Jump to content
apianti

Intel CPU hardware vulnerability

83 posts in this topic

Recommended Posts

Hey guys and gals,
 
Just found this article about how the Linux team discovered a vulnerability in almost all Intel CPUs. Both Windows and Linux are rolling out an update that will decrease all Intel CPUs performance by at least 17% if not up to 25%. Unsure what the macOS timeline is. It has to do with being able to inject code from mundane places by exploiting the speculative instruction feature that attempts to guess what instructions will be coming next in the pipeline to gain access to the kernel memory. There is no security check when this happens apparently and seems like a pretty big deal as the problem appears not to be able to be fixed in hardware at all as Intel says the issue cannot be fixed with a microcode update.
 
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
 
EDIT: This is one of my favorite lines:

At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka F UCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

 

EDIT2: The scale of this is immense, looks like half the worlds computers might have this vulnerability. They literally have to update the entire Azure, AWS, and GCE clouds because of this.
EDIT3: This can be used to cause a virtual machine to bypass the hypervisor mode of the CPU and gain access to the kernel mode of the host machine!!! OMG this is a very very bad vulnerability.
EDIT4: I also see reports that some older Intel CPUs may take a performance hit of 30% or more.

EDIT5: The performance hit depends on the IPC of the CPU, the presence of CPID feature, and the amount of instructions supported by the CPU since the more instructions, the more the speculative instruction feature includes exceptions/undocumented instructions that can be exploited.

EDIT6: For reference, IPC for specific CPUs models.

Share this post


Link to post
Share on other sites
Advertisement

on mac ?

 

Yes. It is a vulnerability in Intel CPUs themselves. I've found other sources that have said almost every Intel CPU in the past 12 years has this vulnerability - across families and models. Although some newer generations have models that have a feature, PCID (Process-Context IDentifiers), that unintentionally mitigates this is partially so it won't take as much of a performance hit but still affected.

Share this post


Link to post
Share on other sites

Yes. It is a vulnerability in Intel CPUs themselves. I've found other sources that have said almost every Intel CPU in the past 12 years has this vulnerability - across families and models. Although some newer generations have models that have a feature, PCID (Process-Context IDentifiers), that unintentionally mitigates this is partially so it won't take as much of a performance hit but still affected.

 

I was thinking about microcode patch but it seems that the patch needs to be done in the kernel. My question is: will Amazon, Google or Microsoft increase the prices for their VM or services for the reduced performance ?

Share this post


Link to post
Share on other sites

I hope it doesn't kill our AMD kernel programs if they make it completely invisible. I wonder if they haven't known about this for awhile with the new immutable kernel in High Sierra prelinkedkernel folder?

Share this post


Link to post
Share on other sites

Hi apianti.. I told you about something related to Intel Xeon V3 in clover general discussion

:-)

with a sort of microcode hack (deleting it) is it possible to unlock all turbo core in xeon...


https://forums.anandtech.com/threads/what-controls-turbo-core-in-xeons.2496647/

 

http://www.xtremesystems.org/forums/showthread.php?293290-Various-Overclocker-discovers-Xeon-E5-V3-Errata-Engineers-exploit-to-unlock-Turbo

Share this post


Link to post
Share on other sites

ARRGGGHHHH !!!!

 

An Intel vulnerability that's been on the go for a decade or more... and only reported now? 

 

My God, how horrific!!! I mean, it's a trillion times worse than Godzilla or World War Z !  :shock:

 

Are we all gonna die tomorrow? In the next hour?

What? Next minute?

Share this post


Link to post
Share on other sites

I was thinking about microcode patch but it seems that the patch needs to be done in the kernel.

 

I guess the problem goes deeper than a silicon chip based error or manufacturing defect. The actual algorithm that the entire core microarchitecture uses for speculating instruction is flawed and cannot be fixed in the hardware so no microcode update. The kernel has to be completely separated from all other memory space so it causes a slow down because of the overhead of the calling/switching contexts.

 

My question is: will Amazon, Google or Microsoft increase the prices for their VM or services for the reduced performance ?

 

Who knows what they will do, but based on the past, probably.

 

I hope it doesn't kill our AMD kernel programs if they make it completely invisible. I wonder if they haven't known about this for awhile with the new immutable kernel in High Sierra prelinkedkernel folder?

 

The vulnerability has been verified since October/November of 2017. Some random guy had been saying it for a number of years though. It was deemed so critically vulnerable that it was not publicly disclosed until there was a solution in place, there is still no actual release of the attack as it could literally ruin the whole world if used maliciously. The kernel should still be open source so I don't see why it wouldn't be able to adapted for an AMD CPU just the same. I guess that AMD does not have this problem particularly but it has an x86 mode you can enable that does have this problem, there's a proposal to disable it in linux but it was denied as a feature request or something.

 

Hi apianti.. I told you about something related to Intel Xeon V3 in clover general discussion

:-)

with a sort of microcode hack (deleting it) is it possible to unlock all turbo core in xeon...

https://forums.anandtech.com/threads/what-controls-turbo-core-in-xeons.2496647/

 

http://www.xtremesystems.org/forums/showthread.php?293290-Various-Overclocker-discovers-Xeon-E5-V3-Errata-Engineers-exploit-to-unlock-Turbo

 

That was just using a microcode update to unlock CPU features, like turbo. This is a vulnerability in the design of Intel's core microarchitecture that allows for any ring privileged executable to gain ring 0 privilege by exploiting undocumented instructions and exceptions used for speculative instruction analysis, how the processor tries to make the best decision about what to do next before it can know what it needs to do next. Totally different.

 

 

and how can I tell if mine is in the black list too? 

 

I was linking that IPC list as an approximation of how much of a hit you will take with this new separated kernel and user memory space. The lower the IPC the higher the cost so the worse performance you'll have. If you have a core microarchitecture Intel CPU then this problem almost definitely affects you, that's almost every processor made by Intel in more than a decade.

 

 

ARRGGGHHHH !!!!

 

An Intel vulnerability that's been on the go for a decade or more... and only reported now? 

 

My God, how horrific!!! I mean, it's a trillion times worse than Godzilla or World War Z !  :shock:

 

Are we all gonna die tomorrow? In the next hour?

What? Next minute?

 

There's plenty of vulnerabilities that go unnoticed for very long periods of time. That is irrelevant, when it is discovered and can be exploited then it matters. It matters even more when it basically would allow any sort of executing code to gain the highest privilege level of the CPU and do whatever it wanted. Intel is not even releasing the actual details until after the patches have been released. This is very serious. And affects so many computers across the world that I don't think you realize just how devastating it could be if a virus that acted like wannacry was able to be modified to exploit this? The whole world could literally come to a grinding halt. I think you underestimate the extent of this vulnerability. You know how many computers run on core microarchitecture???

Share this post


Link to post
Share on other sites

I'd be interested in seeing benchmarks of 10.13.1 vs 10.13.2 and 10.13.3 beta.

Sure!  :yes: 

 

Post your geekbench results guys  :lol:

Share this post


Link to post
Share on other sites

That's on my Pentium G3220 (Geekbench dual core scores) :

 

macOS 10.13.1: 5500

macOS 10.13.2: 5558

 

This is not a very good representation because that is a haswell and has PCID, so it's going to take a much smaller hit. Probably around 5%, are you sure these numbers are not the opposite? What about a series of scores from each and getting the average/deviation, that's more accurate.

 

So ryzen hackintosh is the way to go lol

 

To do more work? This vulnerability is already patched in macOS, it just causes a slow down. I'm sure you can expect this slow down in AMD CPUs as well since there will still be separate kernel and user space entirely. The slow down comes from the extra overhead of having to completely change contexts for system calls.

Share this post


Link to post
Share on other sites

This is not a very good representation because that is a haswell and has PCID, so it's going to take a much smaller hit. Probably around 5%, are you sure these numbers are not the opposite? What about a series of scores from each and getting the average/deviation, that's more accurate.

 

 

To do more work? This vulnerability is already patched in macOS, it just causes a slow down. I'm sure you can expect this slow down in AMD CPUs as well since there will still be separate kernel and user space entirely. The slow down comes from the extra overhead of having to completely change contexts for system calls.

 

My 7900x

40459 on 10.12

40713 on 10.13.3

The geekbenches have been getting slowly better on 10.13, so I'm expecting that if there was a slowdown it's more than offset by the OS using my CPU better.

Share this post


Link to post
Share on other sites

[...]

Intel is not even releasing the actual details until after the patches have been released. This is very serious. And affects so many computers across the world that I don't think you realize just how devastating it could be if a virus that acted like wannacry was able to be modified to exploit this? The whole world could literally come to a grinding halt. I think you underestimate the extent of this vulnerability. You know how many computers run on core microarchitecture???

[...]

As I said... disaster... end of the world indeed!

 

But, I guess we ain't dead yet, eh?  :P

Share this post


Link to post
Share on other sites

If you do not update your os how are they going to be able to change anything in your computer at all? Every hackmac owner have turned autoupdate of so we should be safe from this stunt. Till now computers have been working as expected and promised and it has been fairly unusual that criminals did break in to our systems. Have they seen or do they expect these activities to rise rapidly or whats the deal here. If someone breaks in on my property it is a case for the police not for the consumer to fix.

 

Till now I have only updated when it was necessary like when a program I wanted or needed demanded for a newer os this will stop now. And Apples endless update loop of os x should have stopped years ago. For every one of the versions there has been at least 8 more updates! Why the hell dont they just make the stuff ready before they release it that is just stupid like making a car and forgetting the steeringwheel.

Share this post


Link to post
Share on other sites

If you do not update your os how are they going to be able to change anything in your computer at all? Every hackmac owner have turned autoupdate of so we should be safe from this stunt. Till now computers have been working as expected and promised and it has been fairly unusual that criminals did break in to our systems. Have they seen or do they expect these activities to rise rapidly or whats the deal here. If someone breaks in on my property it is a case for the police not for the consumer to fix.

 

Till now I have only updated when it was necessary like when a program I wanted or needed demanded for a newer os this will stop now. And Apples endless update loop of os x should have stopped years ago. For every one of the versions there has been at least 8 more updates! Why the hell dont they just make the stuff ready before they release it that is just stupid like making a car and forgetting the steeringwheel.

 

I think you have the wrong impression here, this is a vulnerability in the every core microarchitecture Intel CPU going back for at least a decade if not more. It allows ANY executing code to gain access to the kernel privilege ring and execute though. It even allows a virtual machine to escape hypervisor mode and get the ring 0. You definitely want to update all your OSes, this is a potentially could gain control of your entire computer, and possibly every computer that it's networked with that is also an Intel CPU.

Share this post


Link to post
Share on other sites

Let's calm down Apianti. I think we all got your end-of-the-world point here... and all is fine... just as it were back on Jan 1st, 2000. Are you currently packing to go and live hidden in a cave to feel safer? Leave your Intels behind, only take the AMDs...

 

Meantime, the world's computers are still ticking, trains are still going, planes are still flying, companies are still trading, banks ATMs are still distributing, supermarkets are still selling, telephones are still ringing, my hackintoshes are still running (as fast or slow as before) and my wife is still nagging.

 

Intel ain't gonna kill human civilisation today... What more do we need to say?

Share this post


Link to post
Share on other sites

I think you have the wrong impression here, this is a vulnerability in the every core microarchitecture Intel CPU going back for at least a decade if not more. It allows ANY executing code to gain access to the kernel privilege ring and execute though. It even allows a virtual machine to escape hypervisor mode and get the ring 0. You definitely want to update all your OSes, this is a potentially could gain control of your entire computer, and possibly every computer that it's networked with that is also an Intel CPU.

Yes and all this time everything worked and only a few % of consumers worldwide ever had any problems at all from this. So what changed so rapidly? And the question still remains why should consumers end up with the bill for something they should have known from the start and why are we the consumers responsible for criminal activities. We have a police force for that in pretty much every country in the world that we pay for via income tax so this is not our problem.

Share this post


Link to post
Share on other sites

I think you have the wrong impression here, this is a vulnerability in the every core microarchitecture Intel CPU going back for at least a decade if not more.

Looks like nearly every Intel CPU since 1995, so give-or-take 23 years.

Share this post


Link to post
Share on other sites

I think you have the wrong impression here, this is a vulnerability in the every core microarchitecture Intel CPU going back for at least a decade if not more. It allows ANY executing code to gain access to the kernel privilege ring and execute though. It even allows a virtual machine to escape hypervisor mode and get the ring 0. You definitely want to update all your OSes, this is a potentially could gain control of your entire computer, and possibly every computer that it's networked with that is also an Intel CPU.

 

Not just related to Intel but to AMD and ARM too (though AMD seems to be in denial).

There are two issues: "Meltdown" and "Spectre".

Meltdown is more related to Intel platforms and Spectre affects ALL architectures. Spectre is hardest to fix.

 

More details here: https://meltdownattack.com

 

Personally, I think it was irresponsible of the register to publish a fairly inaccurate story BEFORE the Intel, AMD, ARM, MSFT, GOOG, ETC had the fixes in place - like any responsible organisation. But then again, they've always been a rogue hack and true to their nature.

I wonder if they sold their Intel shares before publishing and bought them back after publishing at 6% gain ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×