Despoiler
Golden Member
So software doesn't rely upon the OS to do anything and vice versa? Username checks out.
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread
Page 5 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
So software doesn't rely upon the OS to do anything and vice versa? Username checks out.
Jan Olšan
Senior member
If Ian Cutress is reading this...
https://twitter.com/IanCutress/status/948452457667022849
"Some published academic workarounds and patch methods give a 0.3% perf hit on average."
The 0.27% was the hit cited by the original research from academics. The final code in Linux is different and its main author stated that he doesn't find the low number representative, it's more like 10x that in general tasks (of course, it looks to be worse in syscall-heavy stuff). I think he states that somewhere in the LKML discussion but I can't find the exact message now (I saw it when writing about it yesterday and forgot to bookmark...).
But in any case, the "0,3 %" is for the research, not for the actual implementation. It might have been measured on CPU heavy code like encoding (I didn't read the paper).
https://twitter.com/IanCutress/status/948452457667022849
"Some published academic workarounds and patch methods give a 0.3% perf hit on average."
The 0.27% was the hit cited by the original research from academics. The final code in Linux is different and its main author stated that he doesn't find the low number representative, it's more like 10x that in general tasks (of course, it looks to be worse in syscall-heavy stuff). I think he states that somewhere in the LKML discussion but I can't find the exact message now (I saw it when writing about it yesterday and forgot to bookmark...).
But in any case, the "0,3 %" is for the research, not for the actual implementation. It might have been measured on CPU heavy code like encoding (I didn't read the paper).
You know, part of me wonders whether maybe, just maybe Intel were so desperate in the mid-2000s, what with AMD consistently slaughtering their product line-up across the board (or at least matching it, where Turion and Pentium M/Core 1 were concerned), that they deliberately compromised the security and data integrity of their chips in an attempt to get any sort of advantage over AMD.
Okay, that's probably not what actually happened... but it'd be funny as hell if Intel needlessly compromised their chips in an effort to defeat K10 and Bulldozer, only for it to come back and bite them just when AMD happens to have a very strong competitor on the market.
Okay, that's probably not what actually happened... but it'd be funny as hell if Intel needlessly compromised their chips in an effort to defeat K10 and Bulldozer, only for it to come back and bite them just when AMD happens to have a very strong competitor on the market.
bauerbrazil2014
Member
I was thinking the same...
I doubt it because if they knew about it, they would have fixed it at some point because it would hurt given the massive lead they took after Core.
William Gaatjes
Lifer
I guess the question if ryzen is vulnerable or not comes from not being on the list of 22 tested machines ?
Timestamp of list :
https://youtu.be/ewe3-mUku94?t=1763
Timestamp of list :
https://youtu.be/ewe3-mUku94?t=1763
crazylocha
Member
bauerbrazil2014 and BigDaveX,
How long ago did AMD incorporate the MMU into their silicon? From both the Phoronix and the register articles, the MMU doesn't seem to be affected. Bulldozer? Or since Zen?
How long ago did AMD incorporate the MMU into their silicon? From both the Phoronix and the register articles, the MMU doesn't seem to be affected. Bulldozer? Or since Zen?
Even earlier than that, if memory serves; I seem to recall that it was introduced in some form with K10.
William Gaatjes
Lifer
Piledriver, k10 and bobcat are affected.
PingSpike
Lifer
I thought at least one guy from AMD confirmed its not vulnerable:
https://lkml.org/lkml/2017/12/27/2
Stuka87
Diamond Member
William Gaatjes
Lifer
That is strange because the guys from the 34c3 video tested their attack on piledriver, k10 and bobcat architecture and their exploits works on those models.
But ryzen is not tested.
Last edited:
Stuka87
Diamond Member
Intel would have to replace every single CPU with ones that have a fix. There is no way to patch the CPU with a fix.
Stuka87
Diamond Member
If you are referencing the video noted above, thats a different issue. That video goes into detail on cache attacks. That is not related to this Intel bug.
zinfamous
No Lifer
yeah, that makes sense. One can honestly see how Intel has no other choice but to demand an OS workaround, but this certainly won't sit well outside of the US with European vendors and EU laws that are consumer protection-based.
Interesting to see how vendors respond, seeing TR offering no such security issue, no performance hit (outside of broad OS patch), and at least 3 years of hardware support that won't require the annual Intel replacement for updated chips.
french toast
Senior member
Does not seem like a problem for general desktop users.
It's enterprise that is going to be affected.
I hope intel does not get it's way and force the fix on AMD CPUs.
Intel's problem and intel should pay the price.
It's enterprise that is going to be affected.
I hope intel does not get it's way and force the fix on AMD CPUs.
Intel's problem and intel should pay the price.
William Gaatjes
Lifer
It all seems to be about accessing page tables which happen through the mmu and the translation look aside buffer and page tables in main memory.
This is about that.
https://lwn.net/Articles/569635/
Do you have detailed information about this Intel bug ?
It seems i have missed something when reading your post.
Actually I think that Ryzen is totally secure. It has a new uARCH. And the newer Cats processors (excluding Bobcat) were slow due the security measures. So... Maybe that infamous monocore AMD E1 2100 despite being slower than a Pentium III was at least secure?
But I see the Bulldozer and the STARS uarch being hit hard with this. I fear that those guys will be on the same boat of Intel.
BTW.... I wonder if VIA proccesors are affected by this..
But I see the Bulldozer and the STARS uarch being hit hard with this. I fear that those guys will be on the same boat of Intel.
BTW.... I wonder if VIA proccesors are affected by this..
Im not yet convinced, MANY, MANY software protections like Denuvo runs behind Vms.
Dayman1225
Golden Member
https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/
Here, check out AC:O, weren't they bashed for DRM? Doesn't seem to be affecting it.
zinfamous
No Lifer
So if it's correct what I saw in this? thread, that this very same flaw was publicly demonstrated at some conference in 2016, and would likely therefore be known by large hacker groups for perhaps sometime before that and certainly after, could this be tied to some of the more recent data hacks, like Equifax and others?
I'm not too familiar with how those breaches occurred, but was wondering if some these $$billion screw-ups lead back to a *potentially known* flaw in Intel's architecture, if these companies will start going after Intel for compensation.
...I'm also concerned that this design was an active decision to introduce false performance metrics to remain competitive against their more secure rival, for a decade and more. That would be extremely troubling.
I'm not too familiar with how those breaches occurred, but was wondering if some these $$billion screw-ups lead back to a *potentially known* flaw in Intel's architecture, if these companies will start going after Intel for compensation.
...I'm also concerned that this design was an active decision to introduce false performance metrics to remain competitive against their more secure rival, for a decade and more. That would be extremely troubling.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
