Slashdot Mirror
Intel Responds To Alleged Chip Flaw, Claims Effects Won't Significantly Impact Average Users (hothardware.com)
An anonymous reader quotes a report from Hot Hardware: The tech blogosphere lit up yesterday afternoon after reports of a critical bug in modern Intel processors has the potential to seriously impact systems running Windows, Linux and macOS. The alleged bug is so severe that it cannot be corrected with a microcode update, and instead, OS manufacturers are being forced to address the issue with software updates, which in some instances requires a redesign of the kernel software. Some early performance benchmarks have even suggested that patches to fix the bug could result in a performance hit of as much as 30 percent. Since reports on the issues of exploded over the past 24 hours, Intel is looking to cut through the noise and tell its side of the story. The details of the exploit and software/firmware updates to address the matter at hand were scheduled to go live next week. However, Intel says that it is speaking out early to combat "inaccurate media reports."
Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits. You can read the full statement here.
Intel acknowledges that the exploit has "the potential to improperly gather sensitive data from computing devices that are operating as designed." The company further goes on state that "these exploits do not have the potential to corrupt, modify or delete data." The company goes on to state that the "average computer user" will be negligibly affected by any software fixes, and that any negative performance outcomes "will be mitigated over time." In a classic case of trying to point fingers at everyone else, Intel says that "many different vendors' processors" are vulnerable to these exploits. You can read the full statement here.
Yeah, notice the part where they tried to spread the blame to other CPU manufacturers.
"First they came for the slanderers and i said nothing."
Intel says "Intel believes these exploits do not have the potential to corrupt, modify or delete data."
They do not say anything about read. This means exploit lets read protected memory.
I like how they've weaseled out of the whole fiasco (why didn't /. post a link to the original press release?):
"Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time".
I'm not sure I can read between the lines properly but I guess new revisions of Coffee Lake/Kaby Lake/SkyLake(X) CPUs are coming and they will contain a hardware fix (though it still seems highly unlikely considering how difficult it's to deploy a new hardware design - however unlike other fabless companies, like AMD/NVIDIA/ARM/etc Intel has everything under control). After all they've known about this issue for almost half a year.
Meanwhile as for consumer workloads they are correct. Two German websites have already tested a Windows build with a fix and found very little performance losses.
Phoronix has also run a number of tests on Linux and found out that only few (mostly artificial) tasks are seriously affected.
Intel home users may sleep well. As for enterprise customers no one has run virtualization tests yet though - that's what truly important for large deployments (clouds).
Some ARM64 chips are affected as well actually. Citation: https://lwn.net/Articles/74039...
I don't see why they would name AMD since it's unaffected however. https://lkml.org/lkml/2017/12/...
when did AMD say that? all reports say that both AMD and ARM are also affected
AMD CPUs are NOT affected. Quit spreading lies.
https://lkml.org/lkml/2017/12/27/2
As Intel has been caught red-handed doing massively illegal things several times, like any good criminal enterprise they of course have a first-rate legal team.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Because other CPU manufacturers are pumping out devices that have this issue, and have done so for years.
ARM64 is also affected - and includes chips made by virtually every silicon maker, including AMD, Apple, Samsung, Texas Instruments, Renesas, STMircro, Microchip, Broadcomm, Qualcomm, and others. They are in virtually every recent tablet or smartphone.
Even the decidedly non-Intel Raspberry Pi 3 is affected.
AMD's AMD64 may be unaffected, but AMD's Opteron-A processors are absolutely affected.
-- Sometimes you have to turn the lights off in order to see.
AMD does not have the flaw. Try to keep up.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
AMD's AMD64 chips don't have the flaw.
AMD's Opteron-A, however, is an ARM64 chip which does have the flaw.
-- Sometimes you have to turn the lights off in order to see.
arm64: Unmap the kernel whilst running in userspace (KAISER)
ARM engineers are supplying the patches for ARM64.
KAISER is the original name of the patch set.
-- Sometimes you have to turn the lights off in order to see.
AMD checks privileges before it runs the code. Intel chose to optimize their branch prediction in a way that checked the privileges AFTER the code was run, but before it was written/applied. This allowed a small window for someone to read the results of that illegal instruction before it was dumped for being flagged as an exception.
I've read some info that speculates that Intel likely gained some performance by letting a lot of branch predictions run and then dumping those that are flagged after the fact instead of checking each and every one before it was run (because a lot of branches are dumped anyway for other reasons, so small price to pay to let things run and be wrong.) I don't know for sure, though. Sounds to me like they skimped on some silicon to check in hardware and put more into branch prediction.
Basically the code runs like this:
Hi, I'm a user program with user rights. I'd like to know where the super secret memory address of this part of the system is so I can read from it... and maybe even write to it later with a different exploit.
AMD: No, you're in user land, you can't see kernel land.
end of story
Intel: Oh, let me fetch that for you... Here, I've typed up a handy map of things and notes on your way around the super-secret areas... just show me your security clearance first before I hand it over.
Your malware: *glances at map, notes*
Intel: WAIT... you're in user land. You can't have this. *lights the map and notes on fire after you've already seen them*
And that is relevant how? The whole discussion is 99.9...9% about AMD64.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Basically, this isn't an implementation bug, or even a design flaw... it's an architectural flaw, present in all modern CPUs. Unless great care is taken, any CPU that supports both speculative execution and memory caching is vulnerable. This is incredibly huge. To a first approximation, all computers are broken.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Turns out AMD CPUs are affected too. See https://spectreattack.com/ for details
Incorrect. From the FAQ on the page you linked to:
Which systems are affected by Meltdown? ... We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.
My spoon is too big.
Intel PR monkeys are trying to take AMD down with them, let's make this clear:
For the 3 bugs, the biggest one only affect Intel CPUs, for bug 2 and 3:
AMD bug only affect THE SAME PROCESS, unlike Intel, which allows exploit to cross process
https://googleprojectzero.blog...
As shown, AMD was only vulnerable to "the ability to read data inside mis-speculated execution within the same process, without crossing any privilege boundaries."
AMD's Zen processors are immune to all 3 vulnerabilities FYI.