Skip to main content
Topic: Major Intel design flaw compromises most current consumer CPUs (Read 456 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Major Intel design flaw compromises most current consumer CPUs

Recently disclosed ("KAISER") patches to the Linux kernel as well as "Windows Insider" exclusive patches have demonstrated that essentially all Intel CPUs made in the last decade (at least!) have a critical flaw in their speculative execution functionality that likely enables some execution of code from ring 3 (user mode) writing to ring 0 (kernel mode) memory with potentially serious consequences. At least one compsec researcher has claimed that this does not require a page fault in order to occur. This is a hardware flaw, so all systems running an Intel x86 processor, (including the cult of MacOS and *BSDs) are affected, irrespective of OS.

Depending upon load, the patches can apparently reduce performance substantially or almost not at all. This first appears to have been discovered by CS researchers at the University of Graz (Austria). The register article links to an interesting blog post from last year by Anders Fogh who runs bits of specific code on his Broadwell-core i3 demonstrating part of the issue. He concludes by writing:

Quote from: Anders Fogh @ CyberWTF
The first is that Intel’s implementation of Tomasulo’s algorithm is not side channel safe. Consequently we have access to results of speculative execution despite the results never being committed. Secondly, my results demonstrate that speculative execution does indeed continue despite violations of the isolation between kernel mode and user mode.

This is truly bad news for the security. First it gives microarchitecture side channel attacks additional leverage – we can deduct not only information from is actually executed but also from what is speculatively executed. It also seems likely that we can influence what is speculative executed and what is not through influencing caches like the BTB, see Dmitry Evtyushkin and Dmitry Ponomarev [5] for instance. It thus add another possibility to increase the expressiveness of microarchitecture side channel attacks and thus potentially allow an attacker even more leverage through the CPU. This of cause makes writing constant time code even more complex and thus it is definitely bad news.

Also it draws into doubt mitigations that rely on retirement of instructions. I cannot say I know how far that stretches, but my immediate guess would be that vmexit’s is handled on instruction retirement. Further we see that speculative execution does not consistently abide by isolation mechanism, thus it’s a haunting question what we can actually do with speculative execution.

AMD CPUs are apparently not affected by this bug, and AMD has already submitted patches to the Linux kernel which disable the Intel-specific patch upon detection of an AMD CPU.

The arstechnia writer suggests that in contrast, ARM chips may very well be affected, suggesting essentially all smartphones in circulation might well have the same problem.

Edit: I've not seen specific demonstrations (yet) that Intel's (s)low-end "Atom" processors are affected, but these are typically so pitifully slow that they are only found on extremely inexpensive systems. Perhaps the single most major concern here is the massive Microsoft/Amazon/Google/FBook/Your Bank cloud computing/storage centers are overwhelmingly running Intel CPUs that contain this bug. The remaining AMD Opteron and new Epyc servers of course do not have this issue.

Re: Major Intel design flaw compromises most current consumer CPUs

Reply #1
I checked the KPTI patch, and it mentions that Ryzen series CPUs are affected by a bug which can cause crashing, also mitigated by the same KPTI patch. Remember, we are only taking AMD's word that their CPUs are unaffected.

Re: Major Intel design flaw compromises most current consumer CPUs

Reply #2
Yeah, apparently it turns out that there are Two issues, one supposedly inherent to speculative execution ('Spectre'), and therefore likely to impact any CPU from any vendor currently in circulation. This includes AMD, POWER, ARM, and probably any SPARC systems still running (the latter Fujitsu SPARC V stuff likely). So unless you're rolling a Pentium 1, you're susceptible to Spectre.

Meltdown, on the other hand, does not impact AMD CPUs (according to anyone, AFAIK), impacts every contemporary Intel CPU, and possibly some ARM systems.   and  have elaborate breakdowns of the issues that appear to largely agree with one another.

The CEO of Intel may be in hot water for selling a large amount of stock options after Intel learned of the bug, but months before it was revealed to the public.

Re: Major Intel design flaw compromises most current consumer CPUs

Reply #3
AMD has released a microcode update which disables branch prediction on their Ryzen CPUs, which is already being distributed in the linux-firmware package.

Re: Major Intel design flaw compromises most current consumer CPUs

Reply #4
That seems unlikely to be the case generally, as that would wreck performance.

Yeah, Phoronix is stating that AMD is telling them no, in fact branch prediction is NOT disabled by the most recent zen core microcode update and in fact this is a mistake by the SUSE team in annotating the 17h update.

Here is the anandtech rundown of Meltdown and Spectre.

Supposedly the meltdown/Spectre vulnerabilities were to be revealed to the public on the 9th of January 'patch Tuesday', so confusion is a bit understandable. Still, it seems like the manufacturers should have had their act together better a week earlier.

Instead it appears Intel marketing decided to 'stress' that all high performance CPUs are susceptible to Spectre (thus obfuscating the fact that Intel CPUs are uniquely vulnerable to meltdown in the x86 realm), while AMD decided to 'focus' on the fact that their chips aren't vulnerable to meltdown (when they ate vulnerable to Spectre).

If in fact all iOS devices are vulnerable to both exploits, this is possible evidence that many Qualcomm devices are also effected by both, and so a huge percentage of ARM devices in use are vulnerable. Luckily these appear to be local exploits, as far as we know.

SimplePortal 1.0.0 RC1 © 2008-2018