'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

tp3to said:
Estimated performance hit is for those running VM only. Normal day to day processes for example gaming will have very minimal performance difference.
Click to expand...
What do you mean by VM?
 
ginggs said:
What do you mean by VM?
Click to expand...
Would also like to know. As an acronym VM is usually virtual machine. In the context of what has been said in this thread, virtual machines have not been mentioned.
 
Those who are running a lot of VM's (virtual machines) such as Google, Amazon, Microsoft etc will be majorly impacted by this nice feature.

Consider - if you're hosting a couple of VM's on Intel hardware, and world+dog can access these VM's, then a ne'er-do-well with a well-crafted piece of software (POS) will be able to extract sensitive data from other VM's should he/she/it knows what he/she/it is doing.

And coupled with the buggy Intel ME chippery, we're set for an extremely interesting time ahead.

This is basically the crux of the whole matter.
 
VMs being primarily affected are mostly guesswork, but it is a reasonable case for this sort of fix. We'll know as soon as the embargo is lifted and the details become public.

If it is a hypervisor-smashing attack, it'll be huge. The public mentions talk about interrupt handling, so anything that is heavy on hardware (network, HDD, etc) will be affected. Hypervisors more than others, though.

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
 
More relevant info

More info: Download tools to check from Intel : https://downloadcenter.intel.com/download/27150?v=t and :

Affected products:

1st, 2nd, 3rd, 4th, 5th, 6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Pentium® Processor G Series
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ G, N and J series Processors
 
Ryansr said:
More info: Download tools to check from Intel : https://downloadcenter.intel.com/download/27150?v=t and :

Affected products:

1st, 2nd, 3rd, 4th, 5th, 6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Pentium® Processor G Series
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ G, N and J series Processors
Click to expand...

Didn't someone in reddit post that? That's not the correct one.
 
Ryansr said:
Just hoping Intel will make some official statement on this latest flaw.
Click to expand...
Here you go:
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.

Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.

Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.

Intel is committed to the industry best practice of responsible disclosure of potential security issues, which is why Intel and other vendors had planned to disclose this issue next week when more software and firmware updates will be available. However, Intel is making this statement today because of the current inaccurate media reports.

Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.

Intel believes its products are the most secure in the world and that, with the support of its partners, the current solutions to this issue provide the best possible security for its customers.
Click to expand...
 
tp3to said:
Normal day to day processes for example gaming will have very minimal performance difference.
Click to expand...

Yeah I'm going to say the opposite is true, you'll likely find almost all applications will be impacted.

I'm not sure how much programming you've done, but avoiding system calls is pretty hard to do. And if you have done some programming it has probably been abstracted for you.

Just a simple current time function is a system call, IO, I haven't looked into it in detail but even the keyboard and mouse are likely impacted.

The impact of this is that a switch to kernel space is required, which means flushing the entire TLB cache and probably taking a hit on the CPU caches also.

I'm actually surprised it is only 30% performance hit.

I'm curious what the hit will be on for example HTTP servers during load which spend a lot of time in IO select.
 
Last edited:
HavocXphere said:
RIP Intel
Click to expand...

The actual research papers are too technical for me to follow at this time of night (I'll probably need some hours to follow them completely to be honest).

But this highlights the problem pretty well: https://lwn.net/Articles/738975/

Essentially they found a way to trigger speculative execution of a branch which will be discarded (it is discarded because in their example it is array out of bounds in variant 1)
However even if the branch is discarded in the future it can still trigger a page fault before being discarded.

They then time this speculative execution, if a page fault occurred it means it was not a kernel space address because the CPU is paging in that address.

The also talk about another speculative execution attack which involves accessing a privileged addresses (eg. kernel space guesses). The execution is speculatively executed because the permission check is done at the retire step of the instruction (last part) due to the cost of the check. (variant 3 in the example)

Variant 1 is significant because the speculative branch is triggered by the CPU branch predictor. AMD claims they are not affected by variant 1 is my understanding.

It doesn't matter if you are running Intel/AMD/etc. since the kernel is currently always in the page table, in user space, it is just a matter of time before some way is found to do the same attack but different.

Really the only protection is moving the kernel out of the user space page table.

TL;DR of this: (IMO)
This "bad performance/pro security" patch isn't only being rolled out because of this one attack (or 3). It is being made because the last few months of research has shown that having the kernel "hiding" in user land is a ticking security time bomb.

Intel was targeted here btw. because their architecture was better understood from previous articles. AMD is almost certainly not safe here in the long run
 
Last edited:
Gnome said:
The actual research papers are too technical for me to follow at this time of night (probably needs many hours to follow them completely to be honest).
Click to expand...
Too technical for me at any time of day. ;) But trying to piece it together too.

Gnome said:
It doesn't matter if you are running Intel/AMD/etc
Click to expand...
Meltdown affects primarily Intel thus far - that's the 30% hit flavoured patch.

Spectre seems to affect everything top to bottom that has speculative execution (even cellphones :wtf:)...and there doesn't seem to be much of a plan. :confused: Sounds like it's going to temporarily +- kill the concept of sensitive data in the cloud/shared hosting.

I rate a lot of people admin-ing cloud stuff are going to have a rough January.

More info
https://news.ycombinator.com/item?id=16065845
 
Gnome said:
Yeah I'm going to say the opposite is true, you'll likely find almost all applications will be impacted.

I'm not sure how much programming you've done, but avoiding system calls is pretty hard to do. And if you have done some programming it has probably been abstracted for you.

Just a simple current time function is a system call, IO, I haven't looked into it in detail but even the keyboard and mouse are likely impacted.
Click to expand...
Why are people saying gaming would be unaffected? Surely a game requires many calls from the game code to the video drivers?
 
Azure have been patching our servers and restarting them batches at a time today.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X