RE: Intel CPU Design Flaw

[harrym]

Hi,

Was wondering if devs have had any thoughts over how this may or may not affect Affinity product performance?

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Probably not a good time to be putting any new updates or betas into the mix though!

Regards

[DWright]

This issue is with the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) that have been identified to have security vulnerabilities and they have released a firmware update for this issue, More information regarding this can be found on this Intel webpage 

 

You can download the Intel detection tool will check your processor and firmware to see if you are vulnerable to this security issue and it can be downloaded from here

 

 

[v_kyr]

@DWright

Nope, that has nothing to do with the Intel Management Engine (ME) problems here, it's instead another Intel CPU hardware "Kernel Address Space Layout Randomization" (KASLR) problem where kernel vulnerabilities could occur. Actually with KPTI („KAISER“) the OS vendors try to build fixes (patches) which require massive kernel remodeling in virtual memory management. This effects all platform OS kernels here aka Win, Mac and Linux systems.

[MikeW]

The Intel ME bug is from November or so of 2017.

 

This is a new bug hitting Intel chips back to successor to the original Pentium chip.

[firstdefence]

just checked mine and it flagged as vulnerable so promptly dashed off to Dell, so thanks for the heads up people.

[MikeW]

9 minutes ago, firstdefence said:

just checked mine and it flagged as vulnerable so promptly dashed off to Dell, so thanks for the heads up people.

 

Do note that checker is not valid for yesterday's new bug. The new bug is only going to get patched at the OS level for existing CPUs.

[firstdefence]

3 minutes ago, MikeW said:

 

Do note that checker is not valid for yesterday's new bug. The new bug is only going to get patched at the OS level for existing CPUs.

Noted.

[SrPx]

 

Ouch, the patches might cause from a 5 to a 30% of performance loss?  (have read even possible a 65% in older machines...)

 

And it is BIG.... affecting mostly I/O operations (and cpu intensive operations having many syscalls, whatever the heck that is...). I wonder how it'd affect working with large multilayered print files at high resolution.The issue is that a user process can access Kernel's protected areas (and read all sort of private data), but only for intel CPUs, not AMDs. Patch in Windows is coming pretty soon...

 

Hello, AMD Ryzen....And I was doubting between a Ryzen 7 and the i7 8700k....this clears it up...

[SrPx]

This can be a game changer for the AMD / Intel fight, indeed. Yet though, games seem will be mostly unaffected in the performance loss by the fix. (I dont' know why people is so sure... I'd be to think it'd affect them as well... Not that I'd matter, tho. Heavy 2D and 3D editing, there's where all my worries are, specially in old machines. )

[v_kyr]

AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against.  The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

For the Linux kernel they disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.

Just saw that one here, LOL ...

[v_kyr]

Forgotten to mention, that even bad childs must have names ...

• Meltdown and Spectre - Bugs in modern computers leak passwords and sensitive data

... some technical info papers about those vulnerabilities.

[Mithferion]

Good thing I have my good friend AMD FX.

Best regards!

[DWright]

Intel has released this public statement regarding the news reports of the security flaw in Intel only processors.

[v_kyr]

According to Google "Today's CPU vulnerability: what you need to know" these vulnerabilities affect many CPUs, also including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

Microsoft last night prepared a Windows-Update, though people should by all means first read this here related to that update ...

• Important information regarding the Windows security updates released on January 3, 2018 and anti-virus software

[IanSG]

16 hours ago, MikeW said:

The Intel ME bug is from November or so of 2017.

 

This is a new bug hitting Intel chips back to successor to the original Pentium chip.

The ME bug, Meltdown and Spectre were all found around the same time, but the news of Meltdown and Spectre was published before the chip manufacturers could produce a joint statement.  It's not just Intel processors that are affected - AMD and ARM have the same problem.

 

[v_kyr]

BTW Alex Ionescu explains on Twitter, that macOS 10.13.2 includes a bug fix for the CPU vulnerability that allows attackers to gain access to kernel memory under certain conditions and use it to acquire sensitive information. This error correction has been further improved in the currently under development update macOS 10.13.3, writes Ionescu there.

[firstdefence]

13 hours ago, SrPx said:

 

Ouch, the patches might cause from a 5 to a 30% of performance loss?  (have read even possible a 65% in older machines...)

 

And it is BIG.... affecting mostly I/O operations (and cpu intensive operations having many syscalls, whatever the heck that is...). I wonder how it'd affect working with large multilayered print files at high resolution.The issue is that a user process can access Kernel's protected areas (and read all sort of private data), but only for intel CPUs, not AMDs. Patch in Windows is coming pretty soon...

 

Hello, AMD Ryzen....And I was doubting between a Ryzen 7 and the i7 8700k....this clears it up...

@SrPx  No perceived slowdown on this machine, I think most people wouldn't even notice if a machine slowed down a bit. Slowed down or speeded up this whole speed thing is fractional at best, I love the description; blazingly fast... what the heck does that mean? in relation to what? the last blazingly fast device lol!

[R C-R]

2 hours ago, v_kyr said:

BTW Alex Ionescu explains on Twitter, that macOS 10.13.2 includes a bug fix for the CPU vulnerability that allows attackers to gain access to kernel memory under certain conditions and use it to acquire sensitive information. This error correction has been further improved in the currently under development update macOS 10.13.3, writes Ionescu there.

From what I can glean from various sources, it may be that macOS 10.13.2 eliminates the vulnerability only on systems with newer Intel CPUs but it is not clear if that is accurate or which older ones might still be vulnerable.

[v_kyr]

@R C-R

The keyword here is actually "partially", see for example this translate: Report: Intel chip gap in macOS High Sierra already fixed - partially

Quote

...This offers "surprises," he said, but did not comment due to Apple's developer privacy agreement...

 

[R C-R]

12 minutes ago, v_kyr said:

@R C-R

The keyword here is actually "partially", see for example this translate: Report: Intel chip gap in macOS High Sierra already fixed - partially

If you mean commentary like in the linked article saying, "However, the fix does not seem to be perfect yet. According to Ionescu, Apple is working on further fixes for the upcoming macOS version 10.13.3," that seems to be a misinterpretation of what Ionescu said in the Twitter post, which he cleared up in the comments:

[SrPx]

Quote

@SrPx  No perceived slowdown on this machine, I think most people wouldn't even notice if a machine slowed down a bit. Slowed down or speeded up this whole speed thing is fractional at best, I love the description; blazingly fast... what the heck does that mean? in relation to what? the last blazingly fast device lol!

 

Sorry, am a bit dense right now...Do you have Ryzen 7 or i7 8700k ? Anyway, I was inclined for the ryzen already for another reasons (but not for a large difference). And I understood that you have already applied the patch and do not notice any slow down... Anyway, I do put every machine I handle to maximum stress, sooner or later...I'm worse than the bug.

 

I'd notice like heck in this dinosaur am having even a 5% of performance loss ('cause is at the very limit for everything, today)... let alone a 30%, or a 65% as I've read some potential situations after applying this MS patch...After 9 years with the same machine, to me even a pentium 4460 is "blazingly fast" . The good part : I've taught my arcane ninja-dinosaur to fight the hardest battles. I can still do all my graphics works with it... What wont I'd be able to do with a young Ryzen-San...

 

If you have not been offered the security update, you may be running incompatible anti-virus software and you should follow up with your software vendor.

 

Let's hope is not one of those.... "only a few privileged ones" (read: highly paying or... of "family members") will (the antivirus companies) have the access to that . I'm trying to think is not yet another "strange income source"... Like... would be quite a fast way to get ride of the competition (from friendly a.virus companies) or put them in disadvantage... Maybe I should have ONE coffee after lunch, NOT two... triggers my conspiranoia levels...

[firstdefence]

@SrPx Not to worry, I get through more tin foil hats, they block the incoming signals from the mothership

Personally, I think Malware companies have a vested interest in keeping everyone in a state of continual fear, much like the news does. I love how they think letting news readers drink a cuppa on air makes the news more trustworthy "hey grunts we're just like you guys, look we drink tea and coffee too" 

Dang I must have a hole in my foil hat the signals are getting in. [twitches and swats imaginary fly]

[SrPx]

yepp... kind of indeed was reading articles in that line, now.... like this one :

 

https://www.computerworld.com/article/3245788/microsoft-windows/windows-meltdown-and-spectre-keep-calm-and-carry-on.html

 

But if is just scaremongering, or a way to force users to get a certain patch for other reasons, they fooled (again) my main country's TV news to give it a serious treatment....

 

[R C-R]

17 minutes ago, firstdefence said:

Personally, I think Malware companies have a vested interest in keeping everyone in a state of continual fear, much like the news does.

I assume you mean anti-malware companies but whatever you want to call them I think for the most part they are doing what they are supposed to do for legitimate reasons.

 

The real problem is the news coverage. In the rush to 'scoop' the competition there is very little fact checking going on, a lot of speculation being reported as fact or foregone conclusion, & at best a half-hearted attempt at putting things in perspective. Particularly on web sites, they start using each other as sources, & within hours everybody is repeating the same, often out-of-date or incomplete or inaccurate stuff.

[v_kyr]

The overall problem here is that some media press articles and news are just copying informations over from a bunch of sources without any deeper recherching (checking) or real understanding of the underlying technical aspects and so what's finally essientially true or not here. Like in the silent post game kids played some time ago this can lead to information mismatch. So it then often from some sources looks more like a "me too" questionable reporting style than instead of trustworty information.