![]() |
|
Devastating Speculative Execution Intel CPU Bug - Printable Version +- AlienBabelTech Forums (http://alienbabeltech.com/forum) +-- Forum: Technology (http://alienbabeltech.com/forum/forumdisplay.php?fid=6) +--- Forum: General Hardware (http://alienbabeltech.com/forum/forumdisplay.php?fid=10) +--- Thread: Devastating Speculative Execution Intel CPU Bug (/showthread.php?tid=1803) Pages:
1
2
|
Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 01-03-2018 This is Intel's Barcelona: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ Quote:A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. https://www.techpowerup.com/240187/amd-struggles-to-be-excluded-from-unwarranted-intel-vt-flaw-kernel-patches Quote:Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess. https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests Quote:Linux gaming performance in initial testing doesn't appear to be affected. Then again, we personally didn't expect it to be much considering it's more isolated than some of the other syscall / context switching heavy workloads benchmarked. But for those concerned whether running the patched Linux kernel could lead to a drop in frame-rates, it doesn't appear to be when firing up some of the common Linux games on Steam. RE: Devastating Intel CPU Bug - SteelCrysis - 01-03-2018 http://www.tomshardware.com/news/intel-bug-performance-loss-windows,36208.html Quote:The vulnerability appears to be most dangerous to data center workloads and virtualization. However, it is irrational to assume that the overwhelming majority of data centers will see a 30% reduction in performance. Losing even 15% of the computational horsepower from a data center would be a major blow, and that compute would have to be replaced almost immediately. The patch has been in development for several months, so if Intel and the major data center operators were expecting massive performance reductions, there would have been an incredible spike in data center equipment purchases. RE: Devastating Intel CPU Bug - SteelCrysis - 01-04-2018 Intel responds: http://www.tomshardware.com/news/intel-cpu-bug-amd-performance,36213.html RE: Devastating Intel CPU Bug - SteelCrysis - 01-07-2018 It's not just Intel CPUs, Nvidia has announced that its GPUs are affected, expect a new driver to fix the vulnerabilities next week: http://nvidia.custhelp.com/app/answers/detail/a_id/4611 RE: Devastating Intel CPU Bug - SteelCrysis - 01-09-2018 https://www.techpowerup.com/240414/nvidia-geforce-390-65-driver-with-spectre-fix-benchmarked-in-21-games Quote:Cryptominers can rest assured that the new GeForce 390.65 driver won't affect their profits negatively. Our testing shows zero impact in Ethereum mining. With regard to gaming, there is no significant difference in performance either. The new driver actually gains a little bit of performance on average over the previous version (+0.32%). The results hint at some undocumented small performance gains in Wolfenstein 2 and F1 2017; the other games are nearly unchanged. Even if we exclude those two titles, the performance difference is still +0.1%. The variations that you see in the chart above are due to random effects and due to limited precision on taking measurements in Windows. Generally, for the kind of testing done in our VGA reviews we typically expect 1-2% random variation between benchmark runs, even when using the same game, at identical settings, using the same hardware. RE: Devastating Intel CPU Bug - SteelCrysis - 01-10-2018 http://www.tomshardware.com/news/microsoft-intel-slowdown-old-chips,36293.html Quote:Microsoft has begun updating its Windows operating systems against the Meltdown and Spectre vulnerabilities, but not all users will be too happy about it. According to the company, machines running Windows 7 and 8, as well as computers based on Haswell chips or older, will see “significant slowdowns” from the update. Intel’s own findings largely confirm Microsoft’s results. RE: Devastating Intel CPU Bug - SteelCrysis - 01-12-2018 http://www.tomshardware.com/news/intel-releases-meltdown-spectre-patch-benchmarks,36317.html Quote:Intel has released numbers from its own benchmarks on the impact of Meltdown/Spectre patches on Windows, and the results show an up to 21% decrease in benchmark performance for 6th-gen Intel CPUs (Sky Lake). RE: Devastating Intel CPU Bug - SteelCrysis - 01-12-2018 https://www.extremetech.com/computing/261920-amd-releases-updated-risk-guidance-meltdown-spectre-clarifies-vulnerability Quote:When MS and AMD referred to these bugs as affecting old chips, they weren’t kidding. Assuming AMD properly gave its own full brand names in each case, as they did with the Turion X2 Ultra, AMD’s Athlon is over a decade old, as is the original Opteron brand. These references could conceivably refer to newer cores, but even the Turion X2 Ultra turns 10 this year. Owners of Ryzen or even Piledriver-derived hardware don’t seem to have much to worry about. RE: Devastating Intel CPU Bug - SteelCrysis - 01-13-2018 https://www.neowin.net/news/google039s-meltdown-and-spectre-patch-isn039t-slowing-cloud-systems Quote:Google has announced that its cloud systems have been patched against Meltdown and one variant of Spectre since September, and for a second variant of Spectre since December, and that its cloud systems have not been slowed down. The outcome of Google’s patches are in stark contrast to Amazon’s experience patching AWS, with Amazon acknowledging a slowdown of its offerings. RE: Devastating Speculative Execution Intel CPU Bug - dmcowen674 - 01-13-2018 Added the name of the bug to the thread Title Speculative Execution RE: Devastating Speculative Execution Intel CPU Bug - dmcowen674 - 01-13-2018 I don't think the performance hit is as big of a deal as many people are trying to make it out to be. CPU's have been literaly twindling their thumbs with excess power for close to 10 years now. Edit - OK, just read the Extremetech article that says exactly what I thought too. RE: Devastating Speculative Execution Intel CPU Bug - SickBeast - 01-15-2018 I am waiting until we have more information. Otherwise I would be speculating.
RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 01-26-2018 http://www.tomshardware.com/news/intel-in-silicon-fix-meltdown-spectre,36405.html Quote:Krzanich later said the company would begin to ship products with "in-silicon" fixes for the vulnerabilities this year. He did not elaborate, but logically this means that the company will include these fixes in the 10nm generation of products. Krzanich also later stated that the company expects to continue developing its 14nm products in 2018, so we could see yet another round of 14nm processors (sigh). Of course, one could speculate that these chips might also have in-silicon patches for the vulnerabilities. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 01-29-2018 https://www.techpowerup.com/241024/intel-warned-china-of-meltdown-and-spectre-before-the-us-government This really raises the question of if Intel is loyal to China rather than the USA. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-16-2018 http://www.tomshardware.com/news/new-variants-meltdown-spectre-exploit-discovered,36533.html Quote:The Meltdown/Spectre vulnerabilities break the principle of speculative execution being undetectable to software by modifying shared caches in a way that persists and is detectable across software process boundaries. What the researchers discovered is that, because certain caches might be partially mirrored across cores, the effects of speculative execution occurring on one core can be detectable on another core. Test cases exploiting this principle created by the researchers were able to recover hidden data at 99.95% accuracy. By comparison, their test cases of a traditional Spectre exploit only reached 97.9% accuracy. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-16-2018 https://arstechnica.com/gadgets/2018/02/microsofts-compiler-level-spectre-fix-shows-how-hard-this-problem-will-be-to-solve/ Quote:Kocher suggests that Microsoft should offer a more pessimistic mode that protects every conditional access. But this will come with a heavy cost: in sample code he wrote to compute SHA-256 hashes, the version with lfence instructions after every branch had only 40 percent of the performance of the unmodified version. This poses a security-performance trade-off that's decidedly uncomfortable; even if the compiler offered such an option, few people are likely to be willing to accept that kind of performance penalty in general. But for smaller pieces of code that are known to be at risk, such an option may be useful. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-17-2018 The lawsuit hammer falls on Intel, 32 lawsuits: http://www.tomshardware.com/news/intel-ceo-lawsuit-meltdown-spectre,36538.html RE: Devastating Speculative Execution Intel CPU Bug - SickBeast - 02-17-2018 It turns out the Spectre bug is going to be a real nightmare for years to come: http://www.theregister.co.uk/2018/01/29/you_cant_ignore_the_spectre_pressing_its_nose_against_your_glass/ TL;DR: Spectre can only be mitigated, not fixed. Therefore every computer on earth is at risk of being hacked at any moment via this exploit. With virtual machines, the machines can read each other's memory via this hack. It's very scary. If the wrong people figure out how to mess with this exploit, we are screwed. Everyone is going to need a new computer to be completely safe. And I don't think the chips released in 2018 will even have this issue fixed. Perhaps not in 2019 either. We could see some major cyber attacks. This is very bad news. What gets me is that AMD made a big stink about Meltdown when Spectre has been the much bigger deal all along. The Meltdown patch fully patches the exploit. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-21-2018 http://www.tomshardware.com/news/spectre-fix-skylake-kaby-lake-coffee-lake,36555.html Quote:It’s been another week, and Intel has another update on its buggy Spectre microcode patch for us. And it’s good news, because Intel has completed the fixed version of its patch for 6th-gen (Skylake, 100 series chipsets), 7th-gen (Kaby Lake, 200 series chipsets), and 8th-gen (Coffee Lake, 300 series chipsets) CPUs. This includes Skylake-X and Kaby Lake-X (X299 chipset) CPUs, as well. Intel has updated its microcode update schedule accordingly. A previous version of this document leaked some details on two of the company’s next-generation Cannon Lake CPUs, which apparently also need microcode fixes for Spectre. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-23-2018 AMD is up to 5 lawsuits: http://www.tomshardware.com/news/amd-class-action-lawsuits-spectre-vulnerability,36566.html RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-24-2018 And Intel publicly admits that they chose not to inform the US government because they didn't think anyone was exploiting the flaws: https://www.extremetech.com/computing/264490-intel-didnt-disclose-spectre-meltdown-us-government-news-went-public RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-24-2018 More details here: http://www.tomshardware.com/news/intel-amd-google-respond-government-meltdown-spectre,36578.html RE: Devastating Speculative Execution Intel CPU Bug - SickBeast - 02-26-2018 This whole thing was a shenanigan. It turns out Google discovered the bug, and then told Intel and AMD. But no one told the US government. All the while the CEOs of AMD and Intel sold off their stocks. Now Intel and AMD will both get sued and we'll be lucky to see them around in five years, these are going to be massive lawsuits. It's a huge opening for nVidia in the CPU space and I'm sure they know about it. I'm wondering if this could mean the end of x86. AMD in particular can't withstand lawsuits like this. Essentially, this speculative execution bug could be devastating for AMD.
RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 02-26-2018 (02-26-2018, 04:06 AM)SickBeast Wrote: This whole thing was a shenanigan. It turns out Google discovered the bug, and then told Intel and AMD. But no one told the US government. All the while the CEOs of AMD and Intel sold off their stocks. Now Intel and AMD will both get sued and we'll be lucky to see them around in five years, these are going to be massive lawsuits. It's a huge opening for nVidia in the CPU space and I'm sure they know about it. I'm wondering if this could mean the end of x86.Well said. RE: Devastating Speculative Execution Intel CPU Bug - SickBeast - 02-26-2018 (02-26-2018, 07:35 AM)SteelCrysis Wrote:(02-26-2018, 04:06 AM)SickBeast Wrote: This whole thing was a shenanigan. It turns out Google discovered the bug, and then told Intel and AMD. But no one told the US government. All the while the CEOs of AMD and Intel sold off their stocks. Now Intel and AMD will both get sued and we'll be lucky to see them around in five years, these are going to be massive lawsuits. It's a huge opening for nVidia in the CPU space and I'm sure they know about it. I'm wondering if this could mean the end of x86.Well said. Thanks. I find this whole thing devastating. I'm still devastated that you left BTR also.
RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 03-01-2018 https://www.extremetech.com/computing/264796-recent-intel-cpus-take-performance-hit-spectre-meltdown-patches Quote:There’s a lot we still don’t know about the impact of these security patches on older PCs, but Tech Report recently put a Dell Alienware R13 with an Intel Kaby Lake Core i7-7700HQ through its paces, after making sure the only change to the system would be the application of a Spectre-specific patch after the system was otherwise completely updated. You’ll want to hit TR for the full report, but we’ll cover the highlights. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 03-04-2018 https://www.neowin.net/news/spectre-has-another-evil-sibling-that-compromises-the-safe-zone-created-by-intel-sgx Quote:Ohio State University researchers have uncovered a new variant of the Spectre vulnerability and documented it in a recently released paper. The new menace is dubbed SgxPectre. It allows the safe areas created by SGX to be cracked open like nuts. Their research shows that Intel SGX is not all it's cracked up to be and is vulnerable to attack. Devastating Speculative Execution Intel CPU Bug - SickBeast - 03-04-2018 Oh man. I hope there isn't another performance hit from this. This is getting really bad. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 03-15-2018 Intel is working on new products with hardware protections to address these vulnerabilities: https://www.techpowerup.com/242392/hardware-based-protection-coming-to-data-center-and-pc-products-later-this-year-intel-ceo RE: Devastating Speculative Execution Intel CPU Bug - SickBeast - 03-18-2018 (03-15-2018, 09:53 PM)SteelCrysis Wrote: Intel is working on new products with hardware protections to address these vulnerabilities: https://www.techpowerup.com/242392/hardware-based-protection-coming-to-data-center-and-pc-products-later-this-year-intel-ceo Yeah but they still haven't patched Spectre variant 1. That's a big security hole to leave in there. And 99% of the corporate customers aren't going to buy anything until these bugs are 100% patched. Their hardware budgets are frozen. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 03-28-2018 https://www.techpowerup.com/242782/new-branchscope-side-channel-cpu-vulnerability-threatens-modern-processors Quote:BranchScope differs from Spectre variant 2, in that while the latter exploits the branch target buffer, BranchScope goes after the directional branch predictor, a component that decides which speculative operations to execute. By misdirecting it, attackers can make the CPU read and spit out data from the memory previously inaccessible. The worst part? You don't need administrative privileges to run the exploit, it can be run from the user-space. Unlike CTS-Labs, the people behind the BranchScope discovery appear to have alerted hardware manufacturers significantly in advance, before publishing their paper (all of it, including technicals). They will present their work at the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2018), later today. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 03-29-2018 Microsoft patch for Meltdown instead makes Meltdown even worse for Windows 7: http://www.tomshardware.com/news/windows-7-total-meltdown-patch,36765.html RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 03-30-2018 Emergency patch for Windows 7 released to fix issue from previous post: https://www.neowin.net/news/microsoft-fixes-windows-7-memory-bug-introduced-by-bungled-meltdown-patch RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 04-03-2018 Intel stops work on mitigation patches for older CPUs: https://www.techpowerup.com/242974/intel-stops-development-deployment-of-spectre-microcode-update-for-several-cpu-families RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 04-04-2018 Intel's official statement: http://www.tomshardware.com/news/intel-spectre-patch-older-chips,36815.html RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 04-11-2018 Fixes for Spectre on AMD are rolling out: https://www.techpowerup.com/243202/amd-announces-steps-resources-for-spectre-mitigations RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 04-27-2018 https://www.tomshardware.com/reviews/amd-ryzen-5-2600x,5579-9.html Quote:The Spectre patches did take some wind out of Intel’s sails in many of our application tests, but the impact varies by application. In most cases, the regressions aren’t severe enough to change our recommendations. Still, it's always disappointing to observe performance stepping backward. Luckily for Intel, gaming wasn't affected much. RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 05-04-2018 New wave of Spectre vulnerabilities affects Intel and ARM, AMD's status is unknown, Intel patches are on the way: https://www.tomshardware.com/news/spectre-ng-vulnerabilities-intel-arm-amd,37002.html RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 05-09-2018 Intel delays the patches: https://www.tomshardware.com/news/intel-spectre-ng-cpu-flaws,37018.html RE: Devastating Speculative Execution Intel CPU Bug - SteelCrysis - 05-22-2018 New Spectre attacks discovered: https://www.neowin.net/news/spectre-variant-4-disclosed-mitigations-to-result-in-another-performance-hit Quote:It's certainly troubling to see that Spectre and Meltdown having such latent effects, workarounds for which could result in performance hits. However, companies now working together in a more coordinated way to jointly disclose vulnerabilities and release mitigations will be encouraging to customers as well, particularly after the bungled disclosure in January. |