Jump to content

Intel CPU hardware vulnerability

apianti

By apianti,
in Reader News and Reviews

 Share
86 posts in this topic

Recommended Posts

apianti
apianti
Posted
Posted

Hey guys and gals,
 
Just found this article about how the Linux team discovered a vulnerability in almost all Intel CPUs. Both Windows and Linux are rolling out an update that will decrease all Intel CPUs performance by at least 17% if not up to 25%. Unsure what the macOS timeline is. It has to do with being able to inject code from mundane places by exploiting the speculative instruction feature that attempts to guess what instructions will be coming next in the pipeline to gain access to the kernel memory. There is no security check when this happens apparently and seems like a pretty big deal as the problem appears not to be able to be fixed in hardware at all as Intel says the issue cannot be fixed with a microcode update.
 
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
 
EDIT: This is one of my favorite lines:

At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka F UCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

 

EDIT2: The scale of this is immense, looks like half the worlds computers might have this vulnerability. They literally have to update the entire Azure, AWS, and GCE clouds because of this.
EDIT3: This can be used to cause a virtual machine to bypass the hypervisor mode of the CPU and gain access to the kernel mode of the host machine!!! OMG this is a very very bad vulnerability.
EDIT4: I also see reports that some older Intel CPUs may take a performance hit of 30% or more.

EDIT5: The performance hit depends on the IPC of the CPU, the presence of CPID feature, and the amount of instructions supported by the CPU since the more instructions, the more the speculative instruction feature includes exceptions/undocumented instructions that can be exploited.

EDIT6: For reference, IPC for specific CPUs models.

  • Like 12
Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

on mac ?

 

Yes. It is a vulnerability in Intel CPUs themselves. I've found other sources that have said almost every Intel CPU in the past 12 years has this vulnerability - across families and models. Although some newer generations have models that have a feature, PCID (Process-Context IDentifiers), that unintentionally mitigates this is partially so it won't take as much of a performance hit but still affected.

Link to comment
Share on other sites
maxb2000
maxb2000
Posted
Posted

Yes. It is a vulnerability in Intel CPUs themselves. I've found other sources that have said almost every Intel CPU in the past 12 years has this vulnerability - across families and models. Although some newer generations have models that have a feature, PCID (Process-Context IDentifiers), that unintentionally mitigates this is partially so it won't take as much of a performance hit but still affected.

 

I was thinking about microcode patch but it seems that the patch needs to be done in the kernel. My question is: will Amazon, Google or Microsoft increase the prices for their VM or services for the reduced performance ?

Link to comment
Share on other sites
Guest
Guest
Posted
Posted

Hi apianti.. I told you about something related to Intel Xeon V3 in clover general discussion

:-)

with a sort of microcode hack (deleting it) is it possible to unlock all turbo core in xeon...


https://forums.anandtech.com/threads/what-controls-turbo-core-in-xeons.2496647/

 

http://www.xtremesystems.org/forums/showthread.php?293290-Various-Overclocker-discovers-Xeon-E5-V3-Errata-Engineers-exploit-to-unlock-Turbo

Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

I was thinking about microcode patch but it seems that the patch needs to be done in the kernel.

 

I guess the problem goes deeper than a silicon chip based error or manufacturing defect. The actual algorithm that the entire core microarchitecture uses for speculating instruction is flawed and cannot be fixed in the hardware so no microcode update. The kernel has to be completely separated from all other memory space so it causes a slow down because of the overhead of the calling/switching contexts.

 

My question is: will Amazon, Google or Microsoft increase the prices for their VM or services for the reduced performance ?

 

Who knows what they will do, but based on the past, probably.

 

I hope it doesn't kill our AMD kernel programs if they make it completely invisible. I wonder if they haven't known about this for awhile with the new immutable kernel in High Sierra prelinkedkernel folder?

 

The vulnerability has been verified since October/November of 2017. Some random guy had been saying it for a number of years though. It was deemed so critically vulnerable that it was not publicly disclosed until there was a solution in place, there is still no actual release of the attack as it could literally ruin the whole world if used maliciously. The kernel should still be open source so I don't see why it wouldn't be able to adapted for an AMD CPU just the same. I guess that AMD does not have this problem particularly but it has an x86 mode you can enable that does have this problem, there's a proposal to disable it in linux but it was denied as a feature request or something.

 

Hi apianti.. I told you about something related to Intel Xeon V3 in clover general discussion

:-)

with a sort of microcode hack (deleting it) is it possible to unlock all turbo core in xeon...

https://forums.anandtech.com/threads/what-controls-turbo-core-in-xeons.2496647/

 

http://www.xtremesystems.org/forums/showthread.php?293290-Various-Overclocker-discovers-Xeon-E5-V3-Errata-Engineers-exploit-to-unlock-Turbo

 

That was just using a microcode update to unlock CPU features, like turbo. This is a vulnerability in the design of Intel's core microarchitecture that allows for any ring privileged executable to gain ring 0 privilege by exploiting undocumented instructions and exceptions used for speculative instruction analysis, how the processor tries to make the best decision about what to do next before it can know what it needs to do next. Totally different.

 

 

and how can I tell if mine is in the black list too? 

 

I was linking that IPC list as an approximation of how much of a hit you will take with this new separated kernel and user memory space. The lower the IPC the higher the cost so the worse performance you'll have. If you have a core microarchitecture Intel CPU then this problem almost definitely affects you, that's almost every processor made by Intel in more than a decade.

 

 

ARRGGGHHHH !!!!

 

An Intel vulnerability that's been on the go for a decade or more... and only reported now? 

 

My God, how horrific!!! I mean, it's a trillion times worse than Godzilla or World War Z !  :shock:

 

Are we all gonna die tomorrow? In the next hour?

What? Next minute?

 

There's plenty of vulnerabilities that go unnoticed for very long periods of time. That is irrelevant, when it is discovered and can be exploited then it matters. It matters even more when it basically would allow any sort of executing code to gain the highest privilege level of the CPU and do whatever it wanted. Intel is not even releasing the actual details until after the patches have been released. This is very serious. And affects so many computers across the world that I don't think you realize just how devastating it could be if a virus that acted like wannacry was able to be modified to exploit this? The whole world could literally come to a grinding halt. I think you underestimate the extent of this vulnerability. You know how many computers run on core microarchitecture???

  • Like 1
Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

That's on my Pentium G3220 (Geekbench dual core scores) :

 

macOS 10.13.1: 5500

macOS 10.13.2: 5558

 

This is not a very good representation because that is a haswell and has PCID, so it's going to take a much smaller hit. Probably around 5%, are you sure these numbers are not the opposite? What about a series of scores from each and getting the average/deviation, that's more accurate.

 

So ryzen hackintosh is the way to go lol

 

To do more work? This vulnerability is already patched in macOS, it just causes a slow down. I'm sure you can expect this slow down in AMD CPUs as well since there will still be separate kernel and user space entirely. The slow down comes from the extra overhead of having to completely change contexts for system calls.

Link to comment
Share on other sites
surfinchina
surfinchina
Posted
Posted

This is not a very good representation because that is a haswell and has PCID, so it's going to take a much smaller hit. Probably around 5%, are you sure these numbers are not the opposite? What about a series of scores from each and getting the average/deviation, that's more accurate.

 

 

To do more work? This vulnerability is already patched in macOS, it just causes a slow down. I'm sure you can expect this slow down in AMD CPUs as well since there will still be separate kernel and user space entirely. The slow down comes from the extra overhead of having to completely change contexts for system calls.

 

My 7900x

40459 on 10.12

40713 on 10.13.3

The geekbenches have been getting slowly better on 10.13, so I'm expecting that if there was a slowdown it's more than offset by the OS using my CPU better.

Link to comment
Share on other sites
Nubira
Nubira
Posted
Posted

If you do not update your os how are they going to be able to change anything in your computer at all? Every hackmac owner have turned autoupdate of so we should be safe from this stunt. Till now computers have been working as expected and promised and it has been fairly unusual that criminals did break in to our systems. Have they seen or do they expect these activities to rise rapidly or whats the deal here. If someone breaks in on my property it is a case for the police not for the consumer to fix.

 

Till now I have only updated when it was necessary like when a program I wanted or needed demanded for a newer os this will stop now. And Apples endless update loop of os x should have stopped years ago. For every one of the versions there has been at least 8 more updates! Why the hell dont they just make the stuff ready before they release it that is just stupid like making a car and forgetting the steeringwheel.

Link to comment
Share on other sites
apianti
apianti
Posted
  • Author
Posted

If you do not update your os how are they going to be able to change anything in your computer at all? Every hackmac owner have turned autoupdate of so we should be safe from this stunt. Till now computers have been working as expected and promised and it has been fairly unusual that criminals did break in to our systems. Have they seen or do they expect these activities to rise rapidly or whats the deal here. If someone breaks in on my property it is a case for the police not for the consumer to fix.

 

Till now I have only updated when it was necessary like when a program I wanted or needed demanded for a newer os this will stop now. And Apples endless update loop of os x should have stopped years ago. For every one of the versions there has been at least 8 more updates! Why the hell dont they just make the stuff ready before they release it that is just stupid like making a car and forgetting the steeringwheel.

 

I think you have the wrong impression here, this is a vulnerability in the every core microarchitecture Intel CPU going back for at least a decade if not more. It allows ANY executing code to gain access to the kernel privilege ring and execute though. It even allows a virtual machine to escape hypervisor mode and get the ring 0. You definitely want to update all your OSes, this is a potentially could gain control of your entire computer, and possibly every computer that it's networked with that is also an Intel CPU.

Link to comment
Share on other sites
Nubira
Nubira
Posted
Posted

I think you have the wrong impression here, this is a vulnerability in the every core microarchitecture Intel CPU going back for at least a decade if not more. It allows ANY executing code to gain access to the kernel privilege ring and execute though. It even allows a virtual machine to escape hypervisor mode and get the ring 0. You definitely want to update all your OSes, this is a potentially could gain control of your entire computer, and possibly every computer that it's networked with that is also an Intel CPU.

Yes and all this time everything worked and only a few % of consumers worldwide ever had any problems at all from this. So what changed so rapidly? And the question still remains why should consumers end up with the bill for something they should have known from the start and why are we the consumers responsible for criminal activities. We have a police force for that in pretty much every country in the world that we pay for via income tax so this is not our problem.

Link to comment
Share on other sites
MacNB
MacNB
Posted
Posted

I think you have the wrong impression here, this is a vulnerability in the every core microarchitecture Intel CPU going back for at least a decade if not more. It allows ANY executing code to gain access to the kernel privilege ring and execute though. It even allows a virtual machine to escape hypervisor mode and get the ring 0. You definitely want to update all your OSes, this is a potentially could gain control of your entire computer, and possibly every computer that it's networked with that is also an Intel CPU.

 

Not just related to Intel but to AMD and ARM too (though AMD seems to be in denial).

There are two issues: "Meltdown" and "Spectre".

Meltdown is more related to Intel platforms and Spectre affects ALL architectures. Spectre is hardest to fix.

 

More details here: https://meltdownattack.com

 

Personally, I think it was irresponsible of the register to publish a fairly inaccurate story BEFORE the Intel, AMD, ARM, MSFT, GOOG, ETC had the fixes in place - like any responsible organisation. But then again, they've always been a rogue hack and true to their nature.

I wonder if they sold their Intel shares before publishing and bought them back after publishing at 6% gain ?

  • Like 1
Link to comment
Share on other sites
Awesome Donkey
Awesome Donkey
Posted
Posted

Meltdown affects Intel CPUs only - it's the vulnerability that everyone has been talking about for days now.

 

Spectre, on the other hand, does affect Intel, ARM and AMD CPUs though AMD has released a press release saying they're not vulnerable. There seems to be some confusion there but maybe it's Ryzen and above only they're talking about? I say wait for trustworthy third-party verifications on that claim before jumping to conclusions. In general it looks like applications will have to add patches for Spectre mitigation.

 

Anyone with a AMD Hackintosh and running 10.13.2 and above will likely be subject to KAISER/KPTI/Double Map and will experience the performance hit regardless. But it looks like the Linux kernel accepted the patch exempting AMD CPUs from KPTI.

Link to comment
Share on other sites
MacNB
MacNB
Posted
Posted

Meltdown affects Intel CPUs only - it's the vulnerability that everyone has been talking about for days now.

 

I say wait for trustworthy third-party verifications on that claim before jumping to conclusions. 

 

The researchers who discovered the Two issues say:

"Which systems are affected by Meltdown?

Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown."

 

The key point is that "it is unclear whether ARM and AMD processors are also affected by meltdown".

 

That research was done by trustworthy third-party.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...