• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel bug incoming? Meltdown and Spectre exploits

AndreiD said:
When you have 99% of the market like Intel does for datacenter, there's a lot more interest in finding vulnerabilities for their architectures than the others which are ~1%.
This is good since it pushes some more security focused companies to avoid Intel and give others a chance, but once AMD & ARM server chips start gaining more market share all bets are off on which chips are more "secure".
Click to expand...

When Ryzen was just a rumour there was an article explaining China was going to be switching from Intel to AMD citing far better security on AMD's up coming Chips, this incidently was also long before Meltdown and Spectre was in the news.

On that now a Chinese company called Hygon are licencing the Zen architecture from AMD, which is also 30% owned by AMD, the reason being is China no longer wants anything to do with western processors.

So this is away for China to make their own X86 CPU's while AMD still benefit from licencing Zen and the 30% share in the company, Intel being western CPU's are going to get pushed out.

Watch that space its going to be very interesting.
 
@ltron What's speculation? That CPUs with high market share are subject to more scrutiny?
You're right that ARM was also examined and Meltdown was originally discovered by TU Graz on ARM processors, then it ended up being applicable to others (X86 Intels & IBM Power).
Even the fresh example of SpectreRSB was only tested on Intel architectures (specifically Haswell and Skylake), AMD & ARM also use RSBs but the researchers who discovered the vulnerability didn't test it on AMD/ARM hardware.
 
AndreiD said:
@ltron What's speculation? That CPUs with high market share are subject to more scrutiny?
You're right that ARM was also examined and Meltdown was originally discovered by TU Graz on ARM processors, then it ended up being applicable to others (X86 Intels & IBM Power).
Even the fresh example of SpectreRSB was only tested on Intel architectures (specifically Haswell and Skylake), AMD & ARM also use RSBs but the researchers who discovered the vulnerability didn't test it on AMD/ARM hardware.
Click to expand...

Thats a bit conflated, there is ARM IP embedded in both AMD and Intel Silicon, they are access controllers used for updating microcode and the argument was that you could access these controllers and change the microcode to benefit yourself, IE hack.
on both the Intel and AMD systems the only way you could actually do that was to be physically at the machine, like flashing the BIOS locally.
Both Intel and AMD mitigated that, what was a very minor security risk pretty much right away.

Beyond that Intel have far deeper routed problems that can be exploited remotely, so far AMD are secure against all of them

This meme sums this recycled old argument up perfectly/

P11r4ry.jpg
 
The Co-Founder of OpenBSD, a free multi-platform 4.4BSD-based UNIX-like operating system drops Hyper-Threading Support to Mitigate Foreshadow Attacks.
https://marc.info/?l=openbsd-tech&m=153504937925732&w=2

OpenBSD, one of the most secure OS out there will no longer utilize Hyper-threading for Intel processors because of the Foreshadow security issues (TLBleed and T1TF).

"SMT is fundamentally broken because it shares resources between the two cpu instances and those shared resources lack security differentiators."
"Furthermore, Intel isn't telling us what is coming next, and are doing a terrible job by not publically documenting what operating systems must do to resolve the problems."
 
NinjaCool said:
The Co-Founder of OpenBSD, a free multi-platform 4.4BSD-based UNIX-like operating system drops Hyper-Threading Support to Mitigate Foreshadow Attacks.
https://marc.info/?l=openbsd-tech&m=153504937925732&w=2

OpenBSD, one of the most secure OS out there will no longer utilize Hyper-threading for Intel processors because of the Foreshadow security issues (TLBleed and T1TF).

"SMT is fundamentally broken because it shares resources between the two cpu instances and those shared resources lack security differentiators."
"Furthermore, Intel isn't telling us what is coming next, and are doing a terrible job by not publically documenting what operating systems must do to resolve the problems."
Click to expand...

Oh dear..... :eek:

Eh well, more EPYC sales for AMD.... (pun intended) ;)
 
Except a lot of people are taking the need to disable HT/SMT out of context, it's only for a very specific use case, but I forgot most of this forum apparently are hosting their own VM cloud services.
It's the same with every single other Spectre mitigation, there is a performance impact, but in very specific non-consumer use cases and a lot of people are just taking that out of context and running with it.
 
AndreiD said:
Except a lot of people are taking the need to disable HT/SMT out of context, it's only for a very specific use case, but I forgot most of this forum apparently are hosting their own VM cloud services.
It's the same with every single other Spectre mitigation, there is a performance impact, but in very specific non-consumer use cases and a lot of people are just taking that out of context and running with it.
Click to expand...
Technically even the use cases that are least affected are at least affected in a measurable way (1-6% for gaming I believe, depending on the game). But yes, you're right that for most consumers the impact is lower. PCIe SSDs will look worse in benchmarks but that will probably not affect consumer workloads noticeably, for example. The problem is that it breeds a lack of confidence in their products, and rightfully so. Enterprise and especially cloud computing is a huge market and Intel have had a pretty terrible year so far in that sector.

Also, out of interest, will FreeBSD be disabling SMT on AMD chips too?
 
NinjaCool said:
AMD processors are not affected by Foreshadow due to their hardware paging architecture protections so FreeBSD will not disable SMT on AMD chips.
Click to expand...
Yes but part of their reasoning was that further issues are likely to crop up down the line, which could potentially affect either manufacturer, hence my question. Thanks for answering it though.
 
DragonQ said:
Yes but part of their reasoning was that further issues are likely to crop up down the line, which could potentially affect either manufacturer, hence my question. Thanks for answering it though.
Click to expand...
I see sorry but yes, these security issues are a problem for both AMD and Intel since we simple don't know what issues will pop up next time.
But we can see from all the ongoing issues that Intel is the one getting hit the hardest, so that is something to note, especially if security is a concern.
 
AndreiD said:
Except a lot of people are taking the need to disable HT/SMT out of context, it's only for a very specific use case, but I forgot most of this forum apparently are hosting their own VM cloud services.
It's the same with every single other Spectre mitigation, there is a performance impact, but in very specific non-consumer use cases and a lot of people are just taking that out of context and running with it.
Click to expand...

You don't have to be a cloud hosting provider to want to use VMs; for example they are convenient for trying out untrusted software and the like. Of course many users on this forum may be at less advanced end of computing (I really don't know), but I'd rather be aware of the sacrifices that are made in security in the name of performance (even if not immediately applicable to me) than stick my head in the sand.
 
@AmateurExpert You don't need to disable HT if you're using VMs, it's only if you don't have control over the VMs, which is what I mean by it only affects some VM cloud services.
The W10 mitigation pushed out in the last update should be fine for all home users.
 
AndreiD said:
@AmateurExpert You don't need to disable HT if you're using VMs, it's only if you don't have control over the VMs, which is what I mean by it only affects some VM cloud services.
The W10 mitigation pushed out in the last update should be fine for all home users.
Click to expand...

And in my example the whole point is to use the VM for untrusted software where while you are nominally in control of installing the OS, you still can't guarantee full knowledge or control over what's going on (aside from not running anything untrusted on it at all ever, which defeats the point).
 
Good news for Intel users?
TechPowerUp | Posted: 9 October 2018 said:
The new 9th generation Intel Core processors arrived yesterday with a series of improvements made to entice gamers and content creators. These improvements, however, join others that go beyond pure performance. Intel has introduced several architectural changes to fix the infamous Spectre & Meltdown vulnerabilities, and the new processors mitigate most of the variants of these attacks through a combination of hardware, firmware and OS fixes.

The big changes come to two of the six variants of those vulnerabilities. In both "Rogue Data Cache Load" (Meltdown, variant 3) and "L1 Terminal Fault" (Meltdown, Variant 5) vulnerabilities these new processors have hardware fixes that are new and not present on the rest of the current portfolio of Intel chips. This includes the new Xeon W-3175X (Core-X Skylake-X Refresh), which still depend on firmware fixes to mitigate those problems.

61xSbYb.jpg

The "Bounds Check Bypass" (Spectre's Variant 1) will still need to be mitigated by software for the time being, due to the need for deeper architectural changes. With that said, the current hardware fixes that have been implemented improve not only security, but also the performance of these chips. This is thanks to said hardware fixes having practically no impact on performance according to Intel, though we'll have to confirm this on future reviews of the new desktop processors.

https://www.techpowerup.com/248368/intel-fixes-spectre-meltdown-on-new-desktop-processors-core-x-will-have-to-wait
Click to expand...
Original Source: AnandTech
 
Intel CPUs impacted by new PortSmash side-channel vulnerability!
https://www.zdnet.com/article/intel-cpus-impacted-by-new-portsmash-side-channel-vulnerability/

The vulnerability is currently confirmed on Skylake and Kaby Lake CPUs and researchers suspect AMD processors may also be impacted.
"PortSmash impacts all CPUs that use a Simultaneous Multithreading (SMT) architecture, a technology that allows multiple computing threads to be executed simultaneously on a CPU core."
 
You must log in or register to reply here.
Back
Top Bottom