Intel Chips Have Memory Access Design Flaw and Fix Could Lead to Performance Drop

[Dza51]

A serious design flaw and security vulnerability has been discovered in Intel's CPUs that will require an update at the operating system level to fix, reports The Register. All modern computers with Intel chips from the last 10 years appear to be affected, including those running Windows, Linux, and macOS.

Full details on the vulnerability aren't yet known as the information is currently under embargo until later in the month. The Register has unearthed some data, however, and it seems the bug allows normal user programs to see some of the contents of the protected kernel memory.

This means malicious programs can potentially, in a worst case scenario, read the contents of the kernel memory, which can include information like passwords, login keys, and more. It's not yet clear how severe the bug is, but The Register speculates that it's significant given the rapid changes being made to Windows and Linux.To fix the bug, the kernel's memory needs to be isolated from user processes using Kernel Page Table Isolation, which could cause a performance hit on some machines. According to The Register, Linux and Windows machines will see a 5 to 30 percent slowdown once the fix is in place.

It's not yet clear how Macs will be impacted, as there is little information available at this time. Software updates are in the works for Linux and Windows, and though not mentioned, Apple is also likely working on a fix for the issue.

Full details on what's known about the vulnerability can be found at The Register, and additional information will be available later this month when complete details on the design flaw are shared.

Article Link: Intel Chips Have Memory Access Design Flaw and Fix Could Lead to Performance Drop

[doublepost=1515060659][/doublepost]https://meltdownattack.com/
Security meltdown update

I bought an Intel CPU from a computer shop, I should sue myself for my decision to buy it? The shop for selling it to me? The distributor the shop bought it from? Are any of these entities responsible for the flawed CPU?

In law, those who do wrong are the ones held responsible. Intel’s lawyers can’t just tell the judge, “well, sure, our client designed and made defective CPUs, but Apple bought them so it’s actually their fault.” Apple played no role in Intel’s designing, manufacturing and selling of defective chips to millions of Intel’s customers (of which Apple is only one).

You present a flawed analogy. VW was sued because they were the responsible party. It was they who decided to cheat on the emissions tests, not Bosch. VW pleaded guilty to fraud and paid $20 billion in fines and penalties because VW executives made the decision to criminally defraud their customers.

In fact, Bosch was also complicit, as VW didn’t know how to program the software to recognize emissions testing and (only) activate the emissions controls properly when this compliance testing was detected. Bosch knew, or should have known, why VW asked them to make the software operate as it did.

So your analogy falls apart, since Bosch did have a role in VW’s deliberate and criminal fraud, and was therefore held accountable. They paid hundreds of millions of dollars in the US for writing that cheat software, albeit at VW’s request.

 

[jerwin]

https://meltdownattack.com/meltdown.pdf

Abstract

The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access. In this paper, we present Meltdown. Meltdown exploits side effects of out-of-order execution on mod- ern processors to read arbitrary kernel-memory locations including personal data and passwords. Out-of-order execution is an indispensable performance feature and present in a wide range of modern processors. The attack is independent of the operating system, and it does not rely on any software vulnerabilities. Meltdown breaks all security assumptions given by address space isola- tion as well as paravirtualized environments and, thus, every security mechanism building upon this foundation. On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affect- ing millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR [8] has the important (but inad- vertent) side effect of impeding Meltdown. We stress that KAISER must be deployed immediately to prevent large-scale exploitation of this severe information leak- age.

https://spectreattack.com/spectre.pdf

Abstract

Modern processors use branch prediction and specula- tive execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects.

Spectre attacks involve inducing a victim to specula- tively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adver- sary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim’s process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating sys- tem process separation, static analysis, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing/side-channel attacks. These attacks repre- sent a serious threat to actual systems, since vulnerable speculative execution capabilities are found in micropro- cessors from Intel, AMD, and ARM that are used in bil- lions of devices.

While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruc- tion set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.

and now for some pictures that should remove the glaze from your eyes.

This is from the spectre paper

and this is from the meltdown paper:

 

[PsykX]

In what terms was it 80% faster? Just spec-for-spec?

In Apple's terms
They had a slide about it in the keynote when they revealed the iPad Pro.
They didn't specify if it's spec-for-spec or based on benchmarks (i.e. GeekBench), it would make more sense if it's a benchmark score though because it's easier to compare. Specs nowadays don't mean a lot (ex : 2.4 GHz today is way faster than it was 10 years ago).

 

[chucker23n1]

I bought an Intel CPU from a computer shop, I should sue myself for my decision to buy it? The shop for selling it to me? The distributor the shop bought it from? Are any of these entities responsible for the defective CPU? Or would that be Intel?

If you bought a CPU from Intel, that's an entirely different case.

Under consumer law depending on your country, the shop may in fact be responsible for warranty. But beyond that, you bought a retail product, making Intel responsible.

In law, those who do wrong are the ones held responsible. Intel’s lawyers can’t just tell the judge, “well, sure, our client designed and made defective CPUs, but Apple bought them so it’s actually their fault.” Apple played no role in Intel’s designing, manufacturing and selling of defective chips to millions of Intel’s customers (of which Apple is only one).

If you buy an Apple product, it doesn't matter that it contains a component from Intel that fails. Apple can sue Intel, but you will want to sue Apple, not Intel. It wasn't your decision to choose an Intel CPU, AMD GPU, Samsung SSD, and all the other dozens of manufacturers. Nor was it your decision for Apple to outsource actual manufacturing to Foxconn, yet nobody is suggesting suing Foxconn.

You present a flawed analogy. VW was sued because they were the responsible party. It was they who decided to cheat on the emissions tests, not Bosch. VW pleaded guilty to fraud and paid $20 billion in fines and penalties because VW executives made the decision to criminally defraud their customers.

I didn't bring up the VW analogy, and it's irrelevant anyways as, once again, the Intel case isn't one of fraud.

In fact, Bosch was also complicit, as VW didn’t know how to program the software to recognize emissions testing and (only) activate the emissions controls properly when this compliance testing was detected. Bosch knew, or should have known, why VW asked them to make the software operate as it did.

That may be relevant in criminal law, but is irrelevant to you as a customer who wanted a car.
[doublepost=1515086265][/doublepost]

On the contrary here. You would go after Intel for selling defective hardware. You, the consumer would go through Apple, who would then in turn go to Intel for supplying defective hardware.

You're contradicting yourself. The latter statement is exactly right.

Your course of action would be to go through Apple to get the hardware fixed, but it in turn would be at Intel's expense.

Yes.

If I built my own computer (which I do for a living), my grievance would directly be with Intel.

Yes, if you did buy retail CPUs from Intel. But that's not the typical case here. Especially not on a site called "MacRumors".

For the servers I maintain, I would go through Dell (the one who we bought the hardware from), but Dell would then charge Intel for the entire incident.

My point exactly.
[doublepost=1515086375][/doublepost]

In what terms was it 80% faster? Just spec-for-spec?

Err. "Faster than 80% of the laptops" was the claim, not "80% faster".

 

[belvdr]

Err. "Faster than 80% of the laptops" was the claim, not "80% faster".

While my question was mistyped, it is still valid.

 

[jerwin]

Err. "Faster than 80% of the laptops" was the claim, not "80% faster".

apple plays it fast and loose.

On apple's website, the ipad pro was claimed to be 80 percent faster than ipad air 2. And the ipad air 2 was claimed to be "as fast as a laptop". And because apple used a laptop chip in one of it's imacs (the super slow bargain basement version), there you go...

Alas, the wayback machine is too slow today for me to enjoyably trawl through apple's ad campaigns. The keynotes are even more prone to exaggeration, but I don't have time to listen to Schiller.

Ah, the power of dedicated AES circuitry!

 

[dogslobber]

Source ?

Me.

 

[PickUrPoison]

Because Intel isn’t the company you’re buying hardware from. Apple is.

When the Volkswagen scandal happened, you didn’t sue Bosch, who made the software. You sued VW, who sold you the car.

Apple’s not responsible for Intel’s defective processor. Intel alone is responsible for their mistake, and will be held accountable.

In your VW analogy, Apple is like VW, and Intel is like Bosch? Bad analogy.

VW was sued because they were responsible for their mistake—namely, the decision to cheat emissions tests.

Unlike VW, Apple was not responsible for their supplier’s actions. Apple didn’t ask (and pay for) defective CPUs.

Contrarily, VW did ask, and pay for, the cheat software. VW was responsible for that decision, and they paid $20 billion in fines and penalties for it.

Your analogy would be fine if Apple had asked Intel for defective processors. Then Apple would be the responsible party, and I would be first in line to sue them.

 

[Martyimac]

Apple’s not responsible for Intel’s defective processor. Intel alone is responsible for their mistake, and will be held accountable.

In your VW analogy, Apple is like VW, and Intel is like Bosch? Bad analogy.

VW was sued because they were responsible for their mistake—namely, the decision to cheat emissions tests.

Unlike VW, Apple was not responsible for their supplier’s actions. Apple didn’t ask (and pay for) defective CPUs.

Contrarily, VW did ask, and pay for, the cheat software. VW was responsible for that decision, and they paid $20 billion in fines and penalties for it.

Your analogy would be fine if Apple had asked Intel for defective processors. Then Apple would be the responsible party, and I would be first in line to sue them.

Don't know exactly how it applies but Bosch was held accountable, to what degree I cant really tell, but part of the money that VW has to pay in penalties to current TDI owners, came directly from Bosch. I know because I have already received the check from Bosch.

 

[FilthyMcNasty]

I designed cpus for many years and no one ever asked me to insert a back door. Like I said - possible, but I don’t believe it.

 

[cmaier]

LoL.

 

[PickUrPoison]

Don't know exactly how it applies but Bosch was held accountable, to what degree I cant really tell, but part of the money that VW has to pay in penalties to current TDI owners, came directly from Bosch. I know because I have already received the check from Bosch.

Yes, they were complicit in the fraud and settled in the US for a few hundred million. They knew, or should have known, why VW wanted the software to operate as requested (i.e. to cheat the emissions compliance testing).

So if Apple had asked Intel to provide defective processors, and Intel had done so, both Apple and Intel would be responsible for that to the end user.

Since Apple didn’t do that, that’s why they’re not like VW, and won’t be held responsible for Intel’s screwup. That was my point to the OP, who thought Apple should be sued instead of Intel.

 

[jamesrick80]

For those who paid for $5000 Macs....you should still be in your return period. That price could have been cut in half with AMD Ryzen.

 

[chucker23n1]

Apple’s not responsible for Intel’s defective processor.

To me as a consumer, they absolutely are.

Intel alone is responsible for their mistake, and will be held accountable.

I didn’t buy from Intel. Nor from a supplier Intel works with. Nor from an engineer who works at Intel. I bought from Apple.

But please, do go ahead and look at a parts & suppliers list from Apple so you get to talk to Intel, AMD, Foxconn, LG, Samsung, Dialog, NXP, … directly. Or you could talk to Apple, since you bought from them, and trusted them to make good choices.

Unlike VW, Apple was not responsible for their supplier’s actions. Apple didn’t ask (and pay for) defective CPUs.

Apple gave vendors specs, and chose Intel. They reap the benefits and suffer the consequences from such a choice.

 

[cmaier]

To me as a consumer, they absolutely are.



I didn’t buy from Intel. Nor from a supplier Intel works with. Nor from an engineer who works at Intel. I bought from Apple.

But please, do go ahead and look at a parts & suppliers list from Apple so you get to talk to Intel, AMD, Foxconn, LG, Samsung, Dialog, NXP, … directly. Or you could talk to Apple, since you bought from them, and trusted them to make good choices.



Apple gave vendors specs, and chose Intel. They reap the benefits and suffer the consequences from such a choice.

Of course part of showing that you've been injured in some way is showing that you could have given your money to someone other than apple and received a satisfactory substitute. It's not clear that this is the case.

 

[chucker23n1]

Of course part of showing that you've been injured in some way is showing that you could have given your money to someone other than apple and received a satisfactory substitute. It's not clear that this is the case.

Yup.

But suppose I had a weak iPhone battery. Any battery supplier Apple picked (including them designing their own battery cells) could’ve given me a similar result — it’s simply the state of the tech. There’s no substitute that would’ve prevented this from happening. And yet I wouldn’t file a warranty claim against, say, LG Chemical. Nor throw my hands in the air. I’d talk to Apple.

 

[PickUrPoison]

To me as a consumer, they absolutely are.



I didn’t buy from Intel. Nor from a supplier Intel works with. Nor from an engineer who works at Intel. I bought from Apple.

But please, do go ahead and look at a parts & suppliers list from Apple so you get to talk to Intel, AMD, Foxconn, LG, Samsung, Dialog, NXP, … directly. Or you could talk to Apple, since you bought from them, and trusted them to make good choices.



Apple gave vendors specs, and chose Intel. They reap the benefits and suffer the consequences from such a choice.

In the US, anyone can sue anyone. That doesn’t mean you’re going to win. In this instance, you can sue Best Buy for selling you the computer, Apple for making it, and Intel for actually providing the defective CPU.

But if you think Best Buy or Apple is going to be required by a court to pay for any damage Intel’s defective processor has caused you, you are mistaken.

US courts assess damages against those responsible. The responsible party is Intel, they designed the defective CPU. Apple isn’t responsible for Intel’s defective processor. They spec’ed the CPU, sure—but not a defective CPU.

 

[pastrychef]

I want to sue John Doe for fathering the guy who drove the UPS truck that delivered the computer that Apple made using a CPU designed by Intel to my house.

 

[cube]

3 class actions have already been filed against Intel in different states.

 

[bradl]

3 class actions have already been filed against Intel in different states.

Nah... we didn't see that one coming.

Funny thing is, AMD and ARM will probably some filed against them as well. This is nasty.

Anyone know where Cyrix is nowadays?

BL.

 

[cube]

Anyone know where Cyrix is nowadays?

It was sold to Nat Semi who sold it to VIA.

VIA is going to produce some 64-bit CPUs to compete against the 8 cores.

 

[0014]

Apparently intel are saying they have patched most of the computers that are up to 5yrs old and the patch makes them immune now.

The reported slowdown is also only for servers, intensive apps and graphical work. Most users won't notice a difference in day to day use allegedly.

 

[Luis Ortega]

time to go AMD or ARM

What chips are affected?
Intel, which makes most of the chips used in PCs, is the most heavily affected. It said Thursday it has already issued updates for the majority of CPUs — the chips that handle the instructions a computer receives from hardware and software, sometimes known as the "brain" of the computer — introduced within the past five years. By the end of next week it expects to have issued updates for more than 90% of processors introduced within the past five years.

Chip-maker Advanced Micro Devices, whose products are mostly used in corporate server computers and personal computers, originally said it didn’t believe its products were at risk for the flaw. It has since updated that to say that one of the potential attacks could be used on some of its chips. It encouraged its customers to use safe computing practices, including “not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, and accepting regular software updates.”

ARM, whose chips are primarily used in smart phones and electronic devices such as e-readers, televisions, cable boxes and cars, said that only a small subset of its chips were vulnerable and listed them on its website. It has also published a technical paper outlining how the flaws can be mitigated.

 

[macsrcool1234]

What chips are affected?
Intel, which makes most of the chips used in PCs, is the most heavily affected. It said Thursday it has already issued updates for the majority of CPUs — the chips that handle the instructions a computer receives from hardware and software, sometimes known as the "brain" of the computer — introduced within the past five years. By the end of next week it expects to have issued updates for more than 90% of processors introduced within the past five years.

Chip-maker Advanced Micro Devices, whose products are mostly used in corporate server computers and personal computers, originally said it didn’t believe its products were at risk for the flaw. It has since updated that to say that one of the potential attacks could be used on some of its chips. It encouraged its customers to use safe computing practices, including “not clicking on unrecognized hyperlinks, following strong password protocols, using secure networks, and accepting regular software updates.”

ARM, whose chips are primarily used in smart phones and electronic devices such as e-readers, televisions, cable boxes and cars, said that only a small subset of its chips were vulnerable and listed them on its website. It has also published a technical paper outlining how the flaws can be mitigated.

yes that came out after i posted my message. but the intel chips are far more vulnerable.

 

[jerwin]

HOW is intel fixing this? What does the new microcode do?