Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Devastating Speculative Execution Intel CPU Bug
This is Intel's Barcelona:
Quote:A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or go buy a new processor without the design blunder.
Quote:Close inspection of kernel patches reveal code that forces machines running all x86 processors, Intel or AMD, to be patched, regardless of the fact that AMD processors are immune. Older commits to the Linux kernel git, which should feature the line "if (c->x86_vendor != X86_VENDOR_AMD)" (condition that the processor should be flagged "X86_BUG_CPU_INSECURE" only if it's not an AMD processor), have been replaced with the line "/* Assume for now that ALL x86 CPUs are insecure */" with no further accepted commits in the past 10 days. This shows that AMD's requests are being turned down by Kernel developers. Their intentions are questionable in the wake of proof that AMD processors are immune, given that patched software inflicts performance penalties on both Intel and AMD processors creating a crony "level playing field," even if the latter doesn't warrant a patch. Ideally, AMD should push to be excluded from this patch, and offer to demonstrate the invulnerability of its processors to Intel's mess.
Quote:Linux gaming performance in initial testing doesn't appear to be affected. Then again, we personally didn't expect it to be much considering it's more isolated than some of the other syscall / context switching heavy workloads benchmarked. But for those concerned whether running the patched Linux kernel could lead to a drop in frame-rates, it doesn't appear to be when firing up some of the common Linux games on Steam.
Quote:The vulnerability appears to be most dangerous to data center workloads and virtualization. However, it is irrational to assume that the overwhelming majority of data centers will see a 30% reduction in performance. Losing even 15% of the computational horsepower from a data center would be a major blow, and that compute would have to be replaced almost immediately. The patch has been in development for several months, so if Intel and the major data center operators were expecting massive performance reductions, there would have been an incredible spike in data center equipment purchases.

Also, we would have likely already seen signs of a pending financial disaster for Intel if there was a serious threat to a wide swath of the data center. Intel's customers would likely be able to pursue litigation for widespread losses that are directly the fault of Intel. It's also reasonable to assume that the company would be required to replace faulty processors. For instance, Intel disclosed during its Q4 2016 earnings call that it had encountered a higher-than-expected failure rate for some of its processors, so it established a financial reserve to deal with the costs of replacements. We reported on Intel's statements, and later the fund was connected to failures in Intel's Atom C2000 processors. In no recent financial commentary has Intel disclosed the establishment of any new funds, so it appears the company doesn't foresee significant hardware replacements any time soon.

Intel CEO Brian Krzanich also recently sold $11 million in stock, which some have proclaimed is a sign that he's unloading his shares before a pending disaster. However, Krzanich sold the stock under a 10b-51 plan, which is a pre-planned sale of stocks intended to prevent insider trading. The nature of Krzanich's transactions makes it unlikely that the trades are a precursor of a major monetary loss for the company.

Currently, there are no major shifts in Intel's stock that would indicate a mass sell-off by investors. There are conflicting reports about the impact to AMD processors, and AMD's shares are currently up 5%. However, such an increase is a fairly common occurrence for the sometimes-volatile AMD stock, so the bump may be incidental; in any case, it's not out of the ordinary.

For now, we await more detail on the nature of the bug and its impact. We expect an update to emerge in a future Patch Tuesday update, but Microsoft has not listed an official release date.

The bug is locked behind a wall of NDAs at this point, which is frustrating. However, the silence is necessary to prevent a wave of exploits. We expect, and have seen already, the normal level of hyperventilation that comes with such news, but it's best to wait for more information. We have followed up with Intel for more information and will update as necessary.
Intel responds:
It's not just Intel CPUs, Nvidia has announced that its GPUs are affected, expect a new driver to fix the vulnerabilities next week:
Quote:Cryptominers can rest assured that the new GeForce 390.65 driver won't affect their profits negatively. Our testing shows zero impact in Ethereum mining. With regard to gaming, there is no significant difference in performance either. The new driver actually gains a little bit of performance on average over the previous version (+0.32%). The results hint at some undocumented small performance gains in Wolfenstein 2 and F1 2017; the other games are nearly unchanged. Even if we exclude those two titles, the performance difference is still +0.1%. The variations that you see in the chart above are due to random effects and due to limited precision on taking measurements in Windows. Generally, for the kind of testing done in our VGA reviews we typically expect 1-2% random variation between benchmark runs, even when using the same game, at identical settings, using the same hardware.
Quote:Microsoft has begun updating its Windows operating systems against the Meltdown and Spectre vulnerabilities, but not all users will be too happy about it. According to the company, machines running Windows 7 and 8, as well as computers based on Haswell chips or older, will see “significant slowdowns” from the update. Intel’s own findings largely confirm Microsoft’s results.
Quote:Intel has released numbers from its own benchmarks on the impact of Meltdown/Spectre patches on Windows, and the results show an up to 21% decrease in benchmark performance for 6th-gen Intel CPUs (Sky Lake).

The Meltdown/Spectre vulnerabilities have been much more than just a blemish on Intel’s reputation. Right from the get-go, it was known that the fixes for it had the potential for a significant performance impact. The immediate follow up from major involved parties seemed to be mild, however. Many independent tests, including our own, also didn’t find any major concerns. Intel’s official stance continued to be that home users would face little impact, while the effect on enterprise would be “highly workload-dependent.”

Many were skeptical, naturally, and believed that Intel and its affected enterprise customers were downplaying the issue. As the issue entered its second week and patches had been rolled out to more customers, however, a different picture was appearing. Epic Games said the patches were responsible for a huge performance hit on its cloud service provider, which caused instability in servers for Fortnite. Microsoft, which was among those downplaying the issue before, said that they had recorded significant performance impacts on Windows 7.
Quote:When MS and AMD referred to these bugs as affecting old chips, they weren’t kidding. Assuming AMD properly gave its own full brand names in each case, as they did with the Turion X2 Ultra, AMD’s Athlon is over a decade old, as is the original Opteron brand. These references could conceivably refer to newer cores, but even the Turion X2 Ultra turns 10 this year. Owners of Ryzen or even Piledriver-derived hardware don’t seem to have much to worry about.

As for Variant 2 (Branch Target Injection, the variant MS believes has the greatest chance of harming performance), AMD continues to believe the company’s architecture makes it difficult to exploit. AMD is distributing microcode updates and MS has OS patches to coming to make this issue harder to leverage for system attacks. Once again, no performance impact information has been published.

AMD’s overall position in this statement is consistent with its previous guidance on January 3rd. The company stated then that vulnerability to Variant 2 had not yet been demonstrated on an AMD system. The company’s new language, which states that Variant 2 is “difficult” to exploit, represents a departure from its previous message. But with no context for how easy or difficult the exploit might be, we can’t gauge the size of the shift or the new relative risk.
Quote:Google has announced that its cloud systems have been patched against Meltdown and one variant of Spectre since September, and for a second variant of Spectre since December, and that its cloud systems have not been slowed down. The outcome of Google’s patches are in stark contrast to Amazon’s experience patching AWS, with Amazon acknowledging a slowdown of its offerings.
Added the name of the bug to the thread Title

Speculative Execution
I don't think the performance hit is as big of a deal as many people are trying to make it out to be.

CPU's have been literaly twindling their thumbs with excess power for close to 10 years now.

Edit - OK, just read the Extremetech article that says exactly what I thought too.
I am waiting until we have more information. Otherwise I would be speculating. Angel
Quote:Krzanich later said the company would begin to ship products with "in-silicon" fixes for the vulnerabilities this year. He did not elaborate, but logically this means that the company will include these fixes in the 10nm generation of products. Krzanich also later stated that the company expects to continue developing its 14nm products in 2018, so we could see yet another round of 14nm processors (sigh). Of course, one could speculate that these chips might also have in-silicon patches for the vulnerabilities.

Intel's newer chips (post-Broadwell) support a PCID (Post-Context Identifier) feature that helps reduce the performance impact of the Meltdown patches on newer hardware. Intel's plans to institute in-silicon fixes could reduce the impact even further, or perhaps remove it entirely. That's a sorely needed feature for a company that is reeling from the never-ending onslaught of press coverage around the vulnerabilities. We're reaching out to Intel for more details about the new silicon fix.

Some analysts are predicting that Intel could experience higher sales as companies refresh their hardware to offset the lost performance from the patches. Considering Intel's apparently fast cadence of in-silicon fixes, that could hold true. Krzanich also said the company is focused on developing high-quality mitigations for customers, and it has created a website dedicated to helping customers deal with the vulnerabilities. (The link to this website has not been provided. We have requested the link.)
This really raises the question of if Intel is loyal to China rather than the USA.
Quote:The Meltdown/Spectre vulnerabilities break the principle of speculative execution being undetectable to software by modifying shared caches in a way that persists and is detectable across software process boundaries. What the researchers discovered is that, because certain caches might be partially mirrored across cores, the effects of speculative execution occurring on one core can be detectable on another core. Test cases exploiting this principle created by the researchers were able to recover hidden data at 99.95% accuracy. By comparison, their test cases of a traditional Spectre exploit only reached 97.9% accuracy.

Before you get too alarmed, the researchers said that current software-based Meltdown/Spectre mitigations seem successful in blocking their new exploits. However, these exploits will likely need their own distinct fix, different from those for traditional Spectre, if they are to be mitigated in hardware. It looks like Intel and AMD will have their work cut out for them in their next generation of CPUs.
Quote:Kocher suggests that Microsoft should offer a more pessimistic mode that protects every conditional access. But this will come with a heavy cost: in sample code he wrote to compute SHA-256 hashes, the version with lfence instructions after every branch had only 40 percent of the performance of the unmodified version. This poses a security-performance trade-off that's decidedly uncomfortable; even if the compiler offered such an option, few people are likely to be willing to accept that kind of performance penalty in general. But for smaller pieces of code that are known to be at risk, such an option may be useful.

Microsoft's much more restricted protection does have the virtue of having much lower impact; the company says that it has built Windows with the Spectre protection and found no real performance regression.

The work done on the compiler and the limitations faced underscore what a complex problem Spectre poses for the computing industry. The processors are working as they're supposed to. We can't do without speculative execution of this kind—we need the performance it offers—but equally, we have no good way of systematically addressing the security concerns it creates. Compiler changes of the kind Microsoft has made are well-meaning, but as Kocher's investigation has shown, they're a long way short of offering a complete solution.
The lawsuit hammer falls on Intel, 32 lawsuits:
It turns out the Spectre bug is going to be a real nightmare for years to come:

TL;DR: Spectre can only be mitigated, not fixed. Therefore every computer on earth is at risk of being hacked at any moment via this exploit. With virtual machines, the machines can read each other's memory via this hack. It's very scary. If the wrong people figure out how to mess with this exploit, we are screwed. Everyone is going to need a new computer to be completely safe. And I don't think the chips released in 2018 will even have this issue fixed. Perhaps not in 2019 either. We could see some major cyber attacks. This is very bad news.

What gets me is that AMD made a big stink about Meltdown when Spectre has been the much bigger deal all along. The Meltdown patch fully patches the exploit.
Quote:It’s been another week, and Intel has another update on its buggy Spectre microcode patch for us. And it’s good news, because Intel has completed the fixed version of its patch for 6th-gen (Skylake, 100 series chipsets), 7th-gen (Kaby Lake, 200 series chipsets), and 8th-gen (Coffee Lake, 300 series chipsets) CPUs. This includes Skylake-X and Kaby Lake-X (X299 chipset) CPUs, as well. Intel has updated its microcode update schedule accordingly. A previous version of this document leaked some details on two of the company’s next-generation Cannon Lake CPUs, which apparently also need microcode fixes for Spectre.

Intel’s Spectre microcode updates don’t go to consumers directly; they’re released to system and motherboard OEMs, who incorporate them into BIOS updates for their products. What Intel’s announcement means is that we should soon see OEMs releasing updates for products with those parts mentioned above.
AMD is up to 5 lawsuits:
And Intel publicly admits that they chose not to inform the US government because they didn't think anyone was exploiting the flaws:
More details here:
This whole thing was a shenanigan.  It turns out Google discovered the bug, and then told Intel and AMD.  But no one told the US government.  All the while the CEOs of AMD and Intel sold off their stocks.  Now Intel and AMD will both get sued and we'll be lucky to see them around in five years, these are going to be massive lawsuits.  It's a huge opening for nVidia in the CPU space and I'm sure they know about it.  I'm wondering if this could mean the end of x86.

AMD in particular can't withstand lawsuits like this.

Essentially, this speculative execution bug could be devastating for AMD. Angel
(02-26-2018, 04:06 AM)SickBeast Wrote: This whole thing was a shenanigan.  It turns out Google discovered the bug, and then told Intel and AMD.  But no one told the US government.  All the while the CEOs of AMD and Intel sold off their stocks.  Now Intel and AMD will both get sued and we'll be lucky to see them around in five years, these are going to be massive lawsuits.  It's a huge opening for nVidia in the CPU space and I'm sure they know about it.  I'm wondering if this could mean the end of x86.

AMD in particular can't withstand lawsuits like this.

Essentially, this speculative execution bug could be devastating for AMD.  Angel
Well said.
(02-26-2018, 07:35 AM)SteelCrysis Wrote:
(02-26-2018, 04:06 AM)SickBeast Wrote: This whole thing was a shenanigan.  It turns out Google discovered the bug, and then told Intel and AMD.  But no one told the US government.  All the while the CEOs of AMD and Intel sold off their stocks.  Now Intel and AMD will both get sued and we'll be lucky to see them around in five years, these are going to be massive lawsuits.  It's a huge opening for nVidia in the CPU space and I'm sure they know about it.  I'm wondering if this could mean the end of x86.

AMD in particular can't withstand lawsuits like this.

Essentially, this speculative execution bug could be devastating for AMD.  Angel
Well said.

Thanks. I find this whole thing devastating. I'm still devastated that you left BTR also. Angel
Quote:There’s a lot we still don’t know about the impact of these security patches on older PCs, but Tech Report recently put a Dell Alienware R13 with an Intel Kaby Lake Core i7-7700HQ through its paces, after making sure the only change to the system would be the application of a Spectre-specific patch after the system was otherwise completely updated. You’ll want to hit TR for the full report, but we’ll cover the highlights.

The average performance decline is in-line with the single-digit prediction, though there are exceptions, with some browser tests showing a ~10 percent drop. The largest drop is in PCMark 10’s app load times, which declined by 13.5 percent after a Spectre patch was applied. We’ve talked before about Meltdown possibly hitting I/O tests hard, but this is the first indication Spectre might whack them again.

Other applications saw smaller declines (spreadsheet handling, oddly enough, got faster with the patch) or didn’t change at all. As we expected, the performance shifts depend entirely on which applications you’re using and what workloads you run. We’ve yet to see any evidence game performance is impacted, for example, which is good news if you mostly use your PC for gaming. But that same variety in application usage models is going to make it harder to give an “average” report on what kind of performance hit consumers should expect. If the Spectre patch hits I/O workloads hard as a general rule (and this is strictly a hypothetical statement at this point in time) then two people who use the same content creation program for two different types of work might see two different performance impacts. It’s going to take time to map out these variations and longer still to cleanly map any variance in performance between AMD and Intel chips.
Quote:Ohio State University researchers have uncovered a new variant of the Spectre vulnerability and documented it in a recently released paper. The new menace is dubbed SgxPectre. It allows the safe areas created by SGX to be cracked open like nuts. Their research shows that Intel SGX is not all it's cracked up to be and is vulnerable to attack.
The ray of light is, like the original Meltdown-Spectre vulnerabilities themselves, SgxPectre can be mitigated over time. This mitigation will come on March 16th in the form of a new SGX software development kit (SDK) and microcode updates for affected microprocessors. Let's just pray Intel gets it right out of the gate this time, unlike the first attempt.
Oh man. I hope there isn't another performance hit from this. This is getting really bad.
Intel is working on new products with hardware protections to address these vulnerabilities:
(03-15-2018, 09:53 PM)SteelCrysis Wrote: Intel is working on new products with hardware protections to address these vulnerabilities:

Yeah but they still haven't patched Spectre variant 1. That's a big security hole to leave in there. And 99% of the corporate customers aren't going to buy anything until these bugs are 100% patched. Their hardware budgets are frozen.
Quote:BranchScope differs from Spectre variant 2, in that while the latter exploits the branch target buffer, BranchScope goes after the directional branch predictor, a component that decides which speculative operations to execute. By misdirecting it, attackers can make the CPU read and spit out data from the memory previously inaccessible. The worst part? You don't need administrative privileges to run the exploit, it can be run from the user-space. Unlike CTS-Labs, the people behind the BranchScope discovery appear to have alerted hardware manufacturers significantly in advance, before publishing their paper (all of it, including technicals). They will present their work at the 23rd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2018), later today.
Microsoft patch for Meltdown instead makes Meltdown even worse for Windows 7:
Emergency patch for Windows 7 released to fix issue from previous post:
Intel stops work on mitigation patches for older CPUs:
Intel's official statement:
Fixes for Spectre on AMD are rolling out:
Quote:The Spectre patches did take some wind out of Intel’s sails in many of our application tests, but the impact varies by application. In most cases, the regressions aren’t severe enough to change our recommendations. Still, it's always disappointing to observe performance stepping backward. Luckily for Intel, gaming wasn't affected much.
New wave of Spectre vulnerabilities affects Intel and ARM, AMD's status is unknown, Intel patches are on the way:
Intel delays the patches:
New Spectre attacks discovered:
Quote:It's certainly troubling to see that Spectre and Meltdown having such latent effects, workarounds for which could result in performance hits. However, companies now working together in a more coordinated way to jointly disclose vulnerabilities and release mitigations will be encouraging to customers as well, particularly after the bungled disclosure in January.

Forum Jump:

Users browsing this thread: 1 Guest(s)