Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nope, No Intel Chip Recall After Spectre and Meltdown, CEO Says (cnet.com)

Posted by msmash on from the aftermath dept.

Hoping the Meltdown and Spectre security problems might mean Intel would be buying you a shiny new computer after a chip recall? Sorry, that's not on the cards. From a report: Intel famously paid hundreds of millions of dollars to recall its Pentium processors after the 1994 discovery of the "FDIV bug" that revealed rare but real calculation errors. But Intel CEO Brian Krzanich said the new problems are much more easily fixed -- and indeed are already well on their way to being fixed, at least in the case of Intel-powered PCs and servers. "This is very very different from FDIV," Krzanich said, criticizing media coverage of Meltdown and Spectre as overblown. "This is not an issue that is not fixable... we're seeing now the first iterations of patches." On Thursday, Intel said it was aiming to fix 90 percent of all Intel products that have been introduced within the past year by end of next week. CNET asked if the company was looking at older Intel processors? From the report: "We're working with [computer makers] to determine which ones to prioritize based on what they see as systems in the field," an executive at the company said. Intel also is fixing the problem in future chips, starting with products that will arrive later this year. Intel is effectively taking the software fixes being released now and building them directly into hardware, he said.

12 of 372 comments (clear)

  1. Sorry, but no, sorry. It's not "fixed" by Opportunist · · Score: 5, Informative

    Well, maybe in the veterinary sense, but I didn't plan to buy a castrated CPU.

    First, the problem is in the processor logic itself. We're talking about a design flaw that could only "really" be patched by re-etching the silicon. I highly doubt that he has found a way to rework the die. This isn't some BIOS feature we have to patch. Intel's promise now is that they found a way to manage the problem in microcode. And whether the microcode patch will do any good is still to be seen. Personally, my stance is "seeing is believing".

    Mostly because there is a second aspect: ALL, and I do mean ALL, possible approaches to fixing this can only be done with a drop in performance. There is no way this can be addressed without taking a performance hit. Especially high I/O applications like database processing is severely affected by the current patches, postgresql cited performance drops of up to 30%.

    Simply having the gall to state that this is no reason for a recall takes quite the chutzpah. I kinda wonder whether various high performance data centers will simply swallow this.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Re:Lawsuits on what grounds? by Anne+Thwacks · · Score: 5, Informative
    OTOH if the "lock" won't remain closed if you "look at it from the wrong angle", then its not a lock, its a scam.

    This design error contains at least three features worthy of "www.wtf.com":

    • The branch prediction trains on other people's threads: that is like your satnav giving you directions based on other cars movements.
    • The speculative execution can access data it is not supposed to: that is like you can imagine your are in a different person's house, and nick their things. Even in the 1970's the data returned by other 16 bit machines in this situation would have been "0xf001" and by 24 bit ones "FOOL" as 6-bit baudot code. Its not like this is not a well documented situation.
    • You can read the pipeline cache for speculative stuff that was abandoned when not in kernel AND debug mode that on its own is a completely unacceptable design defect. Worse, since it was known to contain other threads' data (at least by Intel).

    That is the three no-nos we know about. There must be at least one more we don't know being held back because it is even worse.

    Whoever designed this stuff MUST have known it would behave like that, same way the Volkswagen engineers knew what was going on. Someone signed the designs into production. Presumably the first time round it was "let's chance it" and subsequently "well, we got away with it last time".

    I am guessing quite a few people knew about some of it - like people debugging the compilers for example.

    If you want to know why NDAs should not be permitted this is it! Use an Open Source architecture if you want accountability.

    --
    Sent from my ASR33 using ASCII
  3. Re:It isn't his decision by mysidia · · Score: 2, Informative

    WRONG. The Meltdown attack ONLY AFFECTS INTEL

    False; Non-Intel platforms are affected by the same form of problems. The security issue related to Processor Speculation has been Acknowledged by ARM,
    and furthermore, even the Meltdown paper points out the same issues existing with at least several example attacks working reliably on the ARM and AMD platforms regarding out-of-order executions And instructions past illegal memory accesses.

  4. Re:It isn't his decision by 110010001000 · · Score: 4, Informative

    WRONG. Repeating the lie doesn't make it true. MELTDOWN is INTEL ONLY. You are talking about a different issue. Please stop.

  5. You keep saying that, I don't think it's true. by Brannon · · Score: 3, Informative

    AFAIK the kernel software workaround (called KPTI in Linux) makes it impossible to exploit the Meltdown hole (i.e. variant #3 from Project Zero). There's some performance cost but Google has measured the cost as negligible on real workloads. I'm running with a similar patch in OS X and I can't tell any difference.

    It doesn't matter if the original bug is in the HW or not, so long as there is a workaround at some layer (firmware, kernel, etc.). You are beyond naive if you think this is the first time a HW bug has been masked by SW--it happens all the time. Usually the workaround is buried in a driver or firmware and you never hear about it.

  6. Re:This doesn't surprise by thegarbz · · Score: 4, Informative

    My brothers pissed because this is going to tank performance in the IO heavy strategy games he plays and he bought his i7 specifically to play them.

    Where'd you get this from? So far the only benchmarks I've seen show sweet fa difference for any kind of gaming before and after the patches.

  7. Spectre vs Meltdown, you are picking nits: by DanDD · · Score: 3, Informative

    mysidia said "Non-Intel platforms are affected by the same form of problems" (emphasis mine). This doesn't seem like a lie: Understanding Meltdown & Spectre: What To Know About New Exploits That Affect Virtually All CPUs

    I'm not a CPU architect, and perhaps you are, which would explain why you seem to take the differentiation of these bugs and exploits so seriously. Or perhaps you are paid by AMD or an ARM vendor.

    Or maybe it's that your statement: "the world revolves around me" suggests that there might be other issues behind your comments

    --
    "Every time I see an adult on a bicycle, I no longer despair for the future of the human race." - H. G. Wells
  8. Re:It isn't his decision by 110010001000 · · Score: 5, Informative

    FROM THE PEOPLE WHO ACTUALLY FOUND THE FLAW:

    https://spectreattack.com/

    Which systems are affected by Meltdown?
    Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors.

    Really, are you that ill-informed?

  9. Meltdown hardware fix by Anonymous Coward · · Score: 2, Informative

    This isn't a simple errata. This is HUGE flaw, a true game changer. It is a flaw that CANNOT BE FIXED, only mitigated to some extent.

    Meltdown CAN be fixed. You simply change the VHDL / Verilog code to do access check BEFORE the speculative execution and NOT AFTER.

    You know, like AMD does it.

    (Spectre is another matter.)

  10. Re:It isn't his decision by Anonymous Coward · · Score: 5, Informative

    FROM THE PEOPLE WHO ACTUALLY FOUND THE FLAW:

    The GP's "Citation please" was referring to the fact that "MELTDOWN is INTEL ONLY." AFAICT. Which it is. From Section 6.4 of the Meltdown paper:

    We also tried to reproduce the Meltdown bug on several ARM and AMD CPUs. However, we did not manage to successfully leak kernel memory with the attack described in Section 5, neither on ARM nor on AMD.

    In summary:
    * Meltdown: Intel-only
    * Specture: everyone

  11. Re:It isn't his decision by Anonymous Coward · · Score: 3, Informative

    No. ARM has confirmed that Meltdown (i.e., Variant 3 and 3a) also affects some of their processors.
    https://developer.arm.com/supp...

    Please stop lying. You are a despicable liar.

  12. Re:It isn't his decision by mysidia · · Score: 3, Informative

    That is not contradictory information; it is just out of date. "Currently [as of the time the paper was written], we have only verified Meltdown on Intel processors.

    The information cited does NOT support your claim that Meltdown is Intel Only; nor were the authors even claiming they believed Meltdown to be Intel-Only --- the authors showed information to indicate AMD/ARM would also be vulnerable, but they were primarily interested at the time in demonstrating the exploit on Intel processors and made minimal at best efforts to fully demonstrate and exposit the problem on ARM/AMD despite showing these affected.

    Current security bulletins include more up-to-date information than the Authors' whitepaper.