AMD Could Profit from Buffer-Overflow Protection

spin2cool writes "New Scientist has an article about how AMD and Intel are planning on releasing new consumer chips with built-in buffer-overflow protection. Apparently AMD's chips will make it to market first, though, which some analysts think could give AMD an advantage as the next round of chips are released. The question will be whether their PR department can spin this into a big enough story to sell to the Average Joe."

The could profit from overflows too...

[ebuck]

Especially if the buffer is their banking account.

Re:The could profit from overflows too...

[doorbot.com]

Especially if the buffer is their banking account.

Your account might profit too, if your account is next in sequence after AMD's...

AMD needs better marketing

Like IBM with OS/2, they have the better product. They now just need to convince ordinary consumers that this is the case. For some reason, people love that little Intel jingle.

Re:AMD needs better marketing

[ebuck]

I think it was the Intel inside marketing campaign that really did the trick.

Nobody knows if Intel is better, but they don't want a computer that "lacks" Intel inside. They simply guess that if it's inside, it's better than not having it inside.

It is brilliant. It can't be copied or AMD looks like a "me too!" player. It can't be contested because it's just vauge enough to not claim that the machine is any better for having Intel inside, but implies that anything else is somehow inferior.

Re:AMD needs better marketing

[ackthpt]

Don't overdo it. The software has to be compiled to take advantage of this (hence the new version of XP), so just buying a new PC with "WOW! BUFFER OVERFLOW PROTECTION" will generate negative press as people complain, "Hey! I've still got worms! er.. my computer does, not me!" Such gaffes are what competitors live for.

Re:AMD needs better marketing

[Vancorps]

AMD processors have both of those features. AMD has done well at matching Intel feature for feature. Take a look at Opteron for servers. It doesn't help right now that there are a lot of Intel boards that shipped defective. I was replacing backplanes for a solid month just before the New Year. The latest Xeon's really aren't that impressive either. There was a time the Xeon was an incredible processor worthy of running a NOC but now they are hot enough that Opteron and other players look real nice again.

Re:AMD needs better marketing

[Vancorps]

Well just last night my AMD based laptop shut off on me because it got too hot, something stuck in the fan.

As for the other features you mention. You are comparing Desktop processors and server processors. You might note the lack of the Opteron processor in the third party tests you linked to.

Bout two months ago someone came to me with a motherboard and processor, Athlon XP 2600+. They couldn't get it to boot. I took one look at it and realized the heatsink was on backwards, it shut it self down as soon as it got hot enough. I put the heatsink on correctly and the thing booted right up.

As for the PCI locking its a bit harder to vouch for since I don't see a whole lot of information about it, but I sure do recall seeing tests involving the Opteron, if I could find it right now I would, except I'm on dialup now for the first time in six years and its annoying the hell out of me.

Re:AMD needs better marketing

Nobody knows if Intel is better, but they don't want a computer that "lacks" Intel inside. They simply guess that if it's inside, it's better than not having it inside.

I always thought "Intel Inside" was a warning label.

Re:AMD needs better marketing

Intel Inside is a minor part - what cemented Intel was Cyrix. People saw a low cost CPU and got burned for it - then there was no alternative to Intel until the original Athlon which meant that the Pentium and Pentium II were unchallenged.

To this day, the legacy of Cyrix shadows AMD with marketting using the supposed clockspeed rather then actual.

Fact of the matter is that Intel has so much branding, even being behind AMD on a few releases isn't going to do enough to displace Intel from being #1. All AMD is good for is the consumer so that there isn't a monopoly, and competition leads to innovation - otherwise Intel wouldn't have brought x86-64 to the general consumer for years. Not that I blame their logic, but then there wasn't a need to jump to Pentium either - the 486 had a lot still to offer at the time.

Re:AMD needs better marketing

[Neil+Watson]

It's frightening that even vendors believe in marketing. I meet with vendor one day to discuss supplying us with generic computers. I told them that most of our desktops were Durons. They gasped and stated they could not recommend such things. Stating that they would quote us Intel to "ensure stability". I asked them to cite proof that AMD systems were unstable. They could not but implied that it was common knowledge.

Re:AMD needs better marketing

[helzerr]

Stating that they would quote us Intel to "ensure stability".

I bet it had more to do with ensuring their profit margin.

Re:AMD needs better marketing

[dgatwood]

Wait just a second here. Do you mean to tell me that Intel and AMD still don't have no-execute flags for their page tables? Wow, I guess I should be really impressed by the foresight of Motorola and IBM, who put that feature in the PowerPC series of chips back in 1994 (beginning in the PowerPC 603).

I'm actually surprised that there are chips out there that don't have such a feature. In a perverse way, I hope IBM has a patent on it.... :-)

Re:AMD needs better marketing

[RzUpAnmsCwrds]

"versions would for example melt if you removed the cooling"

And, why, exactly, would you remove the heatsink from a CPU while it is running?

Moreover, this was not a flaw in the Athlon. The Athlon, since Athlon XP, has contained a thermal diode to enable safe thermal shutdown. The motherboard that Tom's Hardware used did not have the thermal protection circuitry.

Losing a CPU to "thermal death" was a rare occurance. Most CPUs that experienced "thermal death" had improperly installed thermal solutions (e.g. the clip was not installed properly). A fan failure or failure to use thermal compound (e.g. a pad or grease) would likely not cause damage to the CPU, even without thermal protection. Only a lack of die to heatsink contact (e.g. with an improperly installed shim or a poorly installed heatsink that detached during movement) would likely cause the Athlon to experience "thermal death" ass shown in the Tom's Hardware video.

"whereas Intels even back then would simply slow down"

The Tom's Hardware Guide video was a fake. The CPU temperature never exceeded 30C (look at the thermal probe). Thermal throttle-down on the P4 occurs when the CPU hits 85C. And, yes, the system will crash or simply become completely unusable if the heatsink is removed.

"without cutting too many corners as they have done in the past"

Right. Intel has never cut corners, particularly not with major logic bugs in the Pentium, PII, PIII, P4, and Itanium.

Look, CPUs are not flawless. But the CPU thermal issue you speak of really is not a huge issue. With a properly installed heatsink (like the heatsinks on a computer you would buy from HP or eMachines), it never was an issue. And today every new motherboard has thermal protection.

Tom's Hardware did a disservice to the community and to AMD by taking a relatively minor issue that affected a small number of people and blowing it out of proportion to a huge flaw.

If you read Tom's Hardware for as long as I have, you begin to notice a pattern: Tom is an egotistic nut. He posted one editorial stating that the performance war between Intel and AMD was bad for consumers (hmmm... my $90 Athlon XP 2600+ would seem to refute that, as would sub $200 P4 3.0GHz CPUs). He also says that people buying AMD64 systems are giving AMD a "no intrest loan" because of the lack of availibility of AMD64 operating systems and applications. Apparently, no one told Tom that the Athlon 64 3000+ is *cheaper* than its similarly performing P4 counterpart (in IA-32 applications). And, apparently, no one told Tom that Intel has adopted the same instruction set for its Pentium 4 based 64-bit systems.

I have lost respect for Tom and his publication. Between his hate-filled articles filled with vague statements and mistruths, his constant bashing of AMD (he compared the Athlon XP 3400+, a $450 CPU, to the P4 Extreme Edition, a $900 CPU, and decreed the P4EE the victor because it was marginally faster in 3/4 of the tests), and his suing of other tech websites, Tom has struck out. I only hope that [H]ardOCP doesn't suffer the same fate.

Re:AMD needs better marketing

[Loki_1929]

"I for one had trouble for a while remembering" ... remembering a lot of things.

Like the PIII Coppermine CPUs that wouldn't even boot sometimes.

Or the randomly rebooting PII Xeons.

Or the voltage problems with certain PIII Xeons.

Or the memory request system hang bug in the PIII/Xeon.

Or the PIII's SSE bug whose 'fix' killed i810 compatability.

Or the MTH bug in the PIII CPUs that forced Intel customers to replace boards and RAM.

Or the recalled, that's right, recalled PIII chips at 1.13GHz.

Or the recalled (there's that word again) Xeon SERVER chips at 800 and 900MHz.

Or the recalled (that word, AGAIN?!) cc820 "cape cod" Intel motherboards.

Or the data overwriting bug in the P4 CPUs.

Or the P4 chipset bug that killed video performance.

Or the Sun/Oracle P4 bug.

Or the Itanium bug that was severe enough to make Compaq halt Itanium shipments.

Or the Itanium 2 bug that "can cause systems to behave unpredictably or shut down".

Or the numerous other P4/Xeon/XeonMP bugs that have been hanging around.

Yes, I did consider the possibility that there might just be some basis for the belief that Intel's products are superior. Having considered that, in light of the mountains of evidence to the contrary, I shall now proceed to laugh at you.

Ha ha ha.

Now go away, or I shall mock you again.

Code rewrites going to be needed?

[PornMaster]

I know that people using standard APIs might be fine, but I can't help but wonder how many applications will not work because of it. While there probably aren't many self-modifying code apps out there, there are surely some. Will they be affected?

Re:Code rewrites going to be needed?

[chamilto0516]

Self modifying code apps would be affected. And I think that is a good thing because you would want to ferret out such things in your systems.

Writing self-modifying code was the first thing my Assembler instructor put his foot down and said, "bad idea, don't even think about it." I could see you could do it easily with assembler.

I would entertain listening to cases where self-mod'ing code has its place.

They are NOT protecting against overflows

They are protecting the pages marked as code from the data pages. Code could still overflow, but not use that to execute arbitrary code in the pages marked as data(or non-executable).

Linux support

[nate1138]

AMD's Athlon-64 (for PCs) and Opteron (for servers) will protect against buffer overflows when used with a new version of Windows XP.

This does require some interaction from the operating system in order to work. Hopefully AMD will release enough information to allow this feature to be implemented in Linux.

Re:Linux support

[TheRealFoxFire]

It will likely be in their architecture manual. The summary of the protection is that it allows the OS to mark pages of virtual memory with a No Execute (NX) bit. Attempting to execute any instructions from such a page would cause a trap to the OS.

An OS would then use this to mark pure data page and areas like the stack as NX so that overflowing datastructures doesn't allow arbitrary malicious code to be run.

Re:Linux support

[Tony+Hoyle]

It's been implemented in Linux since about 6 months ago, at least on the amd64 branch.

http://www.x86-64.org/lists/discuss/msg03469.htm l

Securing C++ through hardware

[KingOfBLASH]

I find it interesting that one of the reasons that hardware protection from buffer overflows is needed is because many programs were created using functions in languages that don't properly check array bounds. Programmers really need to learn that either they need to use functions which provide bounds checking if they insist on using a language like C or C++, or they need to program in another language.

(Note: Although many people come down on C++, it's also what functions you use. For instance, while fget() is considered "safe" because you provide a buffer boundry, gets() is considered unsafe. This drives me nuts! We knew how to program to prevent buffer overruns years ago, and they're still a problem!)

Re:Securing C++ through hardware

[DaHat]

I think you are forgetting something though... C and C++ are the most powerful higher level languages that exist today... Why? Because with them... you can easily mess everything up!

Back in college I would defend C/C++ against one of my professors who thought it was the spawn of satan (and oddly though Pascal was/is the greatest language ever) for the simple fact that it gives you the ability to do so many things with few limits.

A hammer cannot only be used to drive in nails or bang a dent out of your car hood... but it can also be used to break your neighbors windows and beat someone to death. Just because a tool CAN be used for ill, doesn't mean the tool is to blame. After all... guns don't kill people... murders/soldiers/hunters/etc do!

Of course they can

[mikeophile]

The question will be whether their PR department can spin this into a big enough story to sell to the Average Joe.

Sure, AMD just has to write a buffer-overflow exploit into a worm that carries the pop-up window message, "If you had and AMD processor, you're hard drive wouldn't be erasing right now."

Ahem...

[cbiffle]

From my reading of the article, this sounds like it's just a new spin on the per-page eXec flag on the AMD64 architecture.

Granted, yes, this is a good thing, but "buffer-overflow protection when used with a new version of Windows XP?" We now have to rely on Microsoft to set the X flag properly...

This has been talked about on Slashdot a lot in the past; the OpenBSD guys in particular are hot on the Opteron because it, like SPARC, provides this protection. Fortunately, this isn't some Windows-specific voodoo; we all stand to benefit from this fundamental fix to the broken Intel VM architecture. :-)

Re:Pathetic

[DaHat]

Wraaaag! Why does everyone keep calling this a Microsoft bug?

Yes... the vast majority of buffer overflow exploits we read about are Microsoft based, however it's not too hard to find software from other providers, yes, even in Linux. Which can suffer from this kind of flaw.

There's no excuse for buffer overflows

[ChiralSoftware]

Remember back in the 60s and before, all cars leaked oil? People just accepted, "Cars leak oil." They didn't realize that it didn't have to be that way.

Then the Japanese started making cars that didn't leak oil. Now, no one would accept a car that leaks oil. People have realized that cars don't have to leak and we shouldn't accept it.

It's the same thing with buffer overflows. People now have this attitude "well, there's nothing you can do. Just write code really carefully. Anyone who makes buffer overflows in his code is just a sloppy coder!"

Nothing could be further from the truth. There is no way anyone can code a large project in plain old C and not make buffer overflows. Look at OpenBSD, who are masters of secure C. They still have buffer problems.

And yet, there is absolutely no reason for code to have any buffer overflows! There are programatic tools, such as virtuams machines (think JVM) and safe libraries which mean that programmers never have to manipulate buffers in unsafe ways.

Putting in hardware-level support for this would be fantastic. It is time for people to change their attitude about what they accept in computers. Crashes and security holes are not inherent aspects of software. Mistakes are inherent in writing code, but these mistakes don't always need to have such disasterous consequences.

---------
Create a WAP server

Re:Pathetic

[eht]

What's about GNU/Linux's bugs or NetBSD's or Sendmail's bugs? This is OS agnostic.

This isn't insightful, it's flamebait and FUD.

the Average Joe doesn't buy processors

[funny-jack]

They buy computers. They don't need to sell the idea to the Average Joe, they need to sell the idea to the people making computers for the Average Joe.

Re:Pathetic

[strictnein]

It's pathetic that AMD has to fix M$'s bugs...

How is this insightful? First of all, any post that uses the $ is Microsoft's name should be modded -1, 14 year old poster.

As if buffer overflows really had much to do with the OS. It has a lot more to do with poor coding. Try the following searches for more info:

linux buffer overflow
bsd buffer overflow
OS X buffer overflow
Solaris buffer overflow
And yes, everyone's favorite:
windows buffer overflow

Re:Awesome

[Sloppy]

Why didn't they think of this in the first place.

Because it's hard to fix while keeping compatibility, and it was a different world in 1980.

Some of today's problems are really just side-effects of the x86 legacy. If you're willing to break binary compatibility, fixing problems is really, really easy. For example, there's no law that stacks have to stupidly grow downwards in memory so that an overflow ends up overwriting older stuff on the stack space, instead of overwriting in the direction where the unallocated space is. And indeed, on many architectures, it works more sensibly. So even if you don't protect against overflows, their damage doesn't need to be so severe.

But by the time it became popular for personal computers to be connected to the internet (and thus, overflow protection started to become really important), it was far too late to fix the problem, because too many people were locked into x86.

Old news

[Todd+Knarr]

This existed in the 8086 and 8088 CPUs. You seperate your program into code, data and stack segments and load the appropriate segment registers. Code segments can't be read or written, data and stack segments can't be executed. But stupid programmers decided that that kept you from playing games with code-as-data and data-as-code, so they created flat addressing mode with all segment registers pointing at a single segment. Feh. Those who don't read history are doomed to repeat it. Badly.

Re:Pathetic

Don't blame MS for everything. Unix too has a notorious history of its contibution due to buffer overflow. Ever heard of sendmail? I believe the first internet worm in 1988 utilized buffer overflow in number of unix apps including sendflow, finger, ...

Software can't do everything. In fact, some earlier architectures offered choice of separating data segment and code segment (DEC VAX were the latest I used which had this feature), but because they have some performance penalty, the hardware companies removed this feature. Now that we have more speed than needed, it is being put back.

Execution bit on MMU Pages

[adisakp]

For what it's worth... many processors, like the PowerPC series have had this "buffer overflow protection" feature for years. The idea is to mark program code pages after they are loaded as executeable and read-only. No other pages are marked executeable. It destroys clever little hacks like self-modifying code but at the same time, makes it impossible for buffer overflows to introduce new code into a programs executeable code page set.

The Average Joe?

[SpaceRook]

The average joe can't even figure out that he shouldn't open email attachments from people he doesn't know (Exhibit A: MyDoom). You really think he knows what the fuck a buffer overflow is? "No buffer overflow? But what if I *want* overflow! More is better!" I applaud this security feature, but don't think of it as a selling point for typical users.

Re:what a drag

[paranode]

Exactly. OpenBSD 3.3 already came with this feature in May 2003.

"W^X (pronounced: "W xor X") on architectures capable of pure execute-bit support in the MMU (sparc, sparc64, alpha, hppa). This is a fine-grained memory permissions layout, ensuring that memory which can be written to by application programs can not be executable at the same time and vice versa. This raises the bar on potential buffer overflows and other attacks: as a result, an attacker is unable to write code anywhere in memory where it can be executed. (NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current already supports it on i386, and both these processors are expected to support this change in 3.4). "

Re:Nope

[Inuchance]

I think a good commercial would having hackers trying to break into a computer, and then a big "ACCESS DENIED" error shows, and one of the hackers exclaims, "No good, they've got the latest AMD CPU!" And then some announcer says something like, "With the latest CPUs from AMD, your computer executes only what YOU want it to, not what THEY [flash over to image of frustrated hackers] want!"