Holy. Crap. Intel CPU security flaw, "fix" causes 5-30% slowdown

fencepost

fencepost

Well-Known Member
Reaction score
2,314
Location
Schaumburg, IL
I'm honestly not quite sure what to say about this. https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Basically all Intel processors produced in the last decade have a design flaw, potentially exploitable even from Javascript(!) that can result in disclosure of the contents of kernel/privileged memory. Actually fixing it can't really be done without replacing the processor, but Windows and Linux developers (and probably *BSD and Apple) are implementing workarounds likely to be released this month. Those workarounds are likely to result in as much as a 30% performance hit on older equipment, less on newer systems that include related virtualization and memory handling changes that make the workaround easier.

The big concern is that this may allow bypassing of ASLR, which randomizes the location of sections of memory so exploits are unable to affect relevant chunks.

Edit: Additional notes
 
Last edited:
I guess the most concern is ability to read someone else's memory on a virtualized cloud server. If attacker runs Amazon or Azure or whatever instance, they can theoretically read (either all or kernel-only) memory of other virtual machines running on the same hardware. This may quickly cause the great cloud password dumping.
 
Password dumping or private keys. Seems to me that many of the dangers of Heartbleed apply here, except with memory that's not restricted to the web server.
 
I doubt it will affect share price much, and even less likely to have any lasting effect. I just checked and I was unable to find FDIV bug on a historical stock chart (and FDIV was big back then). FOOF looks worse but still the effect, if any, did not last.

The performance hit will be associated with userland to kernel transition, which is fairly expensive already, so it won't really be that big except for some specific tasks. Unlikely to be noticeable by the Mk I Eyeball in everyday situations.
 
Last edited:
What's ugly is that it's going to hit anything disk-intensive hardest, since the filesystem is in kernel space not userland. Early tests by Phoronix indicated Postgres at least taking a noticeable performance hit, and I doubt that MySQL/MariaDB are doing anything that looks very different at a disk access level. Windows also has filesystem access via system call, so the same issues are going to apply to databases, etc. running on Windows.

Thinking about it from a raw architectural standpoint there might be ways to work around it with message passing and dedicated cores, but anything that would benefit enough for that kind of major change would probably just be better served with new processors, assuming that the OS changes are applied only in situations where they're required.
 
YeOldeStonecat said:
This kind of stuff right here needs to have rules put in place that allowing hanging by the scrotum on a meat hook
Click to expand...
Wow Stonecat, I would never have expected such blatant sexism from you. There is no reason that women CEO's should be spared this pain, and while I'm not 100% familiar with the female anatomy, I'm pretty sure there is no scrotum to hang them by. This rule would create a gigantic loophole that favors female CEO's.
 
As far as fixing it I'm not sure how easy it'll be, but apparently it's not something that can be fixed in microcode (kind of like firmware specifically for the CPU), so it's probably going to take a while and some hardware redesigns. Until more details are actually widely available, I'm not sure anyone can really answer this.

Re: Microcode, a nice little summary: https://stackoverflow.com/questions/4366837/what-is-intel-microcode#4369480
worthwhile info in the comments on the top answer as well, e.g. "Instructions with a throughput of less than one in [the] list are not microcoded. To achieve a throughput less than one, multiple instructions must be decoded in the same clock and only the first decoder handles microcoded instructions. Instructions with a throughput of greater than one are probably microcoded."
 
Last edited:
Not having been a fly on the wall I doubt there is anything shady. Sure, he exercised some stock options and kept his holdings to the minimum required. Unless he's planning on leaving or suddenly turns into a doofus he's sure to get more options. These rich people have all sorts of things to worry about that us unwashed masses do not.
 
Some information that will help us explain to clients the problem and possible solutions. It is going to be fun trying to explain this to Upper Management today.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

https://support.microsoft.com/en-us...or-it-pros-to-protect-against-speculative-exe

Microsoft has included the following PS script in the KB above.
========================================================
Verifying protections are enabled

To help customers confirm whether protections have been enabled, Microsoft has published a PowerShell script customers can run on their systems.

Customers can install and run the script by running the following commands:

PowerShell Verification

Install the PowerShell module

PS > Install-Module SpeculationControl

Run the PowerShell module to validate protections are enabled

PS > Get-SpeculationControlSettings

The output of this PowerShell script will look like the following. Enabled protections will show in the output as “True”.

PS C:\> Get-SpeculationControlSettings

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is present: True

Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: True

Windows OS support for kernel VA shadow is present: True

Windows OS support for kernel VA shadow is enabled: True

Windows OS support for PCID optimization is enabled: True
 
Customer Identification: xxxxxxxxxxxxxxxxxxxxxxxxxxx
Event Type: Announcement Event
Subject: Event 53338231 - Service Disruption -- Bare Metal Maintenance Required

=================================================================
/ Event Description /
IBM Cloud Systems Engineers have been notified of a security vulnerability affecting Bare Metal devices. Due to the nature of this vulnerability and the components which are affected, a Firmware Update and Operating System Update will be required. Please watch for these updates as they become available in your control portal. We will push these notifications as soon as we receive updates from the relevant vendors.

If assistance is required, please contact IBM Cloud support. Additional information on Bare Metal servers can be found at: http://knowledgelayer.softlayer.com/topic/bare-metal-server

IBM Cloud

/ Items Associated With This Event /
Item ID | Hostname | Public IP | Private IP | Item Type

{list redacted}

/ Event Updates /


=================================================================
IBM Cloud (formerly IBM Cloud) sent you this email because your contact address is linked to an account in our customer database. This email is used exclusively as our channel for notifying you about critical issues that may affect your service, and for important company news that could affect your business. You are receiving this note because the message above directly concerns one of your accounts. If you do not wish to receive these important notifications at this address, please update your contact information or notification subscriptions in the customer portal.

If you have received this email in error, or you are concerned about suspicious activity concerning your account, please contact security@softlayer.com.
IBM Cloud | 14001 North Dallas Tollway Suite M100 Dallas, TX 75240 | +1-866-325-0045
 
You must log in or register to reply here.
Back
Top