More Intel leaks.. this one is not good though

[LAwLz]

18 minutes ago, pas008 said:

link to the bolded?

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

 

Quote

Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].

 

 

[LAwLz]

37 minutes ago, Xirhanna said:

Enlighten me then instead of being rude about it.  I was just stating things based on what I know or assumed.  I wasn't telling him what to do, I was simply suggesting it.

I did enlighten you. AMD are vulnerable to similar exploits as well. In fact, all modern processors are. Even your phone is.

And no, you were telling him what to do.

 

You said:

Quote

For your sake, I would encourage a switch to AMD now... I think this is important enough to merit it as financially viable.

Quote

You could sell your Intel hardware and buy AMD stuff now.  It'll be safer for you in the future I think.

You might argue that because you didn't put a gun to his head and force him to sell his Intel processors and buy Intel you didn't "tell him what to do", but I think any sane person would classify your statements as "telling him what to do".

You told him to sell his Intel processors and buy AMD ones, and you threw in some fear mongering to strengthen your suggestion.

 

You should not give people advice if you don't fully understand the situation. I've seen you tell people to not buy Intel processors but instead go for AMD ones in several threads already. You're spreading dangerous misinformation, not only because you are possibly misleading people into buying a product worse suited for their needs, but also because you give AMD users a false sense of security.

[Bit_Guardian]

39 minutes ago, LAwLz said:

I don't think you know how security audits work...

It's not like they look through code and then find all the issues. It's not like in a video game where you will get a progress bar, and once it reaches 100% you're done and your code is 100% secure.

 

This was an issue that was overlooked by:

• Microsoft
• GNU/Linux
• VMWare
• Intel
• AMD
• Nvidia
• ARM
• Apple
• MIPS

 

IBM (Power 8 & 9 are vulnerable to Spectre)

Fujitsu (cloud computing and datacentre construction provider)

Oracle (Sparc M7 is also vulnerable)

Joyent (Samsung's cloud computing arm)

HPE (cloud computing provider)

VIA (yup, vulnerable VIA x86 CPUs too)

Qualcomm (Centriq is affected)

Cavium (Thunder X/2 is affected)

 

That covers all the big players you missed.

[pas008]

48 minutes ago, LAwLz said:

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

 

 

 

ok read that one lol

mind you I keep forgetting its 2018 now was thinking you meant 2016

 

laugh at me I am

 

[luigi90210]

1 hour ago, LAwLz said:

 

AMD is also vulnerable to Spectre. I think it's reckless of you to give advice when you clearly know very little about the situation.

AMD is only really vulnerable to spectre if there is physical access to the device and exploit 1 is really(its not the only one but its the easier of the 2 to run) the only exploit that can be run on AMD(which has been patched by microsoft already) exploit 2 is a lot harder to run since it requires deep intricate knowledge of where everything is stored on the cpu and what those exact addresses are, its not like the intel where addresses are stored on the chip, AMD processors do not store this information on the chip and yes it's still vulnerable to the attack, its not nearly as risky as it would be to be on an intel platform right now, if i understand this wrong please educate me on this

as to why i will be switching? mostly because i use older intel hardware and i dont know how the performance hit is going to affect company workflow, if i happen to get hit with the 30% worst case scenario, it might slow down my workflow enough that it justifies a switch

i'm not so worried about my intel core machines being hit hard, its my old 775 xeon workhorse as well as some of the C2D machines that i have deployed that might suffer the most(or worst case it might not get patched since the computer is old to which i will be forced to replace) 

[ravenshrike]

1 hour ago, leadeater said:

Why should they have found it a long time ago? Are you assuming it was easy to find? Are you also assuming that it was a glaring and obvious design flaw?

 

A flaw that has a significant impact that is extremely critical does not imply that it was easy to find.

The counterpoint to this is that clearly the people at AMD thought of the security concerns of allowing lower permission processes access to a higher level permission memory pipeline when they designed their chip and explicitly did not allow it. They may not have though of it in terms of the specific vulnerability of speculative execution, but that's not really relevant from a security standpoint.

[leadeater]

4 minutes ago, ravenshrike said:

The counterpoint to this is that clearly the people at AMD thought of the security concerns of allowing lower permission processes access to a higher level permission memory pipeline when they designed their chip and explicitly did not allow it. They may not have though of it in terms of the specific vulnerability of speculative execution, but that's not really relevant from a security standpoint.

Yea I said something similar in an earlier post. Intel's not free from criticism but it sounds like some ARM chips might be vulnerable to Meltdown as well, they are still working on that. The researchers are still suspicious of AMD processors too and are working on that as well, though I think that is much less likely than the select ARM chips under suspicion. 

[Zodiark1593]

3 minutes ago, leadeater said:

Yea I said something similar in an earlier post. Intel's not free from criticism but it sounds like some ARM chips might be vulnerable to Meltdown as well, they are still working on that. The researchers are still suspicious of AMD processors too and are working on that as well, though I think that is much less likely than the select ARM chips under suspicion. 

ARM did confirm that thr Cortex A75 is vulnerable to Meltdown. Apple also mentioned implicitly that mitigations for Meltdown were included in Mac OS and iOS, implying that their custom CPU too may be vulnerable to Meltdown.

 

I've heard literally nothing of Qualcomm's custom architectures (Krait, Kryo). Qualcomm is even more tight lipped than Apple.

[leadeater]

5 minutes ago, Zodiark1593 said:

I've heard literally nothing of Qualcomm's custom architectures (Krait, Kryo). Qualcomm is even more tight lipped than Apple.

[Bit_Guardian]

38 minutes ago, ravenshrike said:

The counterpoint to this is that clearly the people at AMD thought of the security concerns of allowing lower permission processes access to a higher level permission memory pipeline when they designed their chip and explicitly did not allow it. They may not have though of it in terms of the specific vulnerability of speculative execution, but that's not really relevant from a security standpoint.

Oh good lord. AMD took a security design right off the shelf from ARM (which has its own well-documented critical flaws which even affect the Snapdragon 835). No need to beatify them into sainthood...

 

It is relevant, however, from a marketing, PR, and QA perspective. AMD got lucky. Dolling it up any more than that is a pure lie.

27 minutes ago, Zodiark1593 said:

ARM did confirm that thr Cortex A75 is vulnerable to Meltdown. Apple also mentioned implicitly that mitigations for Meltdown were included in Mac OS and iOS, implying that their custom CPU too may be vulnerable to Meltdown.

 

I've heard literally nothing of Qualcomm's custom architectures (Krait, Kryo). Qualcomm is even more tight lipped than Apple.

There's rumor that Centriq 2400 is vulnerable as well (and that rumor came from a source at RedHat, so I wouldn't dismiss it yet). Testing is ongoing for Qualcomm and Cavium processors. Both are vulnerable to Spectre. It's not yet known if they're vulnerable to MeltDown.

[AresKrieger]

This thread makes me happy I'm not a mod, crazy people, fanboys, misinformation and general toxicity seems to be very strong here

1 hour ago, luigi90210 said:

as to why i will be switching? mostly because i use older intel hardware and i dont know how the performance hit is going to affect company workflow, if i happen to get hit with the 30% worst case scenario, it might slow down my workflow enough that it justifies a switch

i'm not so worried about my intel core machines being hit hard, its my old 775 xeon workhorse as well as some of the C2D machines that i have deployed that might suffer the most(or worst case it might not get patched since the computer is old to which i will be forced to replace) 

Well two things one you can test this prior to making a decision as you know what software you use and two the update will be available to any currently supported windows os (7,8,10) Linux OS's and what ever apple currently supports not that they matter in this scenario, so if that doesn't apply to you then its not getting an update currently (and likely ever)

 

1 hour ago, ravenshrike said:

The counterpoint to this is that clearly the people at AMD thought of the security concerns of allowing lower permission processes access to a higher level permission memory pipeline when they designed their chip and explicitly did not allow it.

Patents are the more likely reason they didn't design it in the same manner intel did, regardless security is a crap shoot it's impossible to have no holes all you can do is limit the number you make initially and plug any that pop up down the line.

[straight_stewie]

I've always hated speculative execution anyways. It seems to me that if you are faster 50% of the time and slower 50% of the time then you really didn't gain anything at all. IMO speculative execution would only be worth it if there were a means to follow all paths of execution, and then select the correct one when the decision was made.

[Bit_Guardian]

10 minutes ago, straight_stewie said:

I've always hated speculative execution anyways. It seems to me that if you are faster 50% of the time and slower 50% of the time then you really didn't gain anything at all. IMO speculative execution would only be worth it if there were a means to follow all paths of execution, and then select the correct one when the decision was made.

It's faster 90% of the time and slower 10%, and that's for something as piss-poor as MIPS.

 

Senior Google engineer of distributed systems and OS kernel customizer. Watch end to end.

 

 

 

[straight_stewie]

2 minutes ago, Bit_Guardian said:

It's faster 90% of the time and slower 10%, and that's for something as piss-poor as MIPS.

That's in a best case analysis... We have to look at average case here. In worst case it's significantly slower, requiring a rewind every branch. In best case it guesses correctly nearly ever time.

[Bit_Guardian]

2 minutes ago, straight_stewie said:

That's in a best case analysis... We have to look at average case here. In worst case it's significantly slower, requiring a rewind every branch. In best case it guesses correctly nearly ever time.

No, that's in a 6-deep, 30-way branch table.

 

Seriously, watch the video end to end. Intel's branch predictor is more on-point than anyone else's in the world, and it actually has patents to the algorithms it uses.

[straight_stewie]

8 minutes ago, Bit_Guardian said:

It's faster 90% of the time and slower 10%, and that's for something as piss-poor as MIPS.

 

Senior Google engineer of distributed systems and OS kernel customizer. Watch end to end.

 

cppcon_2016_chandler_carruth_garbage_in_garbage

Can you repost the video please?

[Bit_Guardian]

Just now, straight_stewie said:

Can you repost the video please?

Done.

[Zmax]

Anyone have the patch number. I think I have it and I do not see any degradation of performance

 

Of course my games are very low user of the CPU so no big deal. 

[NumLock21]

Okay I ran some CB15 on my desktop this time and here are the results. What I first did was unplug from the internet so that windows does not automatically download and install that update. I ran it 3 times before the update and 3 times after. Scores are in the order they are run at from 1st run to 3rd run. The update I've installed was the Delta update. With that update installed, windows will not accept the cumulative update, says "it's already installed on this computer".

 

OpenGL, Multicore, Singlecore

 

Before update

99.43,106.9,150 / 99.8,1073,149 / 99.8, 1074, 149

 

After update

101.64, 1070,148 / 100.50, 1078, 149, / 100.19, 1075,148

 

 

[Taf the Ghost]

Anyone seen any HEDT performance testing yet? Considering NVMe drives seem the hardest hit by this so far, I'm curious about tasks that really thrash the I/O, but it's going to be a while before the extensive testing is done. 

 

I'm also curious if something like the 4770k with a 1080 Ti, in a game that can hit the CPU limit, might show some heavier gaming performance. Gaming doesn't necessarily have hard CPU bottlenecks in the ways something like a Render task does.

[porina]

9 hours ago, NumLock21 said:

Ran it 5 times and here they are. The results is after applying the update

There's something else going on there. The scores are all over the place, so I don't think this is usable for any comparison.

2 hours ago, NumLock21 said:

Okay I ran some CB15 on my desktop this time and here are the results. What I first did was unplug from the internet so that windows does not automatically download and install that update. I ran it 3 times before the update and 3 times after. Scores are in the order they are run at from 1st run to 3rd run. The update I've installed was the Delta update. With that update installed, windows will not accept the cumulative update, says "it's already installed on this computer".

 

OpenGL, Multicore, Singlecore

 

Before update

99.43,106.9,150 / 99.8,1073,149 / 99.8, 1074, 149

 

After update

101.64, 1070,148 / 100.50, 1078, 149, / 100.19, 1075,148

This is much more stable, and I think we can say there is no significant difference here. 

 

I believe the delta update contains only changed files, or changes to files, allowing a smaller download size. The cumulative update includes all files, thus is bigger. If successfully applied it should be the same afterwards.

1 hour ago, Taf the Ghost said:

Anyone seen any HEDT performance testing yet? Considering NVMe drives seem the hardest hit by this so far, I'm curious about tasks that really thrash the I/O, but it's going to be a while before the extensive testing is done. 

Not specifically, but I'm keeping an eye on storage testing. Just saw the following at PCPer:

https://www.pcper.com/news/Storage/Meltdowns-Impact-Storage-Performance-Really-Issue

 

They tested 3 devices:

 

Intel Optane 900P 480GB (Intel NVMe driver)

Samsung 960 EVO 500GB (Samsung NVMe driver)

Samsung 850 EVO 500GB (Intel RST driver)

 

Interestingly, only the 960 Evo saw a performance drop, which sounds roughly consistent with the earlier Hardware Unboxed results with a 950 Pro. PCPer's performance for Optane and 850 Evo (SATA) actually went up. They speculate there may be other updates/optimisations in the update. My own testing with a Crucial MX300 SATA showed no significant difference. I think we need more data to see if there is a pattern here. If there might be something about Samsung NVMe drives (PCPer also used Windows nvme driver with no change), or a wider impact.

[Stefan Payne]

When you think it can't get any worse (for Intel)

 

It really gets way way worse...

 

Sadly the Link is in German but its bad. Really bad...

http://www.spiegel.de/netzwelt/gadgets/spectre-und-meltdown-die-wichtigsten-antworten-zu-den-schwachstellen-in-prozessoren-a-1186193.html

 

In short: They were wondering why Intel was so interested in one of the security patches they were proposing.

With that you could come to the conclusion that Intel knew about this at the time...

[NumLock21]

24 minutes ago, Stefan Payne said:

When you think it can't get any worse (for Intel)

 

It really gets way way worse...

 

Sadly the Link is in German but its bad. Really bad...

http://www.spiegel.de/netzwelt/gadgets/spectre-und-meltdown-die-wichtigsten-antworten-zu-den-schwachstellen-in-prozessoren-a-1186193.html

 

In short: They were wondering why Intel was so interested in one of the security patches they were proposing.

With that you could come to the conclusion that Intel knew about this at the time...

Tin foil hat level over 9000!

[jagdtigger]

3 minutes ago, NumLock21 said:

Tin foil hat level over 9000!

Many things that turned out to be true were labeled as tinfoil hat theory so you(and others too) shouldn't throw it around so easily...

[LAwLz]

10 hours ago, luigi90210 said:

AMD is only really vulnerable to spectre if there is physical access to the device

[Citation Needed]

I've seen this get reported a few times now but nobody has been able to provide me with a source, leading me to believe it's some misinformation being spread.

 

10 hours ago, luigi90210 said:

the only exploit that can be run on AMD(which has been patched by microsoft already)

[Citation Needed] for Spectre being patched already. From what I have seen and heard, only Meltdown is patched at the time of writing.

 

8 hours ago, straight_stewie said:

I've always hated speculative execution anyways. It seems to me that if you are faster 50% of the time and slower 50% of the time then you really didn't gain anything at all. IMO speculative execution would only be worth it if there were a means to follow all paths of execution, and then select the correct one when the decision was made.

It is not at all a "50% of the times it's faster, and 50% of the times it's slower".

 

37 minutes ago, Stefan Payne said:

When you think it can't get any worse (for Intel)

 

It really gets way way worse...

 

Sadly the Link is in German but its bad. Really bad...

http://www.spiegel.de/netzwelt/gadgets/spectre-und-meltdown-die-wichtigsten-antworten-zu-den-schwachstellen-in-prozessoren-a-1186193.html

 

In short: They were wondering why Intel was so interested in one of the security patches they were proposing.

With that you could come to the conclusion that Intel knew about this at the time...

Can you please give a summary? We already know that Intel, AMD and ARM got info about these exploits in June 2017.