the old FDIV bug.. If so, it'll be massively expensive. That one cost Intel $476M back in 1995 ( ref: https://en.wikipedia.org/wiki/Pentium_FDIV_bug ) . This one would eclipse that by far if they have to fix it.

My (probably flawed) understanding of the issue is as follows.

Modern Intel processors (post 1995 or so) do speculative execution. That means they start executing code down different logic paths even before they know if those logic paths are going to be taken or not. The processor is supposed to quash the results of all the code for all the paths that should not be taken. The Intel processor apparently does this too late in various cases. In specific, it allows memory reads to pull data from memory into the processor cache that is destined for memory registers. It quashes the instruction before the register is updated but after the memory is read into the cache. This failure to quash also happens in cases where you should not even be allowed to read the memory i.e. memory that is part of the OS kernel.

What this means is you can create a code that reads kernel memory on logic paths that are not supposed to be executed, and then finds the data that is should not have been read in the CPU cache, which is simple to do with hand crafted code. Once you can read kernel memory you can learn pretty much everything the kernel knows, such as passwords, encryption keys, etc.

And it's not theoretical, there's known exploits: https://twitter.com/brainsmoke/status/9 ... 9875502080

Apparently AMD is saying they do not have this bug, even though their chips also do speculative execution. That means they were more careful in how they quashed the results of the speculative execution than Intel apparently was.

My previous job used to involve working on these kinds of problems. All I can say is that a lot of people will be having a bad day today, and I'm glad I'm no longer one of them!
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
casinterest
Posts: 11523
Joined: Sat Feb 12, 2005 5:30 am

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 6:58 pm

Revelation wrote:
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ is all the rage in nerd circles today.

Apparently AMD is saying they do not have this bug, even though their chips also do speculative execution. That means they were more careful in how they quashed the results of the speculative execution than Intel apparently was.

My previous job used to involve working on these kinds of problems. All I can say is that a lot of people will be having a bad day today, and I'm glad I'm no longer one of them!


Spectre is the exploit everyone seems to be most worried about as it exposes the keys to the castle.

AMD is apparently stating through emails to their user groups that they do a check on the access prior to allowing the speculative execution to be run. Therefore a lower privileged user such as JavaScript can't access the data returned by a speculative call to the core kernel that will not result in a valid response. If that is true, then the Microprocessor design is sound. However there may be software fixes for the chips to help with some of the other issues out there.
I think everyone is saying Intel may need HW changes, as their advertised processing speeds are affected by the fixes apparently needed to quash the response tables.

Meltdown to me seems to be software related and OS centric, as it allows information to be accessed from the results pulled from Spectre.
Where ever you go, there you are.
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 7:48 pm

Thanks for the update.

Seems the report I was working from is a day old and as I said maybe a bit over hyped.

Seems I was largely describing Meltdown.

https://www.anandtech.com/show/12214/un ... nd-spectre tells us Spectre is not very well understood in the public domain:

It’s not clear just what the full security ramifications of Spectre are: While Meltdown is the more immediate threat, how it works and how to mitigate it are fairly well documented. Spectre however is a definite wildcard right now. There are multiple proof of concept attacks as it stands, but more broadly speaking, Spectre attacks are a new class of attacks not quite like anything vendors have seen before. As a result no one is completely confident that they understand the full security ramifications of the exploit. There is a risk that Spectre attacks can be used for more than what’s currently understood.

It’s also not clear just how well Spectre can be mitigated: The corollary to not fully understanding the attack surface of Spectre is that defending against it is not fully understood either. The researchers behind the attack for their part are not convinced that software or microcode updates are enough to fully resolve the problem, and are advising that they should be treated as stop-gap solutions for now. Specific types of Spectre attacks can be mitigated with care, but those protections may not help against other types of Spectre attacks. It’s an area where a lot more research needs to be done.


Very interested to learn more about it, especially now that it's not my job to fix it! :D
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
KarelXWB
Posts: 26968
Joined: Sun Jul 15, 2012 6:13 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 8:04 pm

The flaw was discovered in June 2017 by Google's Project Zero. Intel, AMD and ARM were approached about it and an agreement was reached to keep it a secret until the end of 2017, to give software developers enough time to get it fixed.

The Linux kernel patch is available at: https://git.kernel.org/pub/scm/linux/ke ... 7c8080a9bf

Some initial benchmarks after applying the patch:

https://www.phoronix.com/scan.php?page= ... -kvm&num=1
https://www.phoronix.com/scan.php?page= ... ming-Tests
https://www.phoronix.com/scan.php?page= ... kpti&num=1
https://www.phoronix.com/scan.php?page= ... 6pti&num=1
What we leave behind is not as important as how we've lived.
 
User avatar
casinterest
Posts: 11523
Joined: Sat Feb 12, 2005 5:30 am

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 8:29 pm

KarelXWB wrote:
The flaw was discovered in June 2017 by Google's Project Zero. Intel, AMD and ARM were approached about it and an agreement was reached to keep it a secret until the end of 2017, to give software developers enough time to get it fixed.

The Linux kernel patch is available at: https://git.kernel.org/pub/scm/linux/ke ... 7c8080a9bf

Some initial benchmarks after applying the patch:

https://www.phoronix.com/scan.php?page= ... -kvm&num=1
https://www.phoronix.com/scan.php?page= ... ming-Tests
https://www.phoronix.com/scan.php?page= ... kpti&num=1
https://www.phoronix.com/scan.php?page= ... 6pti&num=1


Just to be clear, this is the Linux patch. Not the Intel patches that will be needed to close down Spectre.
Where ever you go, there you are.
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 8:51 pm

KarelXWB wrote:
The flaw was discovered in June 2017 by Google's Project Zero. Intel, AMD and ARM were approached about it and an agreement was reached to keep it a secret until the end of 2017, to give software developers enough time to get it fixed.

The Linux kernel patch is available at: https://git.kernel.org/pub/scm/linux/ke ... 7c8080a9bf

Some initial benchmarks after applying the patch:

https://www.phoronix.com/scan.php?page= ... -kvm&num=1
https://www.phoronix.com/scan.php?page= ... ming-Tests
https://www.phoronix.com/scan.php?page= ... kpti&num=1
https://www.phoronix.com/scan.php?page= ... 6pti&num=1


Very interesting.

For those with a computer science background yet not up to speed on the issue, the white paper you can download from ARM at https://developer.arm.com/support/security-update is also very informative.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 9:11 pm

https://newsroom.intel.com/news/intel-r ... -findings/ is an interesting corporate spin on things.

They hype up the 'computer security researcher' angle, yet this thing has escaped into the wild.

They lump together Meltdown and Spectre, then say "these" exploits are an industry wide problem, yet from what I read Meltdown is an Intel-specific flaw in their implementation of speculative execution.

They recommend looking for 'updates' and don't ever speak of 'fixes'.

I bet a lot of lawyers made a lot of money writing/reviewing that statement.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
casinterest
Posts: 11523
Joined: Sat Feb 12, 2005 5:30 am

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 9:35 pm

Revelation wrote:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ is an interesting corporate spin on things.

They hype up the 'computer security researcher' angle, yet this thing has escaped into the wild.

They lump together Meltdown and Spectre, then say "these" exploits are an industry wide problem, yet from what I read Meltdown is an Intel-specific flaw in their implementation of speculative execution.

They recommend looking for 'updates' and don't ever speak of 'fixes'.

I bet a lot of lawyers made a lot of money writing/reviewing that statement.


My favorite is this safe sounding but descriptive line :)
"

Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.



"

I guarantee you that Google cloud, Amazon Cloud, Microsoft Azure, and HP server users are not Average users.
Last edited by casinterest on Thu Jan 04, 2018 9:38 pm, edited 2 times in total.
Where ever you go, there you are.
 
User avatar
KarelXWB
Posts: 26968
Joined: Sun Jul 15, 2012 6:13 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 9:38 pm

And for people without computer science background:

https://danielmiessler.com/blog/simple- ... n-spectre/

- Meltdown is Intel-only and takes advantage of a privilege escalation flaw allowing kernel memory access from user space, meaning any secret a computer is protecting (even in the kernel) is available to any user able to execute code on the system.

- Spectre applies to Intel, ARM, and AMD processors and works by tricking processors into executing instructions they should not have been able to, granting access to sensitive information in other applications’ memory space.


And:

The major risk consideration here is whether you have multiple users sharing a single CPU.

This means regular systems with multiple accounts, virtualization environments, and cloud.


Image
What we leave behind is not as important as how we've lived.
 
salttee
Posts: 3149
Joined: Wed Jul 13, 2016 3:26 am

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 10:47 pm

Thanks for the meltdown description Revelation, I was about to go on a search for that.

Re: meltdown: As I understand it, cache holds instructions, not data. Each time you would "swipe" the contents of an abandoned cache would be asynchronous and unpredictable; how would you even know which kernel the code is from? That sounds pretty esoteric to me.
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Thu Jan 04, 2018 11:33 pm

salttee wrote:
Thanks for the meltdown description Revelation, I was about to go on a search for that.

Re: meltdown: As I understand it, cache holds instructions, not data. Each time you would "swipe" the contents of an abandoned cache would be asynchronous and unpredictable; how would you even know which kernel the code is from? That sounds pretty esoteric to me.

Re: instructions vs data: typically 1st level of cache has separate instruction and data cache, then further layers (usually three in intel server systems) are unified i.e. have both instructions and data in them.

Re: where did the code come from: yes, it is esoteric -- from the ARM white paper I referenced above:

The basic principle behind cache timing side-channels is that the pattern of allocations into the cache, and, in
particular, which cache sets have been used for the allocation, can be determined by measuring the time taken to
access entries that were previously in the cache, or by measuring the time to access the entries that have been
allocated. This then can be used to determine which addresses have been allocated into the cache.

Says it far better than I can. In retrospect what I stated earlier is too simplistic, because I never mentioned this stuff.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
Ken777
Posts: 10077
Joined: Thu Mar 11, 2004 5:39 am

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 2:46 am

I'm too old to really understand this issue. Basically (for me) it is a problem that a lot of very smart guys & gals are going to be working really hard on fixes. People limiting their computer use to email, FaceBook and pictures will probably not have any problems. They probably won't realize that their computer is slowing down a bit.

Heavy users are where the focus is needed and that is where Intel is going to need to take care of important customers and important industries.

There is also going to be confusion among those attorneys who filed claim action suits on the iPhone battery issue. Should they continue or drop.spending assets on it and go for Intel.
 
solarflyer22
Posts: 1517
Joined: Wed Nov 25, 2009 7:07 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 4:46 am

It doesn't strike you as odd that both American made CPUs have an enormous vulnerability that are around 22 years old? That these vulnerabilities could be used to expose the Kernel and essentially anything the CPU is doing circumventing security at the firmware, OS and application level? That no virus scanner could even dream to catch or stop anything using this exploit? And that if someone had been aware of these exploits, they could have been using it to spy on people fairly easily? Doesn't also seem odd that it was introduced in the 90s around the time certain 3 lettered agencies started to get very sophisticated with their spying right as Windows 95 made PCs universal?

It looks like a planted exploit IMO and we know for a fact certain representatives at NIST were planting trojans. It impacts Mac OS as well. It does not impact Russian or Chinese military hardware which surprise, surprise, doesn't use x86 architecture. Sure its slower but trust me, someone knew this was out there in the wild a long time ago.
 
salttee
Posts: 3149
Joined: Wed Jul 13, 2016 3:26 am

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 5:25 am

solarflyer22 you're getting into tinfoil hat territory there. This is a pretty esoteric anomaly that looks (to me) to be unexploitable for actual "spying". Even if someone had been aware of the issue called meltdown, there is no certainty (likelyhood imo) that it could have actually been used to glean data in the real world. Under laboratory conditions someone might be able to access another kernel but not so much IRL. If you did snatch some data from another partition you would just as likely gotten the mouse pointer position as any password.

How do you know that it doesn't effect Russian or Chinese crap? They used to make carbon copies of western computer gear, how do you know that they haven't gotten their hands on some Intel microcode to make their stuff fly?

BTW
Does anyone here know anything about Russian systems? Do they use Intel or Motorola clones?
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 12:22 pm

solarflyer22 wrote:
It doesn't strike you as odd that both American made CPUs have an enormous vulnerability that are around 22 years old? That these vulnerabilities could be used to expose the Kernel and essentially anything the CPU is doing circumventing security at the firmware, OS and application level? That no virus scanner could even dream to catch or stop anything using this exploit? And that if someone had been aware of these exploits, they could have been using it to spy on people fairly easily? Doesn't also seem odd that it was introduced in the 90s around the time certain 3 lettered agencies started to get very sophisticated with their spying right as Windows 95 made PCs universal?

It looks like a planted exploit IMO and we know for a fact certain representatives at NIST were planting trojans. It impacts Mac OS as well. It does not impact Russian or Chinese military hardware which surprise, surprise, doesn't use x86 architecture. Sure its slower but trust me, someone knew this was out there in the wild a long time ago.

Ha ha ha ha ha ha ha ha ha ha!

Nope, I was there working on this kind of tech in the 90s ( ref: https://en.wikipedia.org/wiki/Alpha_212 ... _execution ) and we were working so damn hard just to get it to work right we gave no thought to side channel timing attacks. Even if it was a theoretical possibility, no one would know how to exploit it well enough to use it, never mind how to implant it in a way that would make it exploitable.

Yet in another way, you are right. IMHO if NSA/CIA/FBI/NIST/whatever asked any of the US chip makers for a back door they would get a back door, and it would not be a subtle timing attack, it'd be a back door with a masked location but with much more direct usefulness than a subtle timing attack. I.e. it'd look more like the LOM chips we know all servers have and are pretty much the ideal thing someone like NSA/CIA/whatever would want on every server motherboard. It's a one stop shop for hacking because it has its own CPU to run the hacked code so it's invisible to the code running on the server itself, and it has access to the server's memory and network interfaces.

So, if you want to cook up a conspiracy theory go for it, but IMHO you're barking up the wrong tree.

If you want to sound more informed, go read Snowden's leaks. They are the real deal, for better or for worse. Or does your conspiratorial mind think that everything Snowden leaked was stuff that the NSA wanted us to have? If so, ha ha ha ha ha ha ha ha ha ha!
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
KarelXWB
Posts: 26968
Joined: Sun Jul 15, 2012 6:13 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 12:48 pm

For Windows operating systems, Microsoft has issued an emergency security patch through Windows Update.

Article: https://www.theverge.com/2018/1/3/16846 ... ows-10-fix
Patch KB4056892: https://support.microsoft.com/en-us/hel ... -kb4056892

If you are running third-party antivirus software, it is possible you won’t see that patch yet. Antivirus companies are working on patches as well, that need to be installed first.
What we leave behind is not as important as how we've lived.
 
User avatar
KarelXWB
Posts: 26968
Joined: Sun Jul 15, 2012 6:13 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 12:53 pm

And an update regarding browser software patches:

1) Mozilla: patch available from Firefox 57.0.4 https://blog.mozilla.org/security/2018/ ... ng-attack/
2) Google: patch available from Chrome 64, to be released on January 23 https://www.chromium.org/Home/chromium-security/ssca
3) Microsoft: patch available for Edge via Windows Update https://support.microsoft.com/en-us/hel ... -kb4056890
4) Apple: no news on Safari yet
What we leave behind is not as important as how we've lived.
 
User avatar
KarelXWB
Posts: 26968
Joined: Sun Jul 15, 2012 6:13 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 1:04 pm

Linus Torvalds has some sharp words to share:

A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains. Maybe even a L1 I$ that is keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the ARM64 people more.


https://lkml.org/lkml/2018/1/3/797
What we leave behind is not as important as how we've lived.
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 1:32 pm

KarelXWB wrote:
Linus Torvalds has some sharp words to share:

A *competent* CPU engineer would fix this by making sure speculation doesn't happen across protection domains. Maybe even a L1 I$ that is keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the ARM64 people more.


https://lkml.org/lkml/2018/1/3/797

Yes, this is in agreement with my reply #7 that what Intel is doing is focused on putting their corporate spin on things instead of addressing the problem itself.

Thanks for posting this.

My current project is using ARM64 so if the world moves in that direction I'm already there! :biggrin:

I have worked with Intel before and while they are supportive of Linux it's clear that their real focus is Windows.

That's a shame because most of the advancement in computer science happens in the open source world first.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 1:42 pm

Ken777 wrote:
I'm too old to really understand this issue. Basically (for me) it is a problem that a lot of very smart guys & gals are going to be working really hard on fixes. People limiting their computer use to email, FaceBook and pictures will probably not have any problems. They probably won't realize that their computer is slowing down a bit.

Heavy users are where the focus is needed and that is where Intel is going to need to take care of important customers and important industries.

There is also going to be confusion among those attorneys who filed claim action suits on the iPhone battery issue. Should they continue or drop.spending assets on it and go for Intel.

As Karel is showing, there are updates for the operating system (Windows) and the web browsers (Mozilla/Firefox, Google Chrome, etc) to address this issue.

I'm running Windows 7 and the patch for it came in yesterday via Windows Update.

I just updated Chrome and then Firefox using the Help -> About menu of each.

Also updated anti-virus.

Hopefully that does it all for me.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
KarelXWB
Posts: 26968
Joined: Sun Jul 15, 2012 6:13 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 1:56 pm

For Android users, Google released a patch via the Security Bulletin of January 2018.

See https://source.android.com/security/bulletin/2018-01-01

Not everyone will receive this patch as many vendors do not support older smartphones anymore.
What we leave behind is not as important as how we've lived.
 
User avatar
casinterest
Posts: 11523
Joined: Sat Feb 12, 2005 5:30 am

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 4:47 pm

Revelation wrote:
Ken777 wrote:
I'm too old to really understand this issue. Basically (for me) it is a problem that a lot of very smart guys & gals are going to be working really hard on fixes. People limiting their computer use to email, FaceBook and pictures will probably not have any problems. They probably won't realize that their computer is slowing down a bit.

Heavy users are where the focus is needed and that is where Intel is going to need to take care of important customers and important industries.

There is also going to be confusion among those attorneys who filed claim action suits on the iPhone battery issue. Should they continue or drop.spending assets on it and go for Intel.

As Karel is showing, there are updates for the operating system (Windows) and the web browsers (Mozilla/Firefox, Google Chrome, etc) to address this issue.

I'm running Windows 7 and the patch for it came in yesterday via Windows Update.

I just updated Chrome and then Firefox using the Help -> About menu of each.

Also updated anti-virus.

Hopefully that does it all for me.



What everyone is doing is securing their layer above the processor, which should help out, but at the end of the day, there are issues with how the CPU's are exposed to some of these attacks. The CPU is still the fastest processor of information, and forcing the security fixes for a CPU flaw above the CPU layer is a time cost for processing.
The Intel fight is much like how windows was developed. Get it done quickly, and worry about the back doors later.

In this time and space, the security backdoors keep getting opened up quicker and quicker.
Where ever you go, there you are.
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 4:53 pm

casinterest wrote:
The Intel fight is much like how windows was developed. Get it done quickly, and worry about the back doors later.

In the case of Meltdown, it seems they were not diligent enough. AMD has similar features and does not have the same exposure.

casinterest wrote:
In this time and space, the security backdoors keep getting opened up quicker and quicker.

Yes and no. The Spectre technology has taken 20 years to become mature, and is an unintended consequence of how modern CPUs work. It's as if you could learn who is driving just because of the way the car's turbocharger works. It's not a good thing, but at this point in time it's not well understood broadly enough to do impact assessment. I doubt the outcome will be that we get rid of turbochargers. There's just too much upside for us to get rid of them.

On the other hand, you are right to have fears about computer security. The software industry has favored quantity over quality for a very long time. The tools the attackers have keep getting more sophisticated. The tools that the good guys have do not. I think Linus is right. Corporations are going to just try to wallpaper over the flaws until someone/something makes things change. If ever.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
Calder
Posts: 204
Joined: Fri Apr 24, 2015 1:34 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Fri Jan 05, 2018 5:05 pm

Interesting!

I heard a rumor about a flaw in kernel memory and SpecEx on Intel chips a week and a half ago, but I didn't think anything would come of it, and certainly not this far reaching.

I'm super excited to see that ARM processors are also vulnerable. My fingers are crossed that the smartphone development crowd can use these to crack some bootloaders!
C. T.
 
solarflyer22
Posts: 1517
Joined: Wed Nov 25, 2009 7:07 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Sun Jan 07, 2018 3:20 am

Revelation wrote:
solarflyer22 wrote:
It doesn't strike you as odd that both American made CPUs have an enormous vulnerability that are around 22 years old? That these vulnerabilities could be used to expose the Kernel and essentially anything the CPU is doing circumventing security at the firmware, OS and application level? That no virus scanner could even dream to catch or stop anything using this exploit? And that if someone had been aware of these exploits, they could have been using it to spy on people fairly easily? Doesn't also seem odd that it was introduced in the 90s around the time certain 3 lettered agencies started to get very sophisticated with their spying right as Windows 95 made PCs universal?

It looks like a planted exploit IMO and we know for a fact certain representatives at NIST were planting trojans. It impacts Mac OS as well. It does not impact Russian or Chinese military hardware which surprise, surprise, doesn't use x86 architecture. Sure its slower but trust me, someone knew this was out there in the wild a long time ago.

Ha ha ha ha ha ha ha ha ha ha!

Nope, I was there working on this kind of tech in the 90s ( ref: https://en.wikipedia.org/wiki/Alpha_212 ... _execution ) and we were working so damn hard just to get it to work right we gave no thought to side channel timing attacks. Even if it was a theoretical possibility, no one would know how to exploit it well enough to use it, never mind how to implant it in a way that would make it exploitable.

Yet in another way, you are right. IMHO if NSA/CIA/FBI/NIST/whatever asked any of the US chip makers for a back door they would get a back door, and it would not be a subtle timing attack, it'd be a back door with a masked location but with much more direct usefulness than a subtle timing attack. I.e. it'd look more like the LOM chips we know all servers have and are pretty much the ideal thing someone like NSA/CIA/whatever would want on every server motherboard. It's a one stop shop for hacking because it has its own CPU to run the hacked code so it's invisible to the code running on the server itself, and it has access to the server's memory and network interfaces.

So, if you want to cook up a conspiracy theory go for it, but IMHO you're barking up the wrong tree.

If you want to sound more informed, go read Snowden's leaks. They are the real deal, for better or for worse. Or does your conspiratorial mind think that everything Snowden leaked was stuff that the NSA wanted us to have? If so, ha ha ha ha ha ha ha ha ha ha!


I did read the Snowden leaks and I knew they stacked NIST with spies and paid off industry experts in electrical engineering. That's also how I knew about their intrusion into the hardware domain. The Chinese/Soviet military hardware doesn't use x86, like a S400 SAM battery. I don't think they are clones either.

You're saying it comes down to sloppy programming in the 1990s fine but in that era transistor sizes were still following Moore's law and were doubling every two years. Why would you throw in speculative processing on the CPU level for not one but 2 makers at exactly the time the hardware gains were peaking? Then turn around and forget about it for 22 years throwing an exploit into literally every device and basically just say our defense is that its too hard for someone to use. Even worse, this affects cloud tenants so you could in theory cross tenants and get someone else's data.

A CPU exploit is the holy grail. Maybe it required additional planted HW to exploit but the fact that Snowden didn't know about it is the only reason in my mind to think it slipped through.
 
salttee
Posts: 3149
Joined: Wed Jul 13, 2016 3:26 am

Re: Intel processor design flaw forces Linux, Windows redesign

Sun Jan 07, 2018 4:54 am

solarflyer22 wrote:
Why would you throw in speculative processing on the CPU level for not one but 2 makers at exactly the time the hardware gains were peaking?

Because at about that time they had gotten the mask size down to under 20 microns and they had the board real estate for such a feature. These recently discovered "vulnerabilities" are purely theoretical in nature. Nobody has found a way to "exploit" them. You would have to have pretty tight control of the processor and know the unknowable before you could make use of blind snatches of code. I am of the opinion that the Intel engineers made the correct engineering assessment back then, those "exploits" aren't really exploits. They're mostly 21st century clickbait.
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Sun Jan 07, 2018 1:01 pm

solarflyer22 wrote:
You're saying it comes down to sloppy programming in the 1990s fine but in that era transistor sizes were still following Moore's law and were doubling every two years. Why would you throw in speculative processing on the CPU level for not one but 2 makers at exactly the time the hardware gains were peaking? Then turn around and forget about it for 22 years throwing an exploit into literally every device and basically just say our defense is that its too hard for someone to use. Even worse, this affects cloud tenants so you could in theory cross tenants and get someone else's data.

A CPU exploit is the holy grail. Maybe it required additional planted HW to exploit but the fact that Snowden didn't know about it is the only reason in my mind to think it slipped through.

I suggest you read #9 again.

You are making the mistake of lumping two things together and treating them as one.

The first, Meltdown, is a programming bug in the logic of the speculative execution engine. The reason it's not just another bug is that you can't field update this logic, so we need to find workarounds instead of fixes.

The second, Specte, is a property of speculative execution. It exists in every processor that has speculative execution. That includes processors that you are familiar with such as Intel and AMD and ARM, and even those that you don't hear much about such as POWER or MIPS and those that aren't being actively developed any more such as SPARC and Alpha.

A good description:

Meanwhile a second class of attacks is being called Spectre, and the number of processors at risk for exploitation is even wider. Essentially every high-performance processor ever made – Intel, AMD, ARM, and POWER – is thought to be vulnerable here. Like Meltdown, a Spectre attack abuses speculative execution in order to glean information that should be restricted. What makes Spectre different however is that it’s a less-straightforward but much more insidious attack; whereas Meltdown is based on abusing specific implementations of speculative execution, Spectre can be thought of as a (previously unknown) fundamental risk of speculative execution, one that can now be weaponized. Spectre requires more setup work to coerce a target application to leak information, but the fundamental nature of the risk means that Spectre is currently considered harder to mitigate, and in general is not as well understood.

Ref: https://www.anandtech.com/show/12214/un ... nd-spectre

So, sorry but no conspiracy theory. One bug by Intel, and one fundamental issue that impacts all superscalar implementations.
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own
 
User avatar
Aesma
Posts: 13114
Joined: Sat Nov 14, 2009 6:14 am

Re: Intel processor design flaw forces Linux, Windows redesign

Sun Jan 07, 2018 2:14 pm

I'm not an expert at all, although I'm sure I'll be tasked to update some servers I'm managing, but from my limited understanding, these flaws appear very difficult to exploit. They're still problematic and I sure hope Intel, AMD and ARM are already reviewing their about to be released processors to correct it, but I'm not that worried.

Still, I'll accelerate my plan to have a purely offline computer to store my cryptocurrencies...
New Technology is the name we give to stuff that doesn't work yet. Douglas Adams
 
salttee
Posts: 3149
Joined: Wed Jul 13, 2016 3:26 am

Re: Intel processor design flaw forces Linux, Windows redesign

Sun Jan 07, 2018 3:13 pm

Aesma wrote:
Still, I'll accelerate my plan to have a purely offline computer to store my cryptocurrencies...

DING!
 
User avatar
Revelation
Topic Author
Posts: 24293
Joined: Wed Feb 09, 2005 9:37 pm

Re: Intel processor design flaw forces Linux, Windows redesign

Tue Jan 09, 2018 1:29 am

Pretty interesting 'story behind the story' -- https://www.bloomberg.com/news/articles ... s-meltdown
Wake up to find out that you are the eyes of the world
The heart has its beaches, its homeland and thoughts of its own
Wake now, discover that you are the song that the morning brings
The heart has its seasons, its evenings and songs of its own

Who is online

Users browsing this forum: casinterest, kelval, mchei, skyservice_330, Tugger, VolvoBus and 50 guests

Popular Searches On Airliners.net

Top Photos of Last:   24 Hours  •  48 Hours  •  7 Days  •  30 Days  •  180 Days  •  365 Days  •  All Time

Military Aircraft Every type from fighters to helicopters from air forces around the globe

Classic Airliners Props and jets from the good old days

Flight Decks Views from inside the cockpit

Aircraft Cabins Passenger cabin shots showing seat arrangements as well as cargo aircraft interior

Cargo Aircraft Pictures of great freighter aircraft

Government Aircraft Aircraft flying government officials

Helicopters Our large helicopter section. Both military and civil versions

Blimps / Airships Everything from the Goodyear blimp to the Zeppelin

Night Photos Beautiful shots taken while the sun is below the horizon

Accidents Accident, incident and crash related photos

Air to Air Photos taken by airborne photographers of airborne aircraft

Special Paint Schemes Aircraft painted in beautiful and original liveries

Airport Overviews Airport overviews from the air or ground

Tails and Winglets Tail and Winglet closeups with beautiful airline logos