Intel bug incoming? Meltdown and Spectre exploits

[AndreiD]

@pete910 Here's the actual spectre release:
1.3 Targeted Hardware and Current Status Hardware.
We have empirically verified the vulnerability of several Intel processors to Spectre attacks, including Ivy Bridge, Haswell and Skylake based processors. We have also verified the attack’s applicability to AMD Ryzen CPUs. Finally, we have also successfully mounted Spectre attacks on several Samsung and Qualcomm processors (which use an ARM architecture) found in popular mobile phones.
Current Status.
Using the practice of responsible disclosure, we have disclosed a preliminary version of our results to Intel, AMD, ARM, Qualcomm as well as to other CPU vendors.

A lot of confusion is going around because AMD isn't affected by Meltdown, but is affected by the 2 other variants.

 

[hedgey]

Fixes are out https://www.neowin.net/news/microsoft-releases-windows-10-builds-16299192-15063850---heres-whats-new

 

[hedgey]

7% slower m.2 Samsung Pro 960 SSD ;/

https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/

 

[Combat squirrel]

Bit naughty Intel making out amd is affected when it isn't. Usual Intel back hand tactics though. They have always been an horrendous company in that way.

 

[gavinh87]

Bit naughty Intel making out amd is affected when it isn't. Usual Intel back hand tactics though. They have always been an horrendous company in that way.

AMD are affected by 2 out of the 3, so not completely immune. ARM are also affected.

 

[Nasher]

Will Microsoft actively put two different versions out (ie AMD and Intel). As far as i understand it, any "fix" will affect both vendors in terms of performance, it just that AMD claim they don't need the fix.

I am not sure how they would get round it either as Windows 10 forces updates on you (pretty much).

Not when you disable the update service and use a script to pick updates manually

 

[DragonQ]

While at the moment with the mainline Linux kernel Git tree AMD CPUs enable x86 PTI and are treated as "insecure" CPUs, the AMD patch for not setting X86_BUG_CPU_INSECURE will end up being honored.

The patch covered in the aforelinked article has not been merged through to Linus Torvalds' Git tree. Instead, as of a short time ago, is now living within the tip/tip.git tree. In there is also defaulting PAGE_TABLE_ISOLATION to on and other recent fixes around x86 Page Table Isolation (PTI) support.

But what remains to be seen is if this work will be pulled into Linux 4.15 Git or not. We're within three weeks of the executed debut of Linux 4.15.0 stable and it isn't clear if these tip changes will be requested to be pulled into Linux 4.15 or be postponed until the start of the Linux 4.16 kernel merge window, since the safe bulk of the x86 PTI work is already in Git master. Right now the branch name doesn't indicate it's in any fixes/urgent queue nor has there been any pull request yet asking Torvalds to take it into his repository: normally tip.git master is with material for linux-next.

So we'll have to see what ends up happening in the days ahead, but regardless, at least the "AMD patch" is now sitting within a known tree that will eventually flow into the mainline Linux tree whether it be 4.15 or 4.16.

Looks like it's already merged to master, so I assume AMD CPUs will not be affected by performance regressions on Linux at least?

AMD are affected by 2 out of the 3, so not completely immune. ARM are also affected.

AMD seems to think their CPUs are only affected by one of the three, and with negligible performance impact. Are you considering "Branch Target Injection" as "affecting" AMD CPUs?

 

[Phage]

AMD Press release.

Variant One Bounds Check Bypass : Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two Branch Target Injection : Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three Rogue Data Cache Load : Zero AMD vulnerability due to AMD architecture differences.

https://www.amd.com/en/corporate/speculative-execution

 

[AndreiD]

For variant 2 they didn't test Zen if I'm not mistaken but all of Bulldozer was found vulnerable. We'll probably get some news if Zen is found vulnerable to variant 2.
Seems there is some conflicting info from manufacturers though, AMD and Intel believe that they can tackle spectre via updates while researchers think it can't be fixed via kernel or microcode updates, only via future hardware revisions. Going to be interesting to see how that develops because spectre is just a new class of vulnerabilities.

 

[AndreiD]

Also hardwareunboxed tested the meltdown kernel patch Windows version:
https://www.youtube.com/watch?v=_qZksorJAuY&feature=youtu.be
Seems performance is unaffected for the most part, only NVMe SSD speeds incur a small penalty.

 

[stockhausen]

Interesting. Google found out about this a year ago and demonstrated a cross VM attack.

It seems odd in the extreme that Google have known about this for some time and yet the issue seems only to have surfaced in the past few days. How long have Intel & Microsoft known about it I wonder?

If Intel have known about it for a while & avoided disclosure in order to maintain their share price, could this be of interest to the US regulatory authorities?

 

[V F]

Fixes are out https://www.neowin.net/news/microsoft-releases-windows-10-builds-16299192-15063850---heres-whats-new

I ran CPU Mark before and after the update on a ThinkPad with a Core i5 at 2.6-GHz. The CPU Mark score was only 1% lower overall, after the update. The surprising thing was that single threaded score was 20% lower. This may have a noticeable impact on the performance of some games that run primarily single core. We'll see what other people report over time, as their machines are patched.

Crysis.

 

[DavidS14]

I've read that the Intel CEO now only owns the absolute minimum of Intel stock he contractually has to own and sold the rest off last year (looks like Google found the issue in June 17) ?

I would think that Google would let the affected parties know pretty quickly after discovering the issue.

 

[Silent_Scone]

Also hardwareunboxed tested the meltdown kernel patch Windows version:
https://www.youtube.com/watch?v=_qZksorJAuY&feature=youtu.be
Seems performance is unaffected for the most part, only NVMe SSD speeds incur a small penalty.

Would need to be tested again after the ucode update from MB vendors. Honestly, how some of these youtubers don't realise this is pretty bad IMO. It's pretty evident that firmware is a part of the problem? That said, it's not likely to change much for the tests in the video.

 

[Jono8]

It seems odd in the extreme that Google have known about this for some time and yet the issue seems only to have surfaced in the past few days. How long have Intel & Microsoft known about it I wonder?

If Intel have known about it for a while & avoided disclosure in order to maintain their share price, could this be of interest to the US regulatory authorities?

They hadn't disclosed it because they didn't have a fix. I believe this has been leaked slightly ahead of the planned fixes.

 

[DragonQ]

Would need to be tested again after the ucode update from MB vendors. Honestly, how some of these youtubers don't realise this is pretty bad IMO. It's pretty evident that firmware is a part of the problem? That said, it's not likely to change much for the tests in the video.

Testing without any potential microcode update is perfectly valid. There are millions of chips out there that will never get such a microcode update. Kaby Lake and Skylake-X onwards probably will, Skylake onwards might depending on if your Z170 motherboard actually still gets BIOS updates. Broadwell and older are almost certainly stuffed.

 

[stockhausen]

They hadn't disclosed it because they didn't have a fix. I believe this has been leaked slightly ahead of the planned fixes.

Not entirely my point. What will be interesting is the investigations into share dealing over the past 12 months or so.

I know two people (in the UK) who got caught up in such investigations. One headed up a Mergers and Acquisitions team at one of the large Accountancy firms and the other sold off an AIM listed company. The former was investigated for years and lost a very senior role even though nothing was ever proven against him and the latter was cleared pretty quickly.

 

[Hades]

They hadn't disclosed it because they didn't have a fix. I believe this has been leaked slightly ahead of the planned fixes.

...quite handy for the Intel CEO to give him time to shed his shares in an orderly, legal, fashion.

 

[SiDeards73]

...quite handy for the Intel CEO to give him time to shed his shares in an orderly, legal, fashion.

Dont they have certain windows and time frames to sell shares? they cant just wake up one day and say "screw it im selling my shares" as it affects the companies market position etc... as far as im aware it is all pre-planned well in advance and heavily regulated to stop insider tradings etc.

I think the whole share thing is a red herring and is probably being used to finger point and create more drama and hysteria, i think you'll actually find the share thing is a total non issue.

 

[Hades]

Dont they have certain windows and time frames to sell shares? they cant just wake up one day and say "screw it im selling my shares" as it affects the companies market position etc... as far as im aware it is all pre-planned well in advance and heavily regulated to stop insider tradings etc.

I think the whole share thing is a red herring and is probably being used to finger point and create more drama and hysteria, i think you'll actually find the share thing is a total non issue.

Yes they do have a window. But if Intel knew of the issue a year ago (via Google) then it allowed the CEO to plan for selling as many shares as he could get away with during that window.