More Intel leaks.. this one is not good though

[jagdtigger]

2 minutes ago, Vode said:

If Intel lobbies for AMD CPUs getting the same „fix“ I‘m gonna shove my X99 mobo up Krzanichs butt. ?

They already done it... Read my previous post.

[ionbasa]

3 minutes ago, Vode said:

If Intel lobbies for AMD CPUs getting the same „fix“ I‘m gonna shove my X99 mobo up Krzanichs butt. ?

Keep an eye out on:

https://patchwork.kernel.org/patch/10133447/

 

[Princess Luna]

@porina Windows AMD Version, Windows Intel Version, soon enough Windows VIA Version

 

For real though, only time can tell what happens I insist that the money invested in programming and developing to Windows is absurdly higher than whatever Intel/AMD invests in Linux(without counting with Microsoft's own team) so expect the Windows patch to be less harmful to performance ain't wrong at all, functionality on the lower level software side of things has its singularities too between the OSs.

 

I was gonna say hey worse case scenario I'll just trade my i7 8700 on a Ryzen+ but fairly sure regardless the case Intel will still be ahead in performance so why bother [:

[FeralWombat]

Not sure if this was posted already here (apologies if it was tho):

 

[FeralWombat]

What does this news mean for the end user however? I understand there are larger scale implications, however in such situations we end up worrying about our own. Would users with a chip still under warranty be eligible for a replacement/ (partial) refund, as it seems only hardware change will provide a full fix? what about those with outdated sockets, who will cover motherboard replacements? More questions than answers at this point unfortunately. 

[Princess Luna]

14 minutes ago, Nicholatian said:

All you can hope for is that whatever app you're running makes a minimal amount of syscalls until you can get a non-broken CPU.

Oh you don't have to worry about me, worry about those on past gens i3's I get a new processor at every meaningful new release.

 

My brother and I have a Ryzen 7 1800x sitting around gathering dust.

[Vode]

1 hour ago, jagdtigger said:

They already done it... Read my previous post.

Gonna need some lube and a plane ticket then.

[jagdtigger]

2 minutes ago, Vode said:

Gonna need some lube and a plane ticket then.

You can spare all that by booting the kernel with the nopti kernel command-line parameter.

[FeralWombat]

Someone please correct me if I'm wrong. The risk of this flaw being exploited is mitigated by disabling javascript from the web browsers?

[Stefan Payne]

2 minutes ago, FeralWombat said:

Someone please correct me if I'm wrong. The risk of this flaw being exploited is mitigated by disabling javascript from the web browsers?

You are wrong and has nothing to do with it.

The Problem is that programms can break out of the userspace and into the kernelspace without proper authorisation.

 

This has never ever happened on hardware basis. A faulty driver that allows that happened in the past though.

[FeralWombat]

12 minutes ago, Stefan Payne said:

You are wrong and has nothing to do with it.

The Problem is that programms can break out of the userspace and into the kernelspace without proper authorisation.

 

This has never ever happened on hardware basis. A faulty driver that allows that happened in the past though.

Uhm, quote from the register article which prompted my question

 

Quote

Impact

It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.

 

[TVwazhere]

And here I was hoping 2018 would be a good year. We aernt even three days in and I wake up to this shit.  Hopefully the real world daily use performance hit is more like 5% rather than 30%

[Vode]

58 minutes ago, jagdtigger said:

You can spare all that by booting the kernel with the nopti kernel command-line parameter.

Since I have no idea what that is I'll stick to my original plan.

[Emberstone]

I see this right after I get an 8700K. There is a god and he’s a dick.

[FeralWombat]

this + Intel CEO share sale + https://www.computing.co.uk/ctg/news/3023702/via-technologies-reveals-plans-for-x86-64-cpus-to-compete-against-amd-and-intel

 

[Nocte]

3 hours ago, ionbasa said:

Keep an eye out on:

https://patchwork.kernel.org/patch/10133447/

 

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c47de4e..7d9e3b0 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -923,8 +923,8 @@  static void __init early_identify_cpu(struct cpuinfo_x86 *c)
 
 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
 
-	/* Assume for now that ALL x86 CPUs are insecure */
-	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+	if (c->x86_vendor != X86_VENDOR_AMD)
+		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
 
 	fpu__init_system(c);

With that if clause AMD processors shouldn't be flagged?

I read it as if x86 vendor is not AMD then setup X86_BUG_CPU_INSECURE. Meaning that all CPUs except those sold by AMD are going to receive page table isolation?

Or am I reading it wrong?

[Stefan Payne]

35 minutes ago, FeralWombat said:

Uhm, quote from the register article which prompted my question

Yes, Javascript was just an example for something that can be used.

 

But disabling it doesn't help you much because the issue is that you can do stuff you aren't supposed to do, gain access to areas you aren't supposed to.

 

 

The Problem is not imaginable but at least a Fukushima or Tschernobyl on the desaster scale...

 

[cj09beira]

9 minutes ago, Eibe said:

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c47de4e..7d9e3b0 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -923,8 +923,8 @@  static void __init early_identify_cpu(struct cpuinfo_x86 *c)
 
 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
 
-	/* Assume for now that ALL x86 CPUs are insecure */
-	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+	if (c->x86_vendor != X86_VENDOR_AMD)
+		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
 
 	fpu__init_system(c);

With that if clause AMD processors shouldn't be flagged?

I read it as if x86 vendor is not AMD then setup X86_BUG_CPU_INSECURE. Meaning that all CPUs except those sold by AMD are going to receive page table isolation?

Or am I reading it wrong?

ya you are right, it is checking if the cpu is an amd cpu or not, very interesting, (so did the guys that made the articles not seen this??? )

edit: sorry i got it wrong, they have both version of the code "implemented" but commented out the version where amd hardware is unaffected 

edit2: i am super confused now, what does the - and + mean, is it that those lines were removed? 

and the others added?

Edited January 3, 2018 by cj09beira

[bcredeur97]

this is insane. wow. 

 

 

30% performance hit is *general* or specific to a type of task?

[cj09beira]

Just now, bcredeur97 said:

this is insane. wow. 

 

 

30% performance hit is *general* or specific to a type of task?

one specific task that heavenly uses the type of command that would have this exploit

[Nocte]

6 minutes ago, bcredeur97 said:

this is insane. wow. 

 

 

30% performance hit is *general* or specific to a type of task?

The severity of the performance hit varies depending on the task (how many system calls or interrupts are made - if I got it correctly).

The peak was 30%. It usually hovers between 5 and 30%.

[Labeled]

14 hours ago, DrMacintosh said:

Yep. I don't store any of those things on my computer anyway. 

 

Not gonna gave to Intels BS if this is true.

You've never logged in to any accounts on that computer? It's not about stored, it would be able to grab from kernal memory. 

 

 

Let's put it this way, you're browsing the web then get infected with some thing Malicious designed to take advantage of this bug, then not knowing you've been infected you log into your bank account, steam account, any account for that matter could be compromised. 

[Nocte]

16 minutes ago, cj09beira said:

what does the - and + mean, is it that those lines were removed? 

and the others added?

Seems the most obvious explanation. But I cannot vouch for it. 

[cj09beira]

21 minutes ago, Eibe said:

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c47de4e..7d9e3b0 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -923,8 +923,8 @@  static void __init early_identify_cpu(struct cpuinfo_x86 *c)
 
 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
 
-	/* Assume for now that ALL x86 CPUs are insecure */
-	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+	if (c->x86_vendor != X86_VENDOR_AMD)
+		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
 
 	fpu__init_system(c);

With that if clause AMD processors shouldn't be flagged?

I read it as if x86 vendor is not AMD then setup X86_BUG_CPU_INSECURE. Meaning that all CPUs except those sold by AMD are going to receive page table isolation?

Or am I reading it wrong?

ok both of us were right at the start, the - represents lines that were removed and + represents added lines, which means the code doesnt force the "fix" to amd cpus, which is good news 

[cj09beira]

2 minutes ago, Eibe said:

Seems the most obvious explanation. But I cannot vouch for it. 

i found at the top of the page 2 lines that say that 2 lines were removed and 2 added, which would imply that i was correct

@DoctorWho1975  you could add this bit of news discussed just above this comment, were we found out that the current code doesn't affect amd cpus