Massive security hole in CPU's incoming?Official Meltdown/Spectre Discussion Thread

Page 31 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Malogeek

Malogeek

Golden Member
Mar 5, 2017
1,390
778
136
yaktribe.org
Hitman928 said:
We don't actually know this, despite what AMD and intel have said. We know that no one's been caught using this exploit, but it's impossible to know if it's been used as it can be run without leaving a trace on the host computer.
Click to expand...
This is what I don't understand. If these attacks are undetectable, how are they so sure they haven't been used?
 
Zstream

Zstream

Diamond Member
Oct 24, 2005
3,396
277
136
Malogeek said:
This is what I don't understand. If these attacks are undetectable, how are they so sure they haven't been used?
Click to expand...

It has been used in deep state attacks. This is why the team as commissioned to investigate. The US Government has known for over a year.
 
goldstone77

goldstone77

Senior member
Dec 12, 2017
217
93
61
Excessi0n said:
Because these are really weird, convoluted, and indirect exploits. It's like bouncing a laser off a window to see how it's vibrating and using that info to figure out what people in a room are saying. Except even harder to wrap your mind around. The fact that anybody was able to come up with this sort of attack in the first place is actually fairly impressive.
Click to expand...
Considering the vast amount of countries that have resources out there dedicated to doing things of this nature like say the NSA, China, Russia, etc. vs. a google lab. We don't know that this exploit or something similar hasn't already been done. Plus, they said they couldn't detect if it was ever exploited, since there wouldn't be a log of it.
 
  • Like
Reactions: moinmoin, french toast, ozzy702 and 3 others
Zstream

Zstream

Diamond Member
Oct 24, 2005
3,396
277
136
scannall said:
Probably far longer than that.
Click to expand...

Oh, I’m sure of it. It was only leaked to the US government over a year ago, when some exposed whitehouse computers were hacked. I can’t remember exactly the date, but it was during the Obama administration, and then it went crazy. That is, when Intel, and other major players were contacts.

It’s an interesting story, so I suggest everyone go research the timing/development/team etc.. it’s quite sad actually, that the public at large was ignored.
 
PotatoWithEarsOnSide

PotatoWithEarsOnSide

Senior member
Feb 23, 2017
664
701
106
That's corporate fascism for you.
It's a sorry state of affairs if Intel deliberately designed their CPUs to ignore memory privileges just because it gave them the extra 'apparent' processing power.
 
repoman0

repoman0

Diamond Member
Jun 17, 2010
4,466
3,302
136
Zstream said:
It has been used in deep state attacks. This is why the team as commissioned to investigate. The US Government has known for over a year.
Click to expand...

:rolleyes:

P&N is the place to go for conspiracy theories to get shot down.
 
repoman0

repoman0

Diamond Member
Jun 17, 2010
4,466
3,302
136
Didn't think anybody actually believed this derp state REDACTED lol.

One Poster was already warned about profanity in the tech sub-forums in this thread.
We don't allow profanity in the tech sub-forums. Consider this your only warning.

Iron Woode
Super Moderator
 
Last edited by a moderator:
  • Like
Reactions: Fanatical Meat and PottedMeat
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,608
10,802
136
Take that to P&N before it gets started. Please.

Meltdown is now out in the open. It's only a matter of time before non-state actors take advantage of it. The patches are hurting performance and possibly affecting people's livelihoods today. We don't need to muck around in the world of conspiracy to know that much.

If Intel mishandles this situation, they may lose significant market share in the server sector, which is their main source of revenue. And this while AMD and ARM are both attempting to make fresh incursions into that space. IBM is still pushing its POWER products, too.
 
  • Like
Reactions: french toast, Gikaseixas, repoman0 and 1 other person
goldstone77

goldstone77

Senior member
Dec 12, 2017
217
93
61
Fanatical Meat said:
Any guesses when we will see cpu's without this vulnerability?
Click to expand...
How long does it take to redesign and manufacture a new CPU(redesign parts of it). ~12 months at the earliest maybe, but more likely 3-5 year...
Edit: Also, would you really want to sell a defective product? Or, would you want to buy one for that matter?
 
Last edited:
J

jpiniero

Lifer
Oct 1, 2010
14,571
5,202
136
goldstone77 said:
How long does it take to redesign and manufacture a new CPU(redesign parts of it). ~12 months at the earliest maybe, but more likely 3-5 year...
Click to expand...

I will say I thought it was strange that the roadmap mentioned a separate production start for Coffee Lake full release. Needless to say they shouldn't bother releasing any new server parts without both Meltdown and the two Spectre flaws fixed in hardware.
 
  • Like
Reactions: goldstone77
goldstone77

goldstone77

Senior member
Dec 12, 2017
217
93
61
jpiniero said:
I will say I thought it was strange that the roadmap mentioned a separate production start for Coffee Lake full release. Needless to say they shouldn't bother releasing any new server parts without both Meltdown and the two Spectre flaws fixed in hardware.
Click to expand...
The most important thing that everyone has to remember, is that patches are just band aids! They can be ripped off, or exploited by a different method! It's like a bucket with a hole in it. You can cork it up, that doesn't mean someone else can't come along and uncork it!
 
  • Like
Reactions: rgallant
formulav8

formulav8

Diamond Member
Sep 18, 2000
7,004
522
126
Intel's issue is not something a simple re-spin will fix from the looks of it. Its an architectural issue that needs redesigned. Should take much longer than a re-spin.
 
  • Like
Reactions: Jan Olšan
M

maddie

Diamond Member
Jul 18, 2010
4,738
4,667
136
jpiniero said:
I will say I thought it was strange that the roadmap mentioned a separate production start for Coffee Lake full release. Needless to say they shouldn't bother releasing any new server parts without both Meltdown and the two Spectre flaws fixed in hardware.
Click to expand...
Impossible. If they try that, they're bankrupt.
 
M

maddie

Diamond Member
Jul 18, 2010
4,738
4,667
136
ZGR said:
Intel's massive R&D should find a way around this.
Click to expand...
Intel's R&D is funded by sales. This is a complete redesign of fundamental features from a performance enhancing perspective. Not easy at all.

If it's fixed in hardware quickly, then Intel probably knew about this for a long time, opening themselves to many lawsuits.
If it takes a long time to fix in hardware, then they lose sales.
Both positions have bad outcomes.
 
goldstone77

goldstone77

Senior member
Dec 12, 2017
217
93
61
AMD Did NOT Disable Branch Prediction With A Zen Microcode Update
Written by Michael Larabel in AMD on 6 January 2018 at 07:02 AM EST.
I reached out to AMD and on Friday heard back. They wrote in an email to Phoronix that this Zen/17h microcode update does not disable branch prediction. They'll be working with SUSE to re-clarify this microcode update description... But as far as what this microcode update does in the wake of SPECTRE they have yet to clarify or why this microcode binary has yet to make it to other Linux distributions. If/when I hear anything more, I'll certainly post about it but doesn't appear to be anything as dramatic as disabling branch prediction, which could have slaughtered their CPU performance.
Click to expand...
Looks like the microcode description wasn't entirely accurate!
 
goldstone77

goldstone77

Senior member
Dec 12, 2017
217
93
61
Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables
Updated Friday at 10:30 PM
https://access.redhat.com/articles/3311301
Architectural Defaults
By default, each of the 3 tunables that apply to an architecture will be enabled automatically at boot time, based upon the architecture detected.
Intel Defaults:
pti 1 ibrs 1 ibpb 1 -> fix variant#1 #2 #3
pti 1 ibrs 0 ibpb 0 -> fix variant#1 #3 (for older Intel systems with no microcode update available)
AMD Defaults:
Due to the differences in underlying hardware implementation, AMD X86 systems are not vulnerable to variant #3. The correct default values will be set on AMD hardware based on dynamic checks during the boot sequence.
pti 0 ibrs 0 ibpb 2 -> fix variant #1 #2 if the microcode update is applied
pti 0 ibrs 2 ibpb 1 -> fix variant #1 #2 on older processors that can disable indirect branch prediction without microcode updates
Click to expand...

Details how each security threat is being handled.
 
W

wahdangun

Golden Member
Feb 3, 2011
1,007
148
106
The nature of the patch really make me nervous, I mean it's just os patch, it can be reverse engineered and find a new hole or even worst manipulate the patch to make it more insecure.

Just hope that bios update can hardening it, although it's costly, and now my server run 100% all the time, it's just GREAT.
 
DrMrLordX

DrMrLordX

Lifer
Apr 27, 2000
21,608
10,802
136
Fanatical Meat said:
What is a reasonable time estimate for Intel to release newly designed chips that do not have this flaw?
Click to expand...

Fanatical Meat said:
Any guesses when we will see cpu's without this vulnerability?
Click to expand...

Let's work off what we know about Intel's roadmap for the next 2 years, which is surprisingly very little (another problem for another thread):

1). All Intel designs up to Cannonlake have the same basic Skylake core design. We can probably assume that all problems associated with Meltdown and Spectre will affect everything up to and including Cannonlake; furthermore, anything Skylake and later can't use Retpoline.

2). Icelake's design is far enough along that it will probably be impossible for Intel to fix everything (or even anything) to make Icelake immune to both Meltdown and Spectre. If Intel DOES manage to harden Icelake against both attacks, it implies that Intel knew about this problem for awhile as per @maddie 's remarks above. Personally I expect Intel to release Icelake fully vulnerable to Meltdown and Spectre in hardware, meaning that all Icelake systems will come with mitigation microcode pre-installed, and that all OS providers will need to patch against both exploits by default; in fact, I expect that to be the case for Whiskeylake, Cascade Lake, Icelake, and Tigerlake.

3). That basically leaves us with Sapphire Rapids. Tigerlake is just Icelake on 10nm, and Cascade Lake is just Skylake-X on . . . 14nm+++? Or something? I dunno. Anyway don't expect those architectures to save Intel from Metldown and Spectre.

So, probably Sapphire Rapids. Which comes out in 2020?
 
F

french toast

Senior member
Feb 22, 2017
988
825
136
Unfortunately as I and others suspect intel have been sitting on this for years and may have a contingency plan in place to fix in hardware.
If they had already done the r&d for the fault then from July of last year it would be possible to Insert a fix into 2018 processor's imo.

Pinnacle ridge probably will be affected by spectre unfortunately, which would put intel back in front security wise by the summer when they release updated skylake architecture with the fix.
Still, this will erode Intel's reputation in enterprise, to AMD s advantage.
 
J

jihe

Senior member
Nov 6, 2009
747
97
91
This is probably a Democrats/Russian conspiracy

This area is for discussing CPUs and overclocking.
Politics and news is out the door, and down the hall.

AT Mod Usandthem
 
Last edited by a moderator:
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom