Eight New Meltdown-Like Flaws Found

An anonymous reader quotes Reuters: Researchers have found eight new flaws in computer central processing units that resemble the Meltdown and Spectre bugs revealed in January, a German computing magazine reported on Thursday. The magazine, called c't, said it was aware of Intel Corp's plans to patch the flaws, adding that some chips designed by ARM Holdings, a unit of Japan's Softbank, might be affected, while work was continuing to establish whether Advanced Micro Devices chips were vulnerable... The magazine said Google Project Zero, one of the original collective that exposed Meltdown and Spectre in January, had found one of the flaws and that a 90-day embargo on going public with its findings would end on May 7...

"Considering what we have seen with Meltdown and Spectre, we should expect a long and painful cycle of updates, possibly even performance or stability issues," said Yuriy Bulygin, chief executive officer of hardware security firm Eclypsium and a former Intel security researcher. "Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware."
Neowin now reports that Intel "is expected to release microcode updates in two waves; one in May, and the other in August."

Well, to be expected.

Speculative execution bypasses the memory protection barriers for efficiency reasons. The actual problem is that cache coherence is global rather than per-process and its effects are measurable. That is the vector for wagonloads of side channel attacks. Speculative execution to addresses based on protected locations is just a rather elegant side channel attack since it does not count towards privilege violations and thus does not trigger an exception that would in turn cause a much larger impact on cache coherence and other measurable CPU state than what you are trying to measure.

Cache coherency is a side channel attack that will keep on giving for a long long while to come.

Re:Well, to be expected.

[Megol]

The Spectre exploits didn't need a multi-processor system to work and assumed the attacker and the victim ran on the same processor. This means cache coherency isn't relevant.

It is possible that these exploits use cache coherency to extract data, however with the small crumbs of information leaked about them it seem at least some of them involve bypassing the protection of virtual machines.

Re:Well, to be expected.

Thank you, mod up.

Intel has not told us what their strategy is, a huge dissapointment.
Other vendors have not fessed up either. So much for security agencies protecting their own.

At first I thought is was to flip a flag or two, and get MS and Google to compile code in such a way speculative execution was unlikely to occur in sensive spots. I then felt a hokey patition workaround was their solution, which would slow down sidechannel attacks.
However the Google researchers are good - the weak and easy buy time flag business is now untenable. I know IBM solved that issue by having keys against memory - a rather expensive solution when memory was very expensive, 35 or so years ago.

I dont see Intel releasing a fix turning off all speculative execution for paranoid sorts.
Probably their plan C if the paper get wind global cache is an architecture problem, not a patch. I will be amazed if microcode can fix this - but Intel is not even saying if this is possible.

Not happy about how we are being kept in the dark. Now we know there are wedges and shims in MS OS, you can bet the software fix brigade will have to recompute the scope of complete re-factoring. All answers lead to expensive difficult to test roads.

Re:Well, to be expected.

same processor. This means cache coherency isn't relevant.

The grandparent was carefully worded. You're confusing "per-process" and "per-processor," two totally different words.

Yes, it seems infeasible to make a per-process cache, which is why "cache coherency is a side channel attack that will keep on giving for a long long while to come."

Re:Well, to be expected.

[HiThere]

If I read the summary correctly, they haven't yet claimed to have any attacks against AMD, and aren't sure of anyone except Intel. So your comments about "other vendors" seem misguided.

An interesting question might be how long anybody except the investigators has known about the various attacks in sufficient detail to even plan a response. The summary indicates that for *one* of the attacks Intel has known about 90 days. It doesn't even indicate about the others. The only indication seems to be that Intel has planned two waves of microcode updates...one real soon now an the other in about 3 months (90 days?).

FWIW, I'm not really happy with Intel's response history, but this could be an attack on Intel the company where they are coerced into releasing multiple repeated microcode updates, repeatedly damaging their reputation. (Of course, you could reasonably argue that they deserve it.)

Re:Well, to be expected.

[Megol]

I have not confused anything and don't see how you would think I did.

Cache coherency is the synchronization between caches. That is the mechanism that (for instance) detects if a cache line that is owned by one cache is read by another cache therefore making the cache line a shared one.

The Spectre exploits do not use the coherency mechanism to leak data - they use cache timing analysis.
For instance one could flush a cache line for instance by using a special instruction (CLFLUSH in some x86 processors) or by reading data in a pattern that makes all cache line ways (places where data can be placed in an set associative cache) that can contain that specific cache line filled with something else.
One would then do the actual exploit by triggering another process running on the same processor (as the branch predictor state have to be shared) which then potentially reads the previously flushed data in the speculative state. If it reads the line it will be in cache again, if not it will not.
Then the attacker times a read of the data. If it was loaded by the speculatively executed victim code it will be fast, if it wasn't it will have to be read from higher level caches and will be slow - and that's how data is leaked.

In no way is the cache coherency protocol involved. And the attack is per processor/core as the branch predictor have to be shared.

Using the coherency protocol and other methods of triggering speculative reads of data for a cross-core Spectre-type exploit is theoretically possible but not demonstrated and not what we were talking about.

Here we go again. Old hardware FTW!

I can't wait for the "let's buy old hardware in protest" coments all over again.

Re:Here we go again. Old hardware FTW!

I can't wait for the "let's buy old hardware in protest" coments all over again.

Good luck with that. Basically you need to buy processors with fixed (rather than minimal) cycle counts in order to stop side channel attacks based on cache coherence. 80486 is already too new for that I think. If I remember correctly, it already sports something like 8kB internal cache memory.

Re:Here we go again. Old hardware FTW!

Or just buy AMD.

Moore's Law Meltdown?

Moore's Law Meltdown?

Re: Moore's Law Meltdown?

Moore's Law say transistors will double, not processor cycles. We should expect see an increase in transistors to address this in hardware directly inline with Moore's Law.

Dupe

[Andrzej]

From 3 days ago: https://it.slashdot.org/story/18/05/03/1854238/next-generation-flaws-found-on-computer-processors

Re:Dupe

editors are slacking if this is the only dupe promoted to the front page in three days.

Re:Dupe

[NicknameUnavailable]

Seriously, I remember the good ol' days with multiple quadruplicate and triplicate posts in a single day, back when duplicates were rare and single posts were unheard of.

Well which is it?

[ravenshrike]

MELTDOWN or SPECTRE? Because the effects of SPECTRE flaws that aren't like MELTDOWN can be almost completely mitigated through good program design. MELTDOWN class flaws however mean that once exploited anything the computer is doing can be exploited and program design doesn't matter.

Re:Well which is it?

[Megol]

Actually you got the two things switched:

Meltdown can be totally protected against in software however with a significant performance impact.

Spectre can be divided into two kinds of attacks:
. One kind that bypass protection checks (range checks etc.) used to create software based virtual machines. These can be protected against in software.
. One kind that use shared branch prediction state between an attacker and a victim to influence speculative execution when running the victim code, this can be used to extract data that can be exfiltrated through a shared cache. This is in general not possible to patch in software.

Good program design have nothing to do with this. That's the whole problem with these speculative vulnerabilities: the code that one write isn't necessarily the code that the processor executes. One have to write bad code taking microarchitectural design into consideration to protect against attack.

Re:Well which is it?

"Almost completely mitigated"? Is that like how your mom was almost completely protected?

Re:Well which is it?

Actually, it's you who are switching things out. I've yet to see anyone claim that you can protect, much less absolutely so, against these flaws in software. All I've seen so far is mitigation. If you have a credible source which unambiguously states this, link pls, or you'll have to accept a "[citation needed]".

In fact, this very article could be seen as evidence of the falsehood in your statement; the patches which are already out so far are obviously not protecting against these new vulnerabilities which are variations on the original theme. That doesn't sound very much like a "fix" or "protection" to me.

Re:Well which is it?

[ravenshrike]

Good program design severely limits the total access of a SPECTRE type flaw. However the access granted by a standard SPECTRE exploit will still give out some information. Thus through good program design you can avoid giving away important information like passwords or cryptography keys even if someone is using a SPECTRE type exploit on your system. Whereas there is no real protection against a MELTDOWN flaw once it is exploited. At that point the person running the exploit has access to everything going on in the system.

Re:Well which is it?

Good program design severely limits the total access of a SPECTRE type flaw. However the access granted by a standard SPECTRE exploit will still give out some information. Thus through good program design you can avoid giving away important information like passwords or cryptography keys even if someone is using a SPECTRE type exploit on your system. Whereas there is no real protection against a MELTDOWN flaw once it is exploited. At that point the person running the exploit has access to everything going on in the system.

“Good program design” means breaking high resolution timers for scripts and plugins? Sorry, SPECTRE mitigation goes way outside normal design considerations unless we’re winding back to “don’t run untrusted code/plugins/script ever”, meaning go back to Web 1.0

Re: Well which is it?

[phantomfive]

And there are more vulnerabilities waiting to be revealed. It will be a decade before this thing is cleaned up.

Re:Well which is it?

unless we’re winding back to “don’t run untrusted code/plugins/script ever”

That was always good advice. Like lots of good advice, much grief has been caused by the myriad efforts to avoid it.

Re:Well which is it?

[drinkypoo]

That was always good advice. Like lots of good advice, much grief has been caused by the myriad efforts to avoid it.

It was never realistic advice. So let's figure out how to build hardware that makes it safe, because we're still going to want to do that in the future.

Re:Well which is it?

[Megol]

These flaws? Meltdown is one flaw.

Here's how you protect completely against meltdown: map only user accessible data into the address space. Now that's not really possible so let's continue: also map a trampoline memory area for the kernel. That area contains a small amount of code that aren't safety critical (reading it will not expose protected data) and a minimal map so that the kernel can load a completely different virtual memory mapping. That map could be somewhat interesting in theory but in practice not. If security is absolutely critical the kernel map it can be placed in a fixed location.

System call: go to kernel mode and branch to the trampoline area. Load the new virtual memory map (via the MOV CR3, xxx instruction) - the kernel now have a map that includes the user mode data/code and private internal data. It can do any work it want to without Meltdown being a problem as it is the kernel and already can read all data it want to. Then the kernel jumps back to the trampoline area still in kernel mode and switches back to the user memory map. It then returns to user mode.

The only problem is that changing the VM mapping is expensive and that code optimized for the assumed processor behavior will not run.

The other problem that can be patched according to my post is the software based protection. There the problem is that checks can be bypassed and leak data to the software protected code. The solution is rewriting checks with code that doesn't use speculation, fairly trivial in theory.

The rest I claimed _can't_ really be patched in software. One can slap patches on certain sensitive checks or do a general pessimization of all compiler generated code however that isn't a realistic solution.

Understand now?

Question

Can someone report how good these patches from Intel are, especially as it relates to the Linux user???

Re:Question

patches from Intel sux amd much better

Re:HOSTS + BAN BUMP STOCKS = REAL SECURITY... apk

It would be hilariously ironic if you were shot dead by a banned firearm.

Cheating Moore's Law

All comes down to trying to find ways around the limitations of Moore's law. So Intel and other devised a way to process faster without adding to core speed or adding more cores. The question is, how much of a real threat are these flaws in the first place? Still reeling from the "Sky is Falling" mentality of the first Spectre/Meltdown fiasco. Which has yet to materialize one attack in the wild to this day. All we as users got from it, was lousy patches, slower devices and a whole bunch of technology news outlets having to cry wolf on a daily basis as if this is the end to all computing as we know it.

Intel owes me money.

And since theyre corporate assholes who will never pay up my only option is to never buy any of their products ever again.

Fuck you Intel. We're done.

Re:Intel owes me money.

I agree. I can't believe there are still people buying new cpu's with these flaws.

Bios patching is a cluster fsck.

Itâ(TM)s a hideous pain in the ass to even begin to attempt firmware updates in the enterprise. Every vendor does it completely differently and HP even has at least 2 different methods used seemingly randomly on enterprise PCs. For all itâ(TM)s shortcomings, the only pc vendor even semi competent at bios and firmware maintenance is Microsoft itself with Surface.

Re:HOSTS + BAN BUMP STOCKS = REAL SECURITY... apk

my software is a cure-all for INTERNET SECURITY

Cure-all? What does it do for a virus on a USB stick? I think you're starting to lose your sanity entirely rather than just partially.

Explain

[ndverdo]

Can someone give a short explanation on how the previous relate to the new ones. Also are the new ones in the category of silicon fix (halve a year cycle time at best) or microcode??

Re:Explain

[drinkypoo]

Also are the new ones in the category of silicon fix (halve a year cycle time at best) or microcode??

It depends on which CPU you've got. Intel has already announced that they are never going to fix a whole bunch of CPUs with microcode updates, in spite of having fixed some other CPUs which are about the same age. Some have stated that they believe this means that they can't fix them in microcode. Personally, I suspect that they can, but the performance impact would be beyond anything we've seen so far, so they're simply refusing to do so.

I'd like to see Intel outright forced to issue a fix for any processor where it is possible, for those customers who can accept the performance impact. Remember, Intel abused their market position over AMD — and that market position was based on a competitive speed advantage which was in turn based on compromising security! Not forcing them to fix it in every possible case is literally rewarding them for bad behavior. I would go so far as to say that they should also pay for replacement of any system compromised; they should pay a percentage of the new system price based on the industry average percentage cost of the CPU.

Re:Explain

I would go so far as to say that they should also pay for replacement of any system compromised; they should pay a percentage of the new system price based on the industry average percentage cost of the CPU.

But the new system will still have the same vulnerabilities. Dry dog shit is still dog shit, it just doesn't smell as bad.

I want a check. Or cash.

Re:Explain

I think Intel should supply free CPU's to all those handy with mobo BGA transplants that covers the 80/20 rule. The user pays for the repair/swapover, but at least gets a new cpu.

However I know a whole bunch of fat oldish HP laptops fitted with extra HD crypto addons- is going to upset military customers who fall back to Citrix.

To the poster: So far the fixes are not actual fixes, but fiddle with the depth of speculative execution, plus some code to vary that depending which VM number is running - AFAIK.
That is not a fix, but just fixing the worst of the potholes.

Re:Explain

[AmiMoJo]

Just sue Intel in small claims court. I'm expecting my cheque soon.

Re:Explain

[Voyager529]

Just sue Intel in small claims court. I'm expecting my cheque soon.

100% sincere question: how does that work? My understanding is that a small claims lawsuit only works if you can quantifiably prove damages. "I had to buy a new desktop/server" seems easy enough, but if you went against Intel and won, how did you prove that Spectre and Meltdown were the cause of your purchase to the point where the judge ruled in your favor?

Re:Explain

100% sincere question: how does that work? My understanding is that a small claims lawsuit only works if you can quantifiably prove damages. "I had to buy a new desktop/server" seems easy enough, but if you went against Intel and won, how did you prove that Spectre and Meltdown were the cause of your purchase to the point where the judge ruled in your favor?

There are two primary ways to use small claims court for this type of purpose.

One of those ways is due to the fact these courts have upper limits on your claims (thus the name) plus the fact layers have less involvement (they are intended for two individuals to seek remediation)

This can be used (or some say 'abused') by an individual against a larger company by claiming a fairly small amount of damages, while using a small claims court local to where you live but the company has no actual presence.
You bet on the odds that the company won't even bother to send a representative to the court at all, and thus the judge rules in your favor by default.

These odds actually do work in an individuals favor so long as you don't get greedy.
It costs the company money to send a representative to the court, and from their point of view "winning" means they simply pay their own costs to win. "Loosing" means paying their costs to try and win, plus the damages that the judge agrees are legitimate.

Since presumably it would cost Intel more to fly a representative out to the court than to simply pay out $300 or so, the cheapest result for Intel is to just not show up and pay the damages.

Only if those damages would cost more than the time paid to the representative plus travel expenses, would there be any benefit to them bothering to defend their case.

Also if Intel doesn't bother putting forth any defense, you don't really need to provide much evidence like you mention.
Explaining to the judge that Intel refuses to fix the bug in the product you bought, and stating that bug is central to what you do (aka you can say that servers only purpose is to run virtual machines), combined with the two receipts that matter will be enough.

One receipt showing purchase of a defective CPU in a system to show you have standing, and another receipt showing purchase of a replacement CPU to show the amount of your damages.

You could mention that your time has a cost too, but it may be best to also just say you can't easily provide evidence of that cost and so you aren't including it in your claims.
I'm not sure if that would even matter, but I'd presume a judge would expect such a claim if you are being legit about things.
But remember the goal is to not get greedy so Intel won't think it is worth showing up at all.
The more you try to increase your damages claims, the less likely that gets.

Re:Explain

[HiThere]

The problem, of course, is that you can't fix it by replacing the CPU. Intel doesn't make any fixed CPUs, and the AMD chips require a whole lot of different boards. The cheap way (if your time is worth anything) is to buy a new computer that isn't Intel. But now you're probably getting out of the range of what a small claims court will handle. (Of course, this depends on your actual computer.)

Re:Explain

[Mal-2]

Replacing an older Intel CPU and board with an AMD CPU+board of equal performance may actually be cheaper than replacing with fixed Intel parts, if the end user is the one paying. But of course, Intel would rather take the bigger hit on paper and hand out its own products, rather than funnel one thin dime to AMD, so unless any payouts are in cash, the replacements for anything are going to be more Intel.

Re:Explain

I want a recall and replacement or my money back on my cpu I bought 2yrs ago . This is every 'bit' as bad as a faulty airbag in a car. Knowing it's not a matter of if, but when, it will go off.

This is very dangerous. I paid damned good money for my 4790k and mobo and now I and a fuck ton of others will be vulnerable to the world on a scale yet to be fully realised and may not even get a patch!

What do we want?! RECALL!

Re:Explain

[AmiMoJo]

I presented some before and after patch benchmarks from my systems, and some independent ones I found online. Intel actually sent a local lawyer to represent them, but he only had their weasel word statements that it might get better eventually maybe.

I got 70% of the cost of two new systems plus court costs and wages for half a day off work. Oh, and mileage too, the judge reminded me of that.

Re:Explain

Does AMD actually make chips which are not vulnerable to Spectre?

Re:Explain

[Mal-2]

Everyone doing speculative execution is vulnerable to Spectre. That includes ARM.

Papermaster said AMD believes the threat from Spectre Variant 1 "can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue." The company additionally expects to offer "a combination of processor microcode updates and OS patches" to address Spectre Variant 2, he said.

"While we believe that AMD's processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat," AMD's CTO said.

However, the issue here wasn't if it can be patched -- it pretty much can -- but what the performance penalty will be. Buying more CPU grunt to compensate is cheaper on the AMD side, up to the point where it's no longer possible. (There are chips in the Intel stable for which AMD has no match, but they are far from the bulk of the market.)

An idiot's impersonating me again... apk

Whoever the idiot is impersonating me is has serious issues and has been doing it for months now out of butthurt no doubt.

APK

P.S.=> To said moron doing it - Grow up. I'd never post something that stupid... apk

Re: An idiot's impersonating me again... apk

Every comment you post is that stupid. You're the village idiot.

You haven't a clue about security. You didn't even write your hosts file program yourself. You ported someone else's work, then took snippets of a lot of comments out of context to pretend like you have real testimonials. You're an idiot.

Re: An idiot's impersonating me again... apk

You posted numerous comments about how you were going to spend the weekend posting about bump stocks. Now that you're getting roasted, you want to pretend like you're being impersonated. Grow up, coward. Stand behind your words.

Re:An idiot's impersonating me again... apk

[Lonewolf666]

Impersonating you?

As you are posting as an Anonymous Coward yourself, this is a rather useless complaint. The readers won't be able to tell who is supposedly impersonated anyway.

Yes, that idiot impersonating me is you... apk

See subject & the rest listed here + why (butthurt ac who destroyed himself on hosts kernelmode) https://it.slashdot.org/comments.pl?sid=12012911&cid=56473441/ vs. slower usermode (the little fuck that's doing this is a SERIOUS screwup, lol, hence the WEAK butthurt effete attempts @ "impersonating" me, via harassing others).

* Unbelievable... lmao!

APK

P.S.=> That's probably the RESULT of being raised as a "soyboy" weasel for the whimp trying to make me look "bad" impersonating me - RoTfLmAo... apk

Re: Yes, that idiot impersonating me is you... apk

Stop talking to yourself, dipshit.

Re: Yes, that idiot impersonating me is you... apk

You're just mad that my impersonation of you is spot on.

Re:Yes, that idiot impersonating me is you... apk

See subject & the rest listed here + why (butthurt ac who destroyed himself on hosts kernelmode) https://it.slashdot.org/comments.pl?sid=12012911&cid=56473441/ vs. slower usermode (the little fuck that's doing this is a SERIOUS screwup, lol, hence the WEAK butthurt effete attempts @ "impersonating" me, via harassing others).

* Unbelievable... lmao!

APK

P.S.=> That's probably the RESULT of being raised as a "soyboy" weasel for the whimp trying to make me look "bad" impersonating me - RoTfLmAo... apk

Then why don't you use your amazing software skills to learn two things: 1) what cryptographic signatures are for, and 2) how to use GnuPG. Then there will be no "impersonation" problem.

I find with most people that anytime you show them relatively simple practical steps they can take, they are filled with convincing (to them) excuses for why they can't do something. I think it's a silly pride about either being asked to do something different (because they're already perfect!) or because it's implicit in the suggestion that they didn't think of it themselves (when corps do this it's called Not Invented Here). Will you be like most people?

Price down

So now that Intel has been revealed to produce sub standard chips the price of those crap chips is going to drop like a stone right?

I want to see if the whole concept of the 'free market' is going to solve this problem or even affect it, I've been contemplating that the idea of the free market is as much a myth as unicorns and big foot. Mostly I think about this as I buy a product affiliated with the international crime syndicate known as NESTLE (you might know them from chocolate milk, slavery, deforestation, or genocide, depends how much reading you do).

My hypothesis is that the prices will remain the same despite having a known gaping flaw. Manufacturers will continue to use their chips, and in many cases there will be little to no choices about purchase because they only have 1 real competitor that being AMD and to a much lesser extent ARM.

Capitalistic society is built with free market as the bedrock of its entire ideology and I believe that the bedrock is rotten with lies. This means we need a more complex system and ideology in place, probably not one that can be explained in a short sentence.

Re:Price down

[Lonewolf666]

It may take a while for AMD to get to the point where customers trust them more overall than they trust Intel.

From all I read on forums like this (not being in the "decider" circles myself), it takes time to build up a good reputation in the server market. Now AMD was almost out of the server business until a year ago, because their Opterons were quite a bit behind in performance. They were also not completely untouched by Spectre, albeit looking better than Intel in that regard.

Now AMD have an strong new line of server processors with Epyc, and they have left a better impression than Intel in the whole Meltdon/Spectre affair. So expect them to get quite a bit of interest by customers for Epyc's performance, and also a boost in getting to the point of "less distrusted than Intel".
But I still think it will be a relatively slow shift in the market, compared to the whims of the consumer market ;-)

The online article starts with...

[Zorpheus]

... the statement that the author's computer is still vulnerable to Meltdown. It is quite negative regarding Intel's performance in solving this and says improvement is necessary.

So when do we get a refund for these CPU's?

Oh right these are REAL people they cannot be held responsible for any actions no matter how harmful

I have an invincible AMD CPU!!

It is immeasurably superior to anything 'intel' in the same way as I am immeasurably superior to any of you nerds.

Re:I have an invincible AMD CPU!!

[HiThere]

You're being silly. AMD seems to be immune to this class of exploits, but never believe that they don't have exploits of their own. Nothing that complex is without flaws.

Re:I have an invincible AMD CPU!!

[drinkypoo]

AMD seems to be immune to this class of exploits, but never believe that they don't have exploits of their own. Nothing that complex is without flaws.

They were being deliberately silly, but it's still a fact that Intel deliberately did bounds checking at the wrong time for a performance advantage, and AMD didn't. What else has Intel done wrong with their designs in order to get ahead of AMD?

Re:I have an invincible AMD CPU!!

Which class? Meltdown, sure. But Meltdown is a much smaller and less worrying class than Spectre (or rather, it is a subclass of Spectre focusing on Intel's lack of proper checks on cache).

And by all means, AMD is not immune to Spectre. We are yet to see their mitigatin measures in practice though, these were sent out to manufacturers on April 11th, slightly later than Intel's.

Re:I have an invincible AMD CPU!!

[drinkypoo]

And by all means, AMD is not immune to Spectre.

They are immune to one of two classes of SPECTRE attack, and everyone including both AMD and independent researchers say that it's more difficult to exploit the class it is vulnerable to than Intel. That's not immune, but their attempt to do things correctly has clearly paid off.

We are yet to see their mitigatin measures in practice though, these were sent out to manufacturers on April 11th, slightly later than Intel's.

And we still aren't seeing them, substantially later than Intel's? What gives? Anyway, AMD claimed that mitigation would be cheaper than Intel, let's hope they were telling the truth.

https://tech.slashdot.org/story/18/05/05/1925251/n

[zmirlinazim]

"Hopefully, Meltdown and Spectre led to improvements to the complicated process of patching hardware." Neowin now reports that Intel "is expected to release microcode updates in two waves; one in May, and the other in August."Read more of this story at Slashdot. see: https://showbox.onl/, https://vidmate.onl/ & https://mobdro.onl/

Which part...

...are these bugs are unintentional and and which one are features demanded by the gawddamn NSA?

Re:Which part...

[HiThere]

An excellent question. Unfortunately, if I knew the answer it would be illegal to reply honestly.

Think about that. Anyone who tells you the answer to that question is either lying or subject to imprisonment.

No one posted a link to the original article.

[Sique]

And so I do now: Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious

R.I.P. Cloud computing

This is the end of the era where we letting strangers run software on my computer.

No virtual private servers. No cloud computing. No browser JavaScript.

ZIP

P.S. => Yet another thing APK hosts file can't do. It's such a narrow piece of software that it is basically useless.

Bigger picture for me?

[rbrander]

Computers are a commodity for me, like 99.99% of their purchasers. We have no meaningful option to switch from Intel, because the Genius of the Free Market (tm) took away all our alternatives one-by-one, as we watched the last three decades of open, fair competition. Now the great winner of the Free Market competition, presumably the best of the best, has failed us. And we must wait (no option) for them to fix their failure.

The bigger picture for me is that I don't want to buy one of their computers in the meantime. Why would I? They're all damaged goods, it's as if they were still selling the e-coli lettuce and asking us to just take extra care eating it.

With the first two bugs, I'd heard that, ummm... coffee lake (?) by late this fall might have fixes out of the factory. But not these next eight? When exactly should I buy?

The 'when' question arises if you look back over a few years of my /. posts and see how many have the basic subject of "Moore's Law is over, at least on the desktop", where my 2013 purchase of an i7-3930K CPU @ 3.20GHz × 12 is still hard to beat by more than about 30% - and the chip model, if not my purchase, is already over 5 years of age. I'm mainly wanting a new machine because by this point there's a new bus, faster memory and SSD, though even all that still won't give me a whole doubling of performance.

So I have the option to just wait - what? Will another year do it now? For "Latte Lake"? (I made that up.)

For Intel, it cuts both ways; this has to be holding up other sales, but also, when they have bug-free hardware to sell us again, surely there will be a big burst of replacements. Hard to imagine a stronger economic pressure...except for that dratted "monopoly" status that makes them pretty insensitive to all user pain and pressure.

Re:Bigger picture for me?

[HiThere]

When they claim to have "bug free hardware to sell" will you believe them? Why?

P.S.: If they do make that claim, they're lying. Nothing that complex will be bug free before the Singularity, and afterwards who knows.

Re:Bigger picture for me?

[Lonewolf666]

Well, there is AMD which appears quite competitive again.

If you are buying stuff like an i7-3930K CPU @ 3.20GHz Ã-- 12, I'd guess you are probably among those enthusiasts who are following the news and read stuff like the AMD Ryzen reviews. So you should know they have a pretty competitive processor again.
Considering the Meltdown/Spectre debacle, AMD are not completely untouched but still looking better than Intel right now.

Performance wise and to my surprise, the Intel Core i7 7820X (Skylake X 8-core + Hyperthreading) is indeed not that much faster than the i7-3930K, according to what comparisons I can find on the net.
If your workloads are massively multithreaded, the AMD Threadripper might be worth a look...

Neowin?

[Artem+S.+Tashkinov]

Neowin now reports

No, it's Heise. Neowin's news team has been and remains a joke.

Re:HOSTS + BAN BUMP STOCKS = REAL SECURITY... apk

my software is a cure-all for INTERNET SECURITY

Cure-all? What does it do for a virus on a USB stick? I think you're starting to lose your sanity entirely rather than just partially.

So there are USB sticks on the INTERNET now?

How/Do the "big guys" do speculative execution?

[mnemotronic]

How do other architectures do speculative execution? I was thinking of IBM/Fujitsu level mainframes back when they used dedicated CPU hardware. How about SPARC, Power PC, Itanium or going back to i960?

Re:How/Do the "big guys" do speculative execution?

[drinkypoo]

They do it wrong. At least, most of the superscalar POWER processors do it wrong, and SPARC does it wrong. However, Itanic is supposed to be not vulnerable, so it finally has something going for it.

Re:How/Do the "big guys" do speculative execution?

[mnemotronic]

They do it wrong. At least, most of the superscalar POWER processors do it wrong, and SPARC does it wrong. However, Itanic is supposed to be not vulnerable, so it finally has something going for it.

+1

Retpoline

[DrYak]

Meltdown can be totally protected against in software however with a significant performance impact.

It is patched, by completely changing the way kernel works and not relying on memory protection anymore. Thank you very much, Intel !
Instead you need to context switch and make important kernel parts inaccessible on each system call.

(PCID is something that helps a bit the context switching : you don't actually flush the whole context, you use different process tags so the differently tagged process cannot be seen anymore).

Spectre can be divided into two kinds of attacks:
. One kind that bypass protection checks (range checks etc.) used to create software based virtual machines. These can be protected against in software.

Specifically, relying on by-passing any check (such as a boundary check on an array). It's ABSOLUTELY NOT virtual-machine specific.
The thing is, it's still the same process, still reading data that it has access to, to begin with (unlike Meltdown which basically fucks up any notions of memory protection). So its usability is limited to processes that both can run 3rd party provided code and contain critical data (i.e.: a badly designed webbrowser that runs web-provided javascript and its password manager both in the same context) (or another example: the Linux kernel's new-gen PacketFilter can be optionally configured to JIT compile the user-provided filtering scripts. USer-provided code in a kernel context, what could possibly go wrong ? Hint: There's a reason why it's not "on" by default).

But basically, most of the cases can be handled by keeping sane design pattern in software.

One kind that use shared branch prediction state between an attacker and a victim to influence speculative execution when running the victim code, this can be used to extract data that can be exfiltrated through a shared cache.

Which means that an attacker could be a userland software running on the cloud, and target could be the hypervisor itself. Which is several levels of scarry.
But this thing also requires very detailled knowledge of the internal of the CPU.
It has been successfully exploited on Intel Xeon by Google Project Zero.
The jury ist still out if it is possible to make a meaningul exploit on AMD CPUs (they also to indirect branching speculation, but in a completely different way, that currently seems unlikely to be actually exploitable.

This is in general not possible to patch in software.

It is actually pretty much patchable, the technology is called a retpoline. It's basically the compiler instructed to make special construct that cause mis-predicted branches to jump to an innocuous piece of code.
But it's compiler-dependant, meaning that you need to have a source code to recompile.
For the open-source world (like most of Linux distros), it's piece of cake, it's just recompiling the packages with different flags.
For closed source Linux drivers (hello, nvidia), for binary linux systems (the thing that your smartphone manufacturer put on your device and refuses to upgrade since basically the day after it started shipping), and for any windows computer : that's a nightmare.

Good program design have nothing to do with this.

Good program design try to keep sensitive data and 3rd party provided scripts separated.
That handles a lot of the Spectre v1 attacks.

It's not solving ALL the speculative execution problems tough. (it's doing nothing against Spectre v2 and Meltdown. But those are mostly due to lack of good *hardwware* design. Thanks again Intel !)

Re:Retpoline

[Megol]

Virtual machine != hardware supported virtual machine. One could claim that C++ provides a VM and people do, what I referred to is instead a software based VM like that of Java or Javascript. This is standard terminology.

Yes the problem with that specific Spectre exploit is that it doesn't IMO violate the ISA contract: a software process isn't specifically stated to be in any way protected against itself. Branch predictor state and caches have to be used in the process otherwise why have them at all?
But this can be patched as the VM code generator (if JIT) or interpreter knows where the checks have to be inserted and can use the appropriate code that can't be abused by speculative execution.

Retpoline is a hack to bypass indirect branch prediction. So yes it "fixes" one of the attack paths. By removing a type of branch prediction on the specific paths where it is inserted. It's ugly and using it everywhere isn't realistic. It can't fix existing software either. Emergency patch - nothing more.
One can of course use similar techniques described for software VM but it is equally unrealistic.
These kinds of patches have to be used _everywhere_ in recompiled code to work, normal programming languages have no way to tag a specific switch/if/loop/... to be security critical and even if they added such functionality all software would have to be rewritten!

The only realistic way to avoid Spectre exploits on existing hardware is to split code execution between physical cores so that different privileged code run on different cores. That removes the shared branch predictor and the lowest shared cache level.

You = The "SiDeWaLk-ShRiNk of /.", lol

See subject (lol) & the viral hit by "The SoyBoyz": ''If you're going to TransManCisco? Be sure you wear your jimmyhats + bring Preparation H there. If you're going, to TransManCisco... You're going to meet a lot of transtesticle monsters and soyboy not men there. All across the nation: Surgical sawblade vibrations! Surgeons in motion, Sawing peckers + ball off tossing them into the SF Bay Ocean...'

* They're playing YOUR SONG again - hahahaha classic!

(Only way "your kind" would EVER get any notice &/or notoriety...)

APK

P.S.=> Quit projecting your own mental issues onto me as you cut & paste MY posts all over /. ... apk

You just proved you're a SOYBoy (lol) then

See subject SOYBoy (rotflmao) in your UNIDENTIFIABLE anonymous "courageous" trolling you "not man" - LMAO!

(You know - I understand your SOYMilk & Bisphenol A "notman" SOYBoy formulas have addled your brains but that takes the cake for "illogic logic" from "your kind", lol!)

* The other poster's not I but they are making you get all "triggered" when you see your addled thinking fools nobody but your sick in the head chemically NEUTERED (lol) selves, lmao!

APK

P.S.=> Classic - one for my bookmarks... apk