Page 1 of 1

Intel CPU "memory bug" needs fixing

Posted: Wed Jan 03, 2018 12:04 pm
by UBT - Timbo
Hi all

And this time it's a problem with recent Intel CPUs.

It seems Intel may have inadvertently introduced a major bug in their CPU hardware that could allow "attackers" to exploit the CPU and access data that should be "ring fenced".

http://www.theregister.co.uk/2018/01/02 ... sign_flaw/

This affect Windows, Linux, Mac and ARM systems...so, expect some major "updates" to be made available real soon...and this could lead to a reduction in CPU "speed" of between 5% and 30% :-(

regards
Tim

Re: Intel CPU "memory bug" needs fixing

Posted: Wed Jan 03, 2018 4:08 pm
by Woodles
Until Boinc projects start introducing malicious code into their applications to spy on other Boinc projects (that's all the data there is in most of my hosts :D) I'm going to stay with my non-updated Windows 7 OS and avoid the 5%-30% speed reduction!

Re: Intel CPU "memory bug" needs fixing

Posted: Wed Jan 03, 2018 6:24 pm
by wkdwill
How long before a group decide to file a lawsuit?
As that's the usual thing these days, I suspect a few data centre owners will be sending strongly worded letters to Intel via their lawyers, 5-30% is a massive amount to them.

Re: Intel CPU "memory bug" needs fixing

Posted: Wed Jan 03, 2018 8:09 pm
by UBT - Timbo
Hi both

Reading some of the comments made (on the website linked to), there are a few theories about what Intel did to their design, in order to make them go faster...something to do with the speculative execution or the processor privileges related to them.

Obviously, this was a decision made in order to "prove" how much better their CPUs were compared to the AMD equivalents.

(As it happens, the AMD processors don't have this issue !!).

So, as this "speed boost" is going to be taken away, due to the flaw in the CPU design, so it is highly likely that some class action suits would follow....after all, if the "bug" needs fixing and it removes some significant %age of the CPU "power", then clearly the affected CPUs will suffer performance wise, once the "update" to the kernel code is "pushed out" by the OS makers.

If one was a speculator, now might be a good time to buy AMD shares ;-) And now isn't the right time to be ordering anything with Intel CPUs inside...

Once the embargo is lifted, then we should see what all the fuss is about...and what effect it is going to have on all manner of stuff.

BTW: This isn't the first time a design flaw has been found in Intel CPUs...there was one recently in certain "lower end" CPU's found in Cisco (and other brands) of routers. Another was found in the Intel Management Engine (ME)..and those of a certain vintage will recall the Intel FPU flaw.

Personally I find this sort of stuff fascinating...not just the "bugs and flaws" that are found but how the companies concerned go into "OverDrive" * (sic) in order to play down the issues...

regards
Tim

Some may recall "Overdrive" being used by Intel in the 1990's whereby they sold you another processor to replace your existing one, with the replacement being a wee bit faster.

https://en.wikipedia.org/wiki/Pentium_OverDrive

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 04, 2018 6:45 pm
by UBT - Timbo
Hi all

This is quoted as from here: http://www.theregister.co.uk/2018/01/04 ... erability/

The Intel CPU "bugs" have now been given specific names:

CVE-2017-5754: Known as Variant 3, rogue data cache load

is now nicknamed "Meltdown"

and
CVE-2017-5753: Known as Variant 1, a bounds check bypass
CVE-2017-5715: Known as Variant 2, branch target injection

which are both nicknamed "Spectre"

It seems that Meltdown might be specific to ALL Intel CPU's for the last 20 years, excluding some Itanium and Atom CPU's
This is the big bug reported on Tuesday.

It can be exploited by normal programs to read the contents of private kernel memory.

It affects potentially all out-of-order execution Intel processors since 1995, except Itanium and pre-2013 Atoms. It definitely affects out-of-order x86-64 Intel CPUs since 2011. There are workaround patches to kill off this vulnerability available now for Windows, and for Linux. Apple's macOS has been patched since version 10.13.2. Installing and enabling the latest updates for your OS should bring in the fixes. You should go for it. If you're a Windows Insider user, you're likely already patched. Windows Server admins must enable the kernel-user space splitting feature once it is installed; it's not on by default.

Amazon has updated its AWS Linux guest kernels to protect customers against Meltdown. Google recommends its cloud users apply necessary patches and reboot their virtual machines. Microsoft is deploying fixes to Azure. If you're using a public cloud provider, check them out for security updates.

The workarounds move the operating system kernel into a separate virtual memory space. On Linux, this is known as Kernel Page Table Isolation, or KPTI, and it can be enabled or disabled during boot up. You may experience a performance hit, depending on your processor model and the type of software you are running. If you are a casual desktop user or gamer, you shouldn't notice. If you are hitting storage, slamming the network, or just making a lot of rapid-fire kernel system calls, you will notice a slowdown. Your mileage may vary.

It also affects Arm Cortex-A75 cores, which aren't available yet. Qualcomm's upcoming Snapdragon 845 is an example part that uses the A75. There are Linux kernel KPTI patches available to mitigate this. The performance hit isn't known, but expected to be minimal.

Additionally, Cortex-A15, Cortex-A57 and Cortex-A72 cores suffer from a variant of Meltdown: protected system registers can be accessed, rather than kernel memory, by user processes. Arm has a detailed white paper and product table, here, describing all its vulnerable cores, the risks, and mitigations.

Meltdown does not affect any AMD processors.

Googlers confirmed an Intel Haswell Xeon CPU would allow a normal user program to read kernel memory.

It was discovered and reported by three independent teams: Jann Horn (Google Project Zero); Werner Haas, Thomas Prescher (Cyberus Technology); and Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology).
The Spectre bug:
Spectre allows, among other things, user-mode applications to extract information from other processes running on the same system. Alternatively, it can be used by code to extract information from its own process. Imagine malicious JavaScript in a webpage churning away using Spectre bugs to extract login cookies for other sites from the browser's memory.

It is a very messy vulnerability that is hard to patch, but is also tricky to exploit. It's hard to patch because just installing the aforementioned KPTI features is pointless on most platforms – you must recompile your software with countermeasures to avoid it being attacked by other programs, or wait for a chipset microcode upgrade. There are no solid Spectre fixes available yet for Intel and AMD parts.

In terms of Intel, Googlers have found that Haswell Xeon CPUs allow user processes to access arbitrary memory; the proof-of-concept worked just within one process, though. More importantly, the Haswell Xeon also allowed a user-mode program to read kernel memory within a 4GB range on a standard Linux install.

This is where it gets really icky. It is possible for an administrative user within a guest virtual machine on KVM to read the host server's kernel memory in certain conditions. According to Google: "When running with root privileges inside a KVM guest created using virt-manager on the Intel Haswell Xeon CPU, with a specific (now outdated) version of Debian's distro kernel running on the host, can read host kernel memory at a rate of around 1500 bytes/second, with room for optimization. Before the attack can be performed, some initialization has to be performed that takes roughly between 10 and 30 minutes for a machine with 64GiB of RAM; the needed time should scale roughly linearly with the amount of host RAM".

AMD insists its processors are practically immune to Variant 2 Spectre attacks. As for Variant 1, you'll have to wait for microcode updates or recompile your software with forthcoming countermeasures described in the technical paper on the Spectre website.

The researchers say AMD's Ryzen family is affected by Spectre. Googlers have confirmed AMD FX and AMD Pro cores can allow arbitrary data to be obtained by a user process; the proof-of-concept worked just within one process, though. An AMD Pro running Linux in a non-default configuration – the BPF JIT is enabled – also lets a normal user process read from 4GB of kernel virtual memory.

For Arm, Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73, and Cortex-A75 cores are affected by Spectre. Bear in mind Cortex-R series cores are for very specific and tightly controlled embedded environments, and are super unlikely to run untrusted code. To patch for Arm, apply the aforementioned KPTI fixes to your kernel, and/or recompile your code with new defenses described in the above-linked white paper.

Googlers were able to test that an Arm Cortex-A57 was able to be exploited to read arbitrary data from memory via cache sniffing; the proof-of-concept worked just within one process, though. Google is confident ARM-powered Android devices running the latest security updates are protected due to measures to thwart exploitation attempts – specifically, access to high-precision timers needed in attacks is restricted. Further security patches, mitigations and updates for Google's products – including Chrome and ChromeOS – are listed here.

Discovered and reported by these separate teams: Jann Horn (Google Project Zero); and Paul Kocher in collaboration with, in alphabetical order, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61).
So, it's going to get messier still, as OS suppliers get to grips with what they need to fix.

Some updates are already being released and more are probably due. One assumes if you are using an unsupported OS (older Android, Linux and WIndows builds and others perhaps too) then you might not get the opportunity to update anything - though it depends on which OS manufacturer your OS came from.

regards
Tim

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 11, 2018 11:42 am
by UBT - Timbo
Hi all

And now news breaks that anti-virus makers are going to have to modify how their software works, as the Meltdown security "fix" from Microsoft will require the anti-virus vendors to set a registry key to ensure that the Meltdown "patch" doesn't bork everyones PC's

More here: https://www.theregister.co.uk/2018/01/0 ... _conflict/

This is getting even more messy...

regards
Tim

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 11, 2018 11:49 am
by Woodles
Thus, Microsoft asked anti-malware vendors to test whether or not their software is compatible with the security update, and set a specific Windows registry key to confirm all is well. Only when the key is set will the operating system allow the Meltdown workaround to be installed and activated. Therefore, if an antivirus tool does not set the key, or the user does not set the key manually for some reason, the security fix is not applied.
Sounds like a way to prevent the fix from being downloaded, let's hope the virus creators don't get to hear about it ...

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 11, 2018 12:34 pm
by UBT - Timbo
Hi Mark

And thus far (although I've not done a search for it) I've not heard about how one can adjust one's own Registry with a "manual update".

Which then means, to update your "dodgy" CPU, you need to buy the anti-virus software in order for it to change your registry keys which will then allow Windows to accept the Meltdown patch.

And in the meantime, all those non-tech savvy people will be worrying about their Windows PC's/laptops etc being infected by a Meltdown/Spectre hack as the patch can't be installed unless the Registry is set to a specific setting.

I wonder how the Linux/ARM market will deal with issuing the patch...one assumes that as M$ aren't involved, that their method of rolling out the necessary patch won't be quite so ridiculous.

regards
Tim

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 11, 2018 1:04 pm
by Woodles
Hi Tim,

You can use regedit to manually change or create any registry key or run a .reg text file to do the same.

You could create or set the key with no additional help or simply run a file that Microsoft or the anit-virus vendor sends you.

The main point is that by forcing the user or anti-virus vendor to set the flag, Microsoft is absolving itself of any blame if the 'update' bricks the PC (as it has already done to several AMD CPU based PCs)

I believe several Linux distributions were updated last week.

Mark

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 11, 2018 1:13 pm
by UBT - Timbo
Woodles wrote:Hi Tim,

You can use regedit to manually change or create any registry key or run a .reg text file to do the same.

You could create or set the key with no additional help or simply run a file that Microsoft or the anti-virus vendor sends you.
Hi Mark

Agreed - but no-one has said which keys need to be changed and what flags need to be set... :-(
The main point is that by forcing the user or anti-virus vendor to set the flag, Microsoft is absolving itself of any blame if the 'update' bricks the PC (as it has already done to several AMD CPU based PCs)

I believe several Linux distributions were updated last week.

Mark
Agreed. M$ are not being that helpful although to be fair it, it's a hardware problem caused by Intel and other CPU makers...

Reminds me of the joke:

Q: How many software developers does it take to fix a light bulb.
A: None - it's a hardware problem

which has now become:

Q: How many hardware developers does it take to fix a CPU.
A: None - it's a software problem

regards
Tim

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 11, 2018 1:35 pm
by Woodles
UBT - Timbo wrote:Hi Mark

Agreed - but no-one has said which keys need to be changed and what flags need to be set... :-(
Hi Tim,

You expect it to be easy? Try just randomly changing registry keys and see what happens :D (Disclaimer:
This is NOT to be attempted by anyone who wants their PC to keep functioning)
On the other hand, beware of unsolicited emails recommending that you change specific keys or run random programmes "to enable Microsoft to updates to be re-instated"
UBT - Timbo wrote:Agreed. M$ are not being that helpful although to be fair it, it's a hardware problem caused by Intel and other CPU makers...

Reminds me of the joke:

Q: How many software developers does it take to fix a light bulb.
A: None - it's a hardware problem

which has now become:

Q: How many hardware developers does it take to fix a CPU.
A: None - it's a software problem

regards
Tim
It's a lot harder to change the hardware in a PC than it is to change the firmware though. I'm waiting for all the cheap new generation CPUs to come on the market as Google replaces them with pre-2010 Xeons :D

Mark

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Jan 11, 2018 2:26 pm
by UBT - Timbo
Woodles wrote:It's a lot harder to change the hardware in a PC than it is to change the firmware though. I'm waiting for all the cheap new generation CPUs to come on the market as Google replaces them with pre-2010 Xeons :D

Mark
Hi Mark

True to a degree...from what I've read, it's the speculative "OoO" system used on many CPU designs, which is where one of the major issue lies and in many cases these have their roots in 20 year old CPUs when OoO was first introduced.

And that affects many Pentiums, Xeons and Core type CPU's. The ones it doesn't seem to affect are certain Atoms and Itaniums...but no-one could make the latter work properly with the common-place software at the time !

Also, Google and Amazon seem to be on the ball as far as updating their cloud services software - but I assume they got wind of all of this not long after Intel first realised there was a problem, which was around June 2017. So, they've had time to sort that out - unlike the rest of us :-(

regards
Tim

Re: Intel CPU "memory bug" needs fixing

Posted: Thu Apr 05, 2018 7:38 pm
by UBT - Timbo
Hi all

It looks like Intel has given up trying to offer a patch for certain of its CPUs, namely:
CPUs that won’t therefore get a fix are in the Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0 and E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale, Wolfdale Xeon, Yorkfield, and Yorkfield Xeon families.
One assumes that this is due to cost considerations as well as the fact that in our "throwaway" society, most bits of hardware using these CPUs would have been scrapped by now.

There's more info here:

https://www.theregister.co.uk/2018/04/0 ... e_updates/

and here's a link to the various Intel Micro-Architecture "families":

https://en.wikipedia.org/wiki/Category: ... processors

EDIT: Actually, this might be better than the above Wiki link:

https://newsroom.intel.com/wp-content/u ... idance.pdf

regards
Tim