Hot news - Major flaw in Intel CPUs

43 replies [Last post]
Time4Tea
Offline
Joined: 07/16/2017

In the news today:

https://techcrunch.com/2018/01/03/a-major-kernel-vulnerability-is-going-to-slow-down-all-intel-processors-2/

It seems that a serious flaw has been discovered in Intel chips, which allows userspace processes to potentially access kernel memory areas that are supposed to be protected. Both Windows and Linux developers are scrambling to patch the flaw, which is apparently going to reduce performance by up to 30%. Bad stuff.

I haven't been able to find a definitive list of precisely which Intel chips will be affected (please post if anyone can find it). Seems like another good reason to avoid Intel, if we can.

I. Khider
Offline
Joined: 01/19/2013

As if Intel directly supporting appartheid wasn't enough.
https://www.stopthewall.org/2005/08/05/boycott-intel-products-setting-factory-palestinian-stolen-lands
But you know, tech over lives, right?

Time4Tea
Offline
Joined: 07/16/2017

This article in PC World provides some interesting details:

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

It seems like the kernel developers are keeping the details under wraps until they get the fix released; however, the article suggests that the issue will probably affect all 64-bit Intel CPUs and older ones may be affected more than newer ones (which may not be a good thing for fully free systems using Core 2 Duos).

'The Core i7-8700K saw a massive performance decrease in FS-Mark 3.3 and Compile Bench, a pair of synthetic I/O benchmarks.' --- yuck!

I. Khider
Offline
Joined: 01/19/2013

Intel is a big company with a lot of smart people working for them. This bug fix is likely just banged out as a stop-gap. I am sure they will come out with a more efficient solution over time to make the performance decrease negligible. Obviously this sucks now but great solutions are not always possible on short notice.

Time4Tea
Offline
Joined: 07/16/2017

From what I read in the news articles, it sounds like the issue is a flaw in the chip design, which can't be simply fixed by updating the microcode. In which case, the only way that Intel can fix it is with a new chip design, which will almost certainly include their horrible Management Engine.

Not good news for free computing. I think this highlights even more how much we need viable alternatives to Intel. :-(

s1lv3r
Offline
Joined: 10/29/2017

daaaaamn this is so bad for us,i just read the news

vita_cell
Offline
Joined: 07/19/2015

This is what happens when you gift ME(Spywarement Engine), Intel Boot Guard(Backdoor Boot Guard), AMT(Active NSAgement Engine) with your chips.

PowerPC is the way to go on desktop or laptops.

I. Khider
Offline
Joined: 01/19/2013

You mentioned Talos, but it is not really available per purchase yet, is it? Also, there is an issue with graphics cards too. Which ones will go with power PC if you have graphics (intensive) related tasks?

https://www.raptorcs.com/TALOSII/ <---that is what you are talking about.

vita_cell
Offline
Joined: 07/19/2015

You are right.

But when I say PowerPC I mean everything with PowerPC, not only TalosII. Computers like Powermac with 2 CPUs (I have one)(yes I know is crApple). Also project like:

https://www.powerpc-notebook.org/en/

The problem is, obviously GPU, PowerPC won't have Intel integrated GPU, AMD chips need blob for work, and newest Nvidia need signed firmware (I don't know if these chips works fine without signed firmware).

I. Khider
Offline
Joined: 01/19/2013

Well that's a problem that needs to be adressed. There are bigger demands now and these manufacturers need to think about graphics, not just CPU's.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Spectre has nothing to do with 'Management Engines" and the like. It deals with "speculative execution" (e.g., "branch prediction") that aims at faster executions: https://en.wikipedia.org/wiki/Speculative_execution

The POWER architecture uses speculative pipelines too: https://en.wikichip.org/wiki/ibm/microarchitectures/power9 (see "Speculative" in the info box). I believe researchers only verified Intel/AMD and ARM architectures because they are far more widespread. POWER processors are probably affected too.

ivanB1975
Offline
Joined: 08/29/2017

AMD processors seem not affected.

I. Khider
Offline
Joined: 01/19/2013

Word. But AMD gots to free the GPU code, son. Let my drivah's growww!

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010
SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

If I understand it correctly there are three vulnerabilities, two spectre and one meltdown bugs. Intel processors are affected by all of them and on all operating systems. AMD is affected by one spectre vulerability only on GNU/Linux and only if you use non-default kernel settings. Correct me if I am wrong.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

As far as I understand, there are two vulnerabilities, Meltdown and Spectre, but two different ways to exploit Spectre were shown. And Spectre cannot be solved through software (so no kernel configuration helps, neither does a firmware update): only the next generation of CPUs will be immune.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

It might be senility or I suddenly can not understand English, so I will just copy and paste here..

The bounds check bypass has also been shown to read kernel memory on Intel and AMD processors. Importantly, this does not work on AMD processors in default configurations. The proof-of-concept requires BPF JIT to be manually enabled in the Linux kernel for AMD processors. (It is not, by default.) The tested Intel processor was vulnerable independent of the BPF JIT setting.

https://www.techrepublic.com/article/massive-intel-cpu-flaw-understanding-the-technical-details-of-meltdown-and-spectre/

And this is from the goobles zero study directly:

A PoC for variant 1 that, when running with normal user privileges under a modern Linux kernel with a distro-standard config, can perform arbitrary reads in a 4GiB range [3] in kernel virtual memory on the Intel Haswell Xeon CPU. If the kernel's BPF JIT is enabled (non-default configuration), it also works on the AMD PRO CPU.

And yep, the variant one is -> Variant 1: bounds check bypass (CVE-2017-5753)

That is the only one exploit AMD says it can represent a problem for their CPUs, meltdown does not affect it due to architecture differences and the second variant according to AMD has "near zero risk of exploitation".

If so, I am a happy guy :)
Well, in each case it would appear that exploiting spectre is quite tough and to my understanding nowhere near as grave as meltdown.

Imagine how nice must it be to have a ready cross-platform exploit for every single Intel CPU ever made for 20 years.. Not that I wish to imply that Intel did this on purpose or to gain single core performance advantage over AMD. :P

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I indeed did not understand it right. There are currently three demonstrated ways to do a Spectre attack. AMD is quite fine ("near zero risk") after a kernel patch solves one of these ways (which can therefore be solved through a software update, unlike the other ways): https://www.amd.com/en/corporate/speculative-execution

However, https://spectreattack.com/spectre.pdf says:

Further attacks can be designed by varying both the method of achieving speculative execution and the method used to leak the information. Examples of the former include mistraining return instructions or return from interrupts. Examples of the latter include leaking information through timing variations or by generating contention on arithmetic units.

It looks like all modern processors (including AMD's) will be at risk. Without a way to solve the problem through software updates.

Well, in each case it would appear that exploiting spectre is quite tough and to my understanding nowhere near as grave as meltdown.

Well, Meltdown is grave (any data in the RAM can be read at a rather high speed)... but can be solved once and for all with the KPTI patch (accepting performance regressions). A Spectre attack only allows to read data in the kernel space (but there are private keys there!) at a slower speed (50 times slower than Meltdown according to the original publications). Nevertheless, it basically affects all processors in use and cannot be entirely solved by software update. In the medium/long term, it looks far more problematic than Meltdown: to be immune, everybody will have to throw their current hardware and spends money on a newer processors that do not exist yet!

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>I indeed did not understand it right.

Yeah, me too (and I even read, well read not understood, the pdf from goobles0)

What I find interesting is the wording from AMD's post about the issue, I guess they don't know fore sure yet. We'll see.

ivanB1975
Offline
Joined: 08/29/2017

Here better information: https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Also arm cpus are affected and amd as well.

ivanB1975
Offline
Joined: 08/29/2017

Time for risc?

RMK
RMK
Offline
Joined: 07/23/2016

There are two distinct, albeit related, CPU vulnerabilities making recent news. One of them, "Meltdown," is Intel-specific. The other, "Spectre," is present in all recent Intel, AMD, and ARM CPUs (and potentially, any CPU that uses branch prediction and speculative execution). Meltdown can be repaired with kernel updates (there's already a patch for it in the Linux source repository), but the fix can slow performance by as much as 30%. Spectre is a more difficult vulnerability to exploit, but it has no fix short of replacing the CPU outright. Apparently not even a microcode update will suffice--Spectre is a flaw in the fundamental hardware design.

I think Spectre may be the greater cause for concern in the libre-software community. A lot of us are using relatively old Intel CPUs that predate the Intel Management Engine, but Spectre is thought to be present in ALL modern CPUs designed by Intel, AMD, and ARM, and the only fix for it is to replace the processor. And of course, replacing your CPU with a new one from Intel or AMD is going to get you the Intel ME or the AMD PSP.

NYT article: https://www.nytimes.com/2018/01/03/business/computer-flaws.html

The Guardian article: https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainer

Google Project Zero blog post, with links to the Meltdown and Spectre papers: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Time4Tea
Offline
Joined: 07/16/2017

This is a great reply - thank you for providing these details. Yes, I agree that Spectre seems to be a big concern for free computing. Does anyone know what the implications may be for the EOMA68 project? I assume POWER9 isn't affected, as I haven't seen it mentioned anywhere?

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I believe the researchers only verified Intel/AMD and ARM architectures because they are far more widespread. POWER9 processors use speculative pipelines: https://en.wikichip.org/wiki/ibm/microarchitectures/power9 (see "Speculative" in the info box). That is why I believe Spectre affects them, like all modern processors.

Time4Tea
Offline
Joined: 07/16/2017

I think the best thing that can come out of this mess is an increased drive to develop viable alternatives to Intel/x86.

(Edit: Linus has had a nice rant about it: http://uk.businessinsider.com/linus-torvalds-linux-inventor-is-furious-at-intel-2018-1?r=US&IR=T)

I. Khider
Offline
Joined: 01/19/2013

Pretty much this is the case, alternatives to the juggernauts who are actively against software freedom and all about cosolidating control and power, must be built. AMD and Intel can easily make free (as in freedom) friendly hardware (or not exploit labor or build fabrication plants on stolen land), even though they know there are issues with proprietary software and security-through-obscurity means and violating human rights on all levels. The rest of the world could care less about 30% performance cut in CPU's power or lack of software freedom; a tweet from Trump will make headlines and the world moves on. I/We continue to beg/plead hardware manufacturers to make something libre friendly or release graphics drivers, and they continually ignore. It would be great to pay them in their own coin. There is a demand for free soft/hardware, so let us fulfill that demand. Talos is a step, but that is all it is. If my next hardware upgrade is freedom friendly, we have made progress.

ariellab
Offline
Joined: 02/19/2015

So Windows, linux kernel, iOS, macOS are all getting patches to help mitigate until we can get all new chips lol. Can anyone tell me if the Trisquel update engine has picked up anything for itself or will soon? I just want to do what I can for my Ministry of Freedom Libreboot Trisquel Lenovo laptop. :)

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

They are getting patches against Meltdown. No software (including firmware) update can solve Spectre.

ariellab
Offline
Joined: 02/19/2015

Oh! But according to:

---
https://spectreattack.com/#faq-fix

Is there a workaround/fix?
There are patches against Meltdown for Linux ( KPTI (formerly KAISER)), Windows, and OS X. There is also work to harden software against future exploitation of Spectre, respectively to patch software after exploitation through Spectre ( LLVM patch, ARM speculation barrier header).
---

I guess "hardening" isn't patching? ;)

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Hardening is, well, making harder, not impossible, to make a Spectre attack, whereas the KPTI patch makes Meltdown attacks impossible... at the cost of a performance penalty.

But, yes, you are right, "hardening" is "modifying the code, i.e., patching.

jxself
Offline
Joined: 09/13/2010

Everyone is having a meltdown over meldown because Canonical has not released fixes yet.

The bigger question is: When will Canonical fix it in Ubuntu? Trisquel inherits security updates from Ubuntu so *THAT* is the question you really want to be asking.

ariellab
Offline
Joined: 02/19/2015

Good thinking! Thanks! That's what I'll look for.

ariellab
Offline
Joined: 02/19/2015

https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

Ubuntu users of the 64-bit x86 architecture (aka, amd64) can expect updated kernels by the original January 9, 2018 coordinated release date, and sooner if possible. Updates will be available for:

Ubuntu 17.10 (Artful) — Linux 4.13 HWE
Ubuntu 16.04 LTS (Xenial) — Linux 4.4 (and 4.4 HWE)
Ubuntu 14.04 LTS (Trusty) — Linux 3.13
Ubuntu 12.04 ESM** (Precise) — Linux 3.2
Note that an Ubuntu Advantage license is required for the 12.04 ESM kernel update, as Ubuntu 12.04 LTS is past its end-of-life

Ubuntu 18.04 LTS (Bionic) will release in April of 2018, and will ship a 4.15 kernel, which includes the KPTI patchset as integrated upstream.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

What? Why would it take so long? Debian released the patched kernel for meltdown on January 4.

Alexander Stephen Thomas Ross
Offline
Joined: 09/18/2012

Re EOMA-68 computer cards & devices. Luke has opportunity for some
interesting cpu cards and theres a team developing risc cpus in India
which i believe have a mandate and the money from the gov to make free
cpu’s targeted for things like laptops and other computers a society needs.

See for india risc cpu details:
http://lists.phcomp.co.uk/pipermail/arm-netbook/2017-December/015062.html

GrevenGull
Offline
Joined: 12/18/2017

When I click on the techcrunch link in your post I just get redirected to this post, anyone else got this issue?

edit

Also your pcworld-link gets me redirected to this thread.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

I guess their HTML foo is even worse than mine :P

Just highlight the link with your mouse and copy it and paste it in your url bar

GrevenGull
Offline
Joined: 12/18/2017

HTML who? :p

Time4Tea
Offline
Joined: 07/16/2017

Yes, sorry, I keep doing this ...

I thought that www.link.com should give a hyperlink to that address, but it doesn't. Unfortunately, it seems that it is also not possible to edit a post on the forum here, unless it is a reply to someone else's post (which both of my earlier posts containing those links are not).

I'll try to stop doing it in future ... :-(

Time4Tea
Offline
Joined: 07/16/2017

God, my html skills are truly terrible. How do I quote some html code, without it being interpreted? Arg!

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

It should work. One one your extension must interfere. Disable them and see. Then, by disabling half of them, then half of the incriminated half, ... you can spot the problematic extension.

Ignacio.Agullo
Offline
Joined: 09/29/2009

Found this series of articles:

*Processor/CPU Speculative Execution Patching on Linux Tutorial* series:

1. How to patch Meltdown CPU Vulnerability CVE-2017-5754 on Linux

2. How to patch Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on
Linux

3. How to check Linux for Spectre and Meltdown vulnerability

4. How to install/update Intel microcode firmware on Linux

I find the last part to be disturbing. It is listed in the series
even though it doesn't mention Meltdown or Spectre, as it was a
requirement to patch them.

Why updating the Intel microcode firmware would be disturbing to
me? Because my computer is Librebooted and...:

"Coreboot does distribute microcode updates for Intel and AMD CPUs, but
libreboot cannot, because the whole point of libreboot is to be 100%
free software ."

--
Ignacio Agulló · name at domain

seutin
Offline
Joined: 12/18/2017

security: a software patch can always be exploited or reversed. Hardware fixes are much more secure !!!

what you think about this?

Jodiendo
Offline
Joined: 01/09/2013

well if I'm hungry! I do scoffer from a software patch , because my brains think of a good meal. but if I suffer a security breakdown in my colon it means a bad digestion, ..about that madness@