• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 21 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

csbin

Senior member
Feb 4, 2013
834
339
136
https://support.microsoft.com/en-us/help/4073119/guide-to-protect-against-speculative-execution-side-channel-vulnerabil

Warning


Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.

Note Surface customers will receive a microcode update via Windows update.
 
May 11, 2008
18,309
831
126
https://support.microsoft.com/en-us/help/4073119/guide-to-protect-against-speculative-execution-side-channel-vulnerabil

Warning


Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.

Note Surface customers will receive a microcode update via Windows update.[/QUO
When i do the Get-SpeculationControlSettings thingy (post 463), it indeed notifies that there must be checked for a firmware or bios update.
 

plopke

Senior member
Jan 26, 2010
228
69
101
somebody on twitter made like the following statement "Intel released Coffee Lake despite knowing that it was vulnerable *at launch*. That might impact Intel liability." ,

Did any else launch a new CPU after they realised what was going on? Imagine a car manufacture selling/launching car models knowing they are insecure ? The more I think about it : the entire industry kept selling hardware , knowing it was insecure,.......

PS some local professor said any cellphone older than 3 years , you might most of the time just throw away just for security reasons , WHY ON EARTH are we allowing people to buy laptops at this moment ,...... it all feels a bit surreal to me atm
 
Last edited:

Engineer

Elite Member
Oct 9, 1999
39,234
699
126
Sorry to post this here but I just don't know what I'm doing on this. How do I get the PowerShell commands to work? I basically get an Invalid Command when trying to execute them? This is on Windows 7 - 64 bit. I've never run PowerShell before. If I need to move this request to another post/ forum, please accept my apology.

Edit: Now I get a popup box asking me what I want to open "Install-Module" with. Something not right about this. What a disaster....

Edit #2: Nevermind - I'll just wait for something easier to be published that just works.
 
Last edited:

Artorias

Golden Member
Feb 8, 2014
1,546
711
136
somebody on twitter made like the following statement "Intel released Coffee Lake despite knowing that it was vulnerable *at launch*. That might impact Intel liability." ,

Did any else launch a new CPU after they realised what was going on? Imagine a car manufacture selling/launching car models knowing they are insecure ? The more I think about it : the entire industry kept selling hardware , knowing it was insecure,.......

PS some local professor said any cellphone older than 3 years , you might most of the time just throw away just for security reasons , WHY ON EARTH are we allowing people to buy laptops at this moment ,...... it all feels a bit surreal to me atm
No to mention the CEO just sold a bunch of shares just recently.

All I need is the 8700K and a gpu to finish my new build and this is getting me soured.

I've been looking forward to upgrading from my 2600K and if I switch to AMD I'm going to need another motherboard.
 
Last edited:

wahdangun

Golden Member
Feb 3, 2011
1,007
146
106
AMD's statement is specifically directed to the exploitations in the Google Project Zero research. Don't assume anything beyond that. Just because those methods may not work on AMD CPU's doesn't mean that other attacks on speculative execution on AMD CPU's won't work.

Again, from the researchers:


"As the attack involves currently-undocumented hardware
effects, exploitability of a given software program
may vary among processors. For example, some indirect
branch redirection tests worked on Skylake but not on
Haswell. AMD states that its Ryzen processors have “an
artificial intelligence neural network that learns to predict
what future pathway an application will take based
on past runs” [3, 5], implying even more complex speculative
behavior. As a result, while the stop-gap countermeasures
described in the previous section may help
limit practical exploits in the short term, there is currently

no way to know whether a particular code construction
is, or is not, safe across today’s processors – much less

future designs."

Don't be stupid, it's useless if amd patches this security when it was not attack vector for them, it's should be patched with actual security flaw/bug.

Needless patching is stupid and like Linus said we shouldn't break user space.

And if you thing like that why don't you just unplug from internet, it's safer, because you know when you connected to internet there are thousands of attack vector and not yet discovered waiting in dark net. And you will be naive if you think this meltdown and Spectre is the end of CPU security bug.
 
  • Like
Reactions: DarthKyrie

Asterox

Senior member
May 15, 2012
632
985
136
Just in case anyone was wondering how you get in front of an issue and not deflect it on others. Just look at arms support page!
https://developer.arm.com/support/security-update
Today very popular "in-order execution 64bit ARM Cortex A53 CPU" carefree drink champagne.

Any ARM SoC who uses only green CPU in his motor is cheerfully riding.For example Mediatek or Qualcomm has many SoC-s powered only by green horses.:cool:

https://en.wikipedia.org/wiki/MediaTek#Smartphone_processors

https://en.wikipedia.org/wiki/List_of_Qualcomm_Snapdragon_systems-on-chip
 
Last edited:

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
21,579
9,647
136
No to mention the CEO just sold a bunch of shares just recently.

All I need is the 8700K and a gpu to finish my new build and this is getting me soured.

I've been looking forward to upgrading from my 2600K and if I switch to AMD I'm going to need another motherboard.
You will need another motherboard anyway. the 8700k requires only the NEW 300 series motherboards.
 

Paratus

Lifer
Jun 4, 2004
14,999
8,739
146
somebody on twitter made like the following statement "Intel released Coffee Lake despite knowing that it was vulnerable *at launch*. That might impact Intel liability." ,

Did any else launch a new CPU after they realised what was going on? Imagine a car manufacture selling/launching car models knowing they are insecure ? The more I think about it : the entire industry kept selling hardware , knowing it was insecure,.......

PS some local professor said any cellphone older than 3 years , you might most of the time just throw away just for security reasons , WHY ON EARTH are we allowing people to buy laptops at this moment ,...... it all feels a bit surreal to me atm
I think that’s a little extreme.

For intel to get in trouble legally with coffee Lake someone must be harmed. There’s been no known exploit so no one harmed that way.

The home market probably won’t see more than a few percent performance difference once this is patched. So again no one harmed.

Remember they aren’t liable if your processor can’t reach the same Cinebench R15 score or FPS in LootBox II that AT got. They just have to sell you a chip that runs at the base frequency and single core turbo at TDP advertised. That’s why you have no recourse when your HP or Dell 8700k PC ends up 15% slower than your favorite review because you only have mediocre cooling, a power limited mobo and they’ve locked the turbo down to maintain TDP.

Where they could be in trouble is corporate purchases. If they sold chips that had to meet certain performance requirements and they knew or should have known the fix could preclude that then they are in trouble.

For the rest of us it probably won’t effect us much so not buying needed PCs or staying off the inter webs to protect ourselves from an exploit that hasn’t been seen in the wild doesn’t seem like the smartest thing.

Another saying we have in the human spaceflight biz is, if you want zero risk in your mission stay home.
 

dahorns

Senior member
Sep 13, 2013
550
83
91
I think that’s a little extreme.

For intel to get in trouble legally with coffee Lake someone must be harmed. There’s been no known exploit so no one harmed that way.

The home market probably won’t see more than a few percent performance difference once this is patched. So again no one harmed.

Remember they aren’t liable if your processor can’t reach the same Cinebench R15 score or FPS in LootBox II that AT got. They just have to sell you a chip that runs at the base frequency and single core turbo at TDP advertised. That’s why you have no recourse when your HP or Dell 8700k PC ends up 15% slower than your favorite review because you only have mediocre cooling, a power limited mobo and they’ve locked the turbo down to maintain TDP.

Where they could be in trouble is corporate purchases. If they sold chips that had to meet certain performance requirements and they knew or should have known the fix could preclude that then they are in trouble.

For the rest of us it probably won’t effect us much so not buying needed PCs or staying off the inter webs to protect ourselves from an exploit that hasn’t been seen in the wild doesn’t seem like the smartest thing.

Another saying we have in the human spaceflight biz is, if you want zero risk in your mission stay home.
This isnt entirely accurate. While Intel can certainly be liable if it made misrepresentations about the performance of its products, it can also be liable if it omitted material information regarding the product. Even a drop of only a few percent in performance is, my opinion, material to the average customers decision to purchase. And i think there is a very real drop in the value of intel processors, even if that drop is only a couple percent.
 

goldstone77

Senior member
Dec 12, 2017
217
93
61
I think that’s a little extreme.

For intel to get in trouble legally with coffee Lake someone must be harmed. There’s been no known exploit so no one harmed that way.

The home market probably won’t see more than a few percent performance difference once this is patched. So again no one harmed.

Remember they aren’t liable if your processor can’t reach the same Cinebench R15 score or FPS in LootBox II that AT got. They just have to sell you a chip that runs at the base frequency and single core turbo at TDP advertised. That’s why you have no recourse when your HP or Dell 8700k PC ends up 15% slower than your favorite review because you only have mediocre cooling, a power limited mobo and they’ve locked the turbo down to maintain TDP.

Where they could be in trouble is corporate purchases. If they sold chips that had to meet certain performance requirements and they knew or should have known the fix could preclude that then they are in trouble.

For the rest of us it probably won’t effect us much so not buying needed PCs or staying off the inter webs to protect ourselves from an exploit that hasn’t been seen in the wild doesn’t seem like the smartest thing.

Another saying we have in the human spaceflight biz is, if you want zero risk in your mission stay home.
I can tell you that there are filings already! How successful they will be... That's another story.

Intel Hit With Three Class Action Lawsuits Related to Security Vulnerability
Alex Cranz
Today 4:50pm

As Law.com first noted, a class action complaint was filed January 3rd in United States District Court for the Northern District of California. Since then Gizmodo has found two additional class action complaints filed today (just eleven minutes apart)—one in the District of Oregon and another in the Southern District of Indiana.



All three complaints cite the security vulnerability as well as Intel’s failure to disclose it in a timely fashion. They also cite the supposed slowdown of purchased processors. However that is still up for debate. In a press release today, Intel claimed it has “issued updates for the majority of processor products introduced within the past five years.” Moreover, it says the performance penalty is not as significant as The Register initially claimed.

Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.

This claim—of things not being as dire as they seemed—was seconded by Google today. In a post on its Security Blog, Google claimed “we have found that microbenchmarks can show an exaggerated impact,” which seems to suggest that localized attempts to benchmark affected processors before and after the fix has been applied may not yield reliable results.


Intel continues to claim it is not the only CPU maker affected and has posited that CPUs made by AMD, Qualcomm, and ARM (Apple uses ARM architecture in its iPhone and iPad devices) are all potentially affected.

If you’re not sure if your device has been affected, be sure to back it up and then perform all available updates.

Here are the three complaints, in full.
The 3 lawsuits are listed on the website. One of which starts out as follows:

UNITED STATES DISTRICT COURTSOUTHERN DISTRICT OF INDIANAINDIANAPOLIS DIVISIONJASON JONES
,
on behalf of himselfand all others similarly situated,Plaintiff,v.
INTEL CORPORATION
,Defendant.))))))))))Civil No. 1:18-CV-00029
CLASS ACTION COMPLAINTJURY TRIAL DEMANDEDCLASS ACTION COMPLAINT
Plaintiff Jason Jones (“Plaintiff”), on behalf of
himself and all others similarlysituated, by counsel, brings this Class Action Complaint against Defendant IntelCorporation
(“
Intel

or “Defendant”
), and alleges as follows:
INTRODUCTION
1.
Plaintiff brings this action against Intel on behalf of all persons in theState of Indiana
who purchased a defective Intel core processor (“CPUs”).
2.
Defendant Intel’s x86
-64x CPUs suffer from a security defect, whichcauses the CPUs to be exposed to troubling security vulnerabilities by allowing
potential access to extremely secure kernel data (the “Defect”). The only way to“patch” this vulnerability
requires extensive changes to the root levels of theOperating System which will dramatically reduce performance of the CPU. TheDefect renders the Intel x86-64x CPUs unfit for their intended use and purpose.The Defect exists in all Intel x86-64x CPUs manufactured since at least 2008. The
Case 1:18-cv-00029-TWP-MPB Document 1 Filed 01/04/18 Page 1 of 17 PageID #: 1
2x86-64x CPU is, and was, utilized in the majority of all desktop, laptop computers,and servers in the United States
3.
To date, Defendant has been unable or unwilling to repair the Defector offer Plaintiff and Class members a non-defective Intel CPU or reimbursementfor the cost of such CPU and the consequential damages arising from the purchase
and use of such CPUs. Indeed, there does not appear to be a true “fix” for the Defect.The security “patch,” while expected to cur
e the security vulnerabilities, will
dramatically degrade the CPU’s performance. Therefore, the only “fix” would be to
exchange the defective x86-64x processor with a device containing a processor notsubject to this security vulnerability. In essence, Intel x86-64x CPU owners are leftwith the unappealing choice of either purchasing a new processor or computercontaining a CPU that does not contain the Defect, or continuing to use a computerwith massive security vulnerabilities or one with significant performancedegradation.
4.
The CPUs Defendant manufactured and sold to Plaintiff and Classmembers were not merchantable and were not fit for the ordinary and particularpurposes for which such goods are used in that the CPUs suffer from a criticalsecurity defect, requiring an OS-level software patch that will degrade theperformance of the CPU.
5.
Having purchased a CPU that suffers from this Defect, Plaintiff andClass members suffered injury in fact and a loss of money or property as a result of
Defendant’s con
duct in designing, manufacturing, distributing and selling defective
Case 1:18-cv-00029-TWP-MPB Document 1 Filed 01/04/18 Page 2 of 17 PageID #: 2
3CPUs. Intel has failed to remedy this harm, and has earned and continues to earnsubstantial profit from selling defective CPUs.

Edit:
If you are using or planning to use NVME drives on your computer this would apply to you!
 

wahdangun

Golden Member
Feb 3, 2011
1,007
146
106
this is the $%^ &&, do anyone know if you can roll back the update to test and benchmark ?

because i have several VM for our ms-sql and postgress sql (we using openERP/odoo). because our user feel the slow down yesterday, and its look like MS force update my windows 2012 R2 server.

btw i have skylake and kabylake Xeon cpu.

If the impact of our database server is not fixed in 2 months, i guess it't time to sold it all and move on to AMD, maybe we will use ryzen TR to replace our several xeon.

and btw do ecc ram work in TR ? and which motherboard have good ecc support ?
 
  • Like
Reactions: french toast

IEC

Elite Member
Super Moderator
Jun 10, 2004
14,016
3,815
136
this is the $%^ &&, do anyone know if you can roll back the update to test and benchmark ?

because i have several VM for our ms-sql and postgress sql (we using openERP/odoo). because our user feel the slow down yesterday, and its look like MS force update my windows 2012 R2 server.

btw i have skylake and kabylake Xeon cpu.

If the impact of our database server is not fixed in 2 months, i guess it't time to sold it all and move on to AMD, maybe we will use ryzen TR to replace our several xeon.

and btw do ecc ram work in TR ? and which motherboard have good ecc support ?
Unfortunately, postgre sql is one of the worse cases for performance impacts because of how it works.

Andres Freund did some benches on Skylake hardware and found the following performance regressions:
https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe@alap3.anarazel.de
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
21,579
9,647
136
this is the $%^ &&, do anyone know if you can roll back the update to test and benchmark ?

because i have several VM for our ms-sql and postgress sql (we using openERP/odoo). because our user feel the slow down yesterday, and its look like MS force update my windows 2012 R2 server.

btw i have skylake and kabylake Xeon cpu.

If the impact of our database server is not fixed in 2 months, i guess it't time to sold it all and move on to AMD, maybe we will use ryzen TR to replace our several xeon.

and btw do ecc ram work in TR ? and which motherboard have good ecc support ?
I understand that TR supports ecc, but I have not researched it as to if anyone has a motherboard that does.. The EPYC processor motherboards on the other hand Definitely support it. Not sure the availability of those. There is a 16 core EPYC that is not that much more than TR, so all this you need to check out, I just know, if the motherboard supports it, the TR chip WILL work, that is fact.

Edit from the ASRock x399 Taichi website:

Supports Quad Channel DDR4 3600+(OC) & ECC UDIMM Memory

Udimm ?? I actually don't know what that means, but yes, it supports ECC memory officially.
 
Last edited:

wahdangun

Golden Member
Feb 3, 2011
1,007
146
106
Unfortunately, postgre sql is one of the worse cases for performance impacts because of how it works.

Andres Freund did some benches on Skylake hardware and found the following performance regressions:
https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe@alap3.anarazel.de
GREAT, no wonder our user complain about the slow down, and maybe magnified because we use VM.


I understand that TR supports ecc, but I have not researched it as to if anyone has a motherboard that does.. The EPYC processor motherboards on the other hand Definitely support it. Not sure the availability of those. There is a 16 core EPYC that is not that much more than TR, so all this you need to check out, I just know, if the motherboard supports it, the TR chip WILL work, that is fact.
The problem with EPYC is the low frequency, we need that Mhz, because our server is used for thin-client too.

oh well, we will just wait a little while, just hope intel can get their shit together, this slowdown is annoying
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
21,579
9,647
136
GREAT, no wonder our user complain about the slow down, and maybe magnified because we use VM.




The problem with EPYC is the low frequency, we need that Mhz, because our server is used for thin-client too.

oh well, we will just wait a little while, just hope intel can get their shit together, this slowdown is annoying
See my update. If you have ECC udimm memory, you are set to go, at least with that motherboard.

As far as intel getting their "stuff" together, they have (or will soon have) patches to fix meltdown, but there will be a significant performance hit. You may already be seeing that.
 

wahdangun

Golden Member
Feb 3, 2011
1,007
146
106
Some initial phoronix testing with VM suggest that the performance loss with PostgreSQL is lower in VMs vs bare metal.

https://www.phoronix.com/scan.php?page=article&item=linux-kpti-kvm&num=3
Interestingly, PostgreSQL takes a smaller hit in performance with KPTI when running in a VM than when running on bare metal hardware. This may be due to the bare metal tests having higher I/O potential than the virtual disk used in this scenario.
and I'm using windows server 2012 R2 as Host, we using hyper-v for VM.
 

ASK THE COMMUNITY