Support NeoGAF

[Meh3D]

Update
Jan 3, 2018

• Exploits have been undisclosed: Meltdown and Spectre. First discovered by University of Graz in Austria, German security firm Cerberus Security, and Google's Project Zero a year ago.
  LINK
  
  

  Meltdown
  The first problem, Meltdown, is the one that stimulated the flurry of operating system patches. It uses speculative execution to leak kernel data to regular user programs....
  
  The researchers say they haven't been able to perform the same kind of kernel memory-based speculation on AMD or ARM processors, though they hold out some hope that some way of using this speculation offensively will be developed. While AMD has stated specifically that its chips don't speculate around kernel addresses in this way, ARM has said that some of its designs may be vulnerable, and ARM employees have contributed patches to Linux to protect against Meltdown.
  
  For systems with Intel chips, the impact is quite severe, as potentially any kernel memory can be read by user programs...
  
  Spectre
  
  Owners of AMD and ARM systems shouldn't rest easy, though, and that's thanks to Spectre. Spectre is a more general attack, based on a wider range of speculative execution features. The paper describes using speculation around, for example, array bounds checks and branches instructions to leak information, with proof-of-concept attacks being successful on AMD, ARM, and Intel systems.
  
  
  In the immediate term, it looks like most systems will shortly have patches for Meltdown. At least for Linux and Windows, these patches allow end-users to opt out if they would prefer. The most vulnerable users are probably cloud service providers; Meltdown and Spectre can both in principle be used to further attacks against hypervisors, making it easier for malicious user to break out of their virtual machines.

  
  
  
  
• Damage Control: Intel accuses media of being inaccurate and says saying it's not just it's own processors claiming the "processors are susceptible to the exploit" without naming them. (Press Release.)
  
• The UK's National Cyber Security Centre (NCSC) says this is a problem with Intel processors specifically. LINK
  
• ARM confirmed that Cortex-A processors are affected LINK
  
• Some are reporting up to 50% decline in performance. ArsTechnica
  However, their source for this claim is claiming 34% on Ivy Bridge. @grsecurity
• Macs have been patched with more to come in 10.13.3 according to Alex Ionescu
• PHD student shows off a simple proof of concept exploit. LINK

************************************************************************************************************


Posting this on the gaming side as there is still an active PC hardware community who are still building/upgrading their computers to Kaby/Coffee/Ryen/Threadripper/NVME/ Geforce etc...

The gist of it:

So there is big news going on about a security exploit that is currently embargoed to allow companies like Amazon, Google, Apple, etc. to patch. Users got wind of this when noticing peculiar updates to the Linux kernel which are being tested. Because of the embargo this have been worked out by looking at the fix being tested. The issue is that there is a hardware security bug that allows an attacker in user space to read the kernel's memory. This is huge especially in virtualized environments (Amazon EC2, MS Azure, Google Compute) and can only be fixed via software.

This security bug and the particular exploit is embargoed. So far we know it affects all Intel CPU's from the last decade until now running Windows, Linux, Unix, BSD, MacOS and may affect AMD** in software. So far we know that Intel's CPU's that use speculative execution ( it's a feature™ ) can be exploited in such a way that allow an unprivileged user to circumvent kernel memory protection. We'll know more soon....

**AMD CPU's so far are not as affected according to the Linux discussion for now as the issue is being isolated to Intel CPU's.. This can change and so far on the mailing list people are approaching on the side of caution for all x86 CPUs until testing and full disclosure of the exploit(s).

AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against....

if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);

The register is reporting in their test a worst case of 23% on Intel though the test is not exhaustiveLINK

Some are bringing up the Intel CEO because he sold all his shares but the minimum required amount he must have during his tenure. There is no proof this is related. LINK

 

[Meh3D]

My thoughts on this are ... WOW. The tech industry has started 2018 with a BANG! I've been reading around and some are thinking this is good news for AMD. "Christmas came for AMD" was a term I read. I think this embarrassingly shortsighted and over all hurts the industry. This is much bigger than Intel vs AMD thus my concerns don't revolve around that.

Moreover I believe this is not a disaster as it could be much worst. That is unless the reason this was discovered was because everyone was breached/exploited using this method. I'm hopefully the systems in place for these kinds of events worked and thus are being resolved.

There is also something to be said on the dangers of having a single supplier though and I believe the industry is going to react to this in a big way.

 

[godhandiscen]

lol

 

[deadscreensky]

Huh. Hard to get too worked up over this just yet, prior to more details, but this is definitely looking like it might be a huge deal.

In my view this being good news for AMD (and this seems like the case) isn't as shortsighted as you're arguing. It seems likely this problem is so serious because we have something close to an Intel monoculture on PCs, as you note, so this example of natural selection in action might be very healthy in the long run. A stronger competitor to Intel in the future would make problems like this less massive.

 

[LordOfChaos]

I wonder why the Intel CEO just sold a shitload of stocks

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx


How far back do we have to go to find CPUs that don't have process-context identifiers, which the quoted article says will reduce the performance hit? And what's the different levels of support for the feature? Sandy Bridge apparently has it, but it's not listed on Nehalem (which aside from performance and efficiency reasons, you is already compromised and patched and is old anyway).

So it's not the end of the world, but it's pretty bad. Though if AMD remains unaffected and the fix can't avoid losing up to 23% of your performance, on a longer timeframe it may be a boon to competition.

 

[Meh3D]

Huh. Hard to get too worked up over this just yet, prior to more details, but this is definitely looking like it might be a huge deal.

In my view this being good news for AMD (and this seems like the case) isn't as shortsighted as you're arguing. It seems likely this problem is so serious because we have something close to an Intel monoculture on PCs, as you note, so this example of natural selection in action might be very healthy in the long run. A stronger competitor to Intel in the future would make problems like this less massive.

Why do you believe it's good news for AMD? So far AMD is not out of the woodwork yet. AMD is trying to get themselves removed from the linux mailing group discussions but so far their removal has been refused. (I agree with this based on what we know.)

I don't believe AMD will be selling more CPU's because of this (commercial, enterprise.) This is going to affect everyone's bottom line. Confidence in purchasing either AMD's or Intels hardware is going to drop until this issue is resolved in silicon. This will hurt AMD more so than Intel. This is why I don't think it's good for AMD, I think it will be worse.

I don't believe this will bring out a stronger competitor, I predicting this will pave the way for "strong competitors." Google and Apple seem to be safe bets.

 

[nkarafo]

Does this affect older cpus like haswell or sandy bridge?

Edit: Just saw it affects all cpus in the last decade so that seems like a yes.

 

[Hubble]

Does this affect Intel CPUs on Windows?

 

[deadscreensky]

Why do you believe it's good news for AMD? So far AMD is not out of the woodwork yet. AMD is trying to get themselves removed from the linux mailing group discussions but so far their removal has been refused. (I agree with this based on what we know.)

I don't believe AMD will be selling more CPU's because of this (commercial, enterprise.) This is going to affect everyone's bottom line. Confidence in purchasing either AMD's or Intels hardware is going to drop until this issue is resolved in silicon. This will hurt AMD more so than Intel. This is why I don't think it's good for AMD, I think it will be worse.

I don't believe this will bring out a stronger competitor, I predicting this will pave the way for "strong competitors." Google and Apple seem to be safe bets.

I'm admittedly no pro at any of this, but from everything I've looked through I have a fair bit of confidence that AMD hardware is entirely unaffected. The Register article you linked is quite clear on this:

Your Intel-powered machine will run slower as a result.

Right now the Linux patch might be universal (i.e, CPU agnostic), but there's no reason to keep it that way. Devs are just rushing, AMD hardware doesn't need to take this sort of performance hit. Realistically when everything settles this is something like a 10% effective performance boost for AMD processors.

So this seems to be complete incompetence on the part of Intel alone, and that's going to fight against the idea of 'never getting fired for buying Intel'. It certainly has only raised my confidence in going with AMD when I replace the Intel CPU I'm using right now. I have no idea why this would make anybody nervous about going with AMD.

Strong competitors would definitely be ideal, but unless Google and Apple were already planning on being that I doubt this will make a difference. This will be a huge deal for products in 2018, but for obvious reasons not so much after that. (Just like nobody today cares about a similar problem early Phenoms had like a decade ago.)

 

[Md Ray]

Huh... No wonder my Ivy Bridge i5 struggles to get even 45fps consistently in AC: Origins.

 

[Henrar]

Does this affect Intel CPUs on Windows?

This affects Windows, Linux and macOS (the last one - probably).

 

[Shifty]

So a retroactive performance hit for all Intel CPUs released in the last decade?

Ouch. Going to be keeping an eye on this...

 

[Kamina]

I read in comments of some of these links that Coffee Lake CPUs are apparently not affected?
Any information on that?

 

[DanEON]

Ok, so will it cause performance impact in games too??

 

[Shifty]

Ok, so will it cause performance impact in games too??

Yes. CPU-bound ones in particular.

 

[michaelius]

What scenarios are affected? Does attacker need to be inside network?

 

[Aklamarth]

What scenarios are affected? Does attacker need to be inside network?

No, the attack is possibly only by running the code from local machine.

 

[RoboFu]

That’s going to hurt a lot of server centers for sure who cheaped out on low clocked xenons.

 

[TheHellsLord]

Ok, so will it cause performance impact in games too??

The performance impact depends on the actual workload. If the workload requires lots of calls into kernel mode for I/O it can be up to 23% slower. One example of such workloads would be database systems (SQL Server, etc.).

As for gaming - I've not seen benchmarks yet. Affected are operations that are not done by the game code (actual calculations, reading/writing data to RAM) but rather the kernel (reading data from disk, accessing the network and driver calls (including graphics drivers)). So most affected going by that would be load times, perhaps texture streaming and likely games that do lots of separate draw calls (so basically what Vulkan and DX12 aim to improve).

We will still need to wait for actual benchmarks. Databases tend to access the disk often loading rather small junks of data. Meanwhile games tend to load bigger sections (e.g. textures being quite big in size nowadays).

As this is a hardware bug it will affect any and all OSes. We know that Microsoft is field testing patches through the preview program. We don't know wether Microsoft will filter by CPU_ID as the proposed patch for Linux does - lets hope so. As for MacOS there is no information yet but the bug is present in their hardware as well, so if they want to get rid of the security issue they will have to mitigate it in software as well and pushing the Kernel Code out of the virtual memory of the end user processes seems to so far be the only solution software engineers have come up with.

 

[DoctorEkkoUK]

can someone explain the jist of this to me as if I was very simple?

 

[TheHellsLord]

can someone explain the jist of this to me as if I was very simple?

Intel made a mistake 10 years back and repeated it ever since, so there are security issues on PCs with their CPUs. There is a way to make your PC more secure through software but it means that the way programs talk to the OS needs to be changed. The new way is secure but also takes quite a bit longer.

Conclusion: As soon as the security patch is installed it will take longer for a program (like a game) to talk to the Operating System. If this happens rarely in a program you won't notice much of a difference. If this happens often it can be up to 23 % slower.

We don't know yet to what degree this affects different games.

 

[DoctorEkkoUK]

Intel made a mistake 10 years back and repeated it ever since, so there are security issues on PCs with their CPUs. There is a way to make your PC more secure through software but it means that the way programs talk to the OS needs to be changed. The new way is secure but also takes quite a bit longer.

Conclusion: As soon as the security patch is installed it will take longer for a program (like a game) to talk to the Operating System. If this happens rarely in a program you won't notice much of a difference. If this happens often it can be up to 23 % slower.

We don't know yet to what degree this affects different games.

Thanks, and wow that's crazy.

 

[Z3M0G]

Next week is going to be interesting...

 

[TheHellsLord]

So, at least on Linux we now have first results on gaming performance and there impact seams fortunately to be rather minimal: https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests

 

[Ahasverus]

Intel made a mistake 10 years back and repeated it ever since, so there are security issues on PCs with their CPUs. There is a way to make your PC more secure through software but it means that the way programs talk to the OS needs to be changed. The new way is secure but also takes quite a bit longer.

Conclusion: As soon as the security patch is installed it will take longer for a program (like a game) to talk to the Operating System. If this happens rarely in a program you won't notice much of a difference. If this happens often it can be up to 23 % slower.

We don't know yet to what degree this affects different games.

I'm not installing shit

 

[Blam]

Nice shit Intel so I'd assume this is in your i9 processors as well?

 

[Spaltazar]

I wonder why the Intel CEO just sold a shitload of stocks

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

is that legal? he should have known that this was coming right? doesn't sound right to me to cash in like that when you know shit is gonna hit the fan

 

[Agent_4Seven]

10 fucking years! Christ almighty!! It is for sure one of the greatest fuck-ups in hardware history. Who's gonna buy intel CPUs now after all this? Damn, AMD is probably LTAO right now.

 

[b0bbyJ03]

Has this been patched already or is that still incoming?

 

[TheHellsLord]

Has this been patched already or is that still incoming?

Linux Guys are putting it in the newest Kernel release right now.

Microsoft seems to have been rolling it out to Windows Preview members but not yet to the general public.

The information has not been publicized by the companies involved (to avoid the security issue being exploited before a patch is ready). The patch rollout is expected to be imminent (as for Windows next Tuesday is Microsoft's scheduled patch day (the second tuesday in any given month) is a likely candidate if the patch is ready).

 

[Dalauz]

what about Consoles?

 

[Oemenia]

Edit: Yeah I read that wrong.

 

[MrBenchmark]

what about Consoles?

This is almost too good to be true but are we seriously looking at a 30% increase in performance for all our CPUs?

Might kit out my Q9550 with a decent GPU if so!

WTF! Did you read anything in the OP?


One - what CPU’s are in consoles? Think hard.
Two- 30% performance hit yeah break out that old core2 cpu great idea.

 

[TheHellsLord]

what about Consoles?

What about them? Consoles don't use Intel CPUs so there will be no need to adapt the software in that regard.

 

[Dalauz]

WTF! Did you read anything in the OP?


One - what CPU’s are in consoles? Think hard.
Two- 30% performance hit yeah break out that old core2 cpu great idea.

yes

"
This security bug and the particular exploit is in embargoed. So far we know it affects all Intel/ AMD* CPU's from the last decade until now running Windows, Linux, Unix, MacOS. We'll know more soon...."""

 

[TheHellsLord]

yes

"
This security bug and the particular exploit is in embargoed. So far we know it affects all Intel/ AMD* CPU's from the last decade until now running Windows, Linux, Unix, MacOS. We'll know more soon...."""

AMD sent in a patch for the Linux Kernel that disables the mitigation steps on AMD CPUs due to them not being affected by that particular issue (according to the comments included with said patch).

It's unlikely AMD would take steps to disable this if they were affected as well.

Edit: Here's the link to that patch on the Linux Kernel Mailing List: https://lkml.org/lkml/2017/12/27/2

 

[b0bbyJ03]

Linux Guys are putting it in the newest Kernel release right now.

Microsoft seems to have been rolling it out to Windows Preview members but not yet to the general public.

The information has not been publicized by the companies involved (to avoid the security issue being exploited before a patch is ready). The patch rollout is expected to be imminent (as for Windows next Tuesday is Microsoft's scheduled patch day (the second tuesday in any given month) is a likely candidate if the patch is ready).

Thanks for the info. Appreciate it.

 

[MrBenchmark]

AMD sent in a patch for the Linux Kernel that disables the mitigation steps on AMD CPUs due to them not being affected by that particular issue (according to the comments included with said patch).

It's unlikely AMD would take steps to disable this if they were affected as well.

Edit: Here's the link to that patch on the Linux Kernel Mailing List: https://lkml.org/lkml/2017/12/27/2

Exactly and if anyone wishes to read a more educated discussion on this head over to the thread at HardOCP

 

[c0de]

Does this affect Intel CPUs on Windows?

Yes. It's a hardware "fault" which is solved by software.

 

[c0de]

Yes. CPU-bound ones in particular.

That's not really true. IO seems to be a major point to take a hit.

 

[c0de]

10 fucking years! Christ almighty!! It is for sure one of the greatest fuck-ups in hardware history. Who's gonna buy intel CPUs now after all this? Damn, AMD is probably LTAO right now.

We should wait until further details arise and then we can blame Intel if applicable.

 

[c0de]

yes

"
This security bug and the particular exploit is in embargoed. So far we know it affects all Intel/ AMD* CPU's from the last decade until now running Windows, Linux, Unix, MacOS. We'll know more soon...."""

It really affects as for Linux, they seem to apply this also to AMD currently. And AMD is already complaining rightfully.

 

[Dogavir]

As for gaming - I've not seen benchmarks yet. Affected are operations that are not done by the game code (actual calculations, reading/writing data to RAM) but rather the kernel (reading data from disk, accessing the network and driver calls (including graphics drivers)). So most affected going by that would be load times, perhaps texture streaming and likely games that do lots of separate draw calls (so basically what Vulkan and DX12 aim to improve).

That doesn't sound too good for my performance in Fallout 4 and the VR version especially :/

 

[_A2]

Huh... No wonder my Ivy Bridge i5 struggles to get even 45fps consistently in AC: Origins.

I don't really see the relation... Great example of not even reading the op.

In other news here is the comparison with patched windows, currently not publicly available:
https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/
There's games including Asscreed and some benchmarks. Overall seems to a slight reduction in cpu heavy tasks, in the order of a couple of percent.

 

[Great Poster]

This seems like a big deal, but to me, the FDIV bug was a bigger issue, maybe I'm wrong. I know they're stock took a beating.

https://en.wikipedia.org/wiki/Pentium_FDIV_bug

 

[TheHellsLord]

This seems like a big deal, but to me, the FDIV bug was a bigger issue, maybe I'm wrong. I know they're stock took a beating.

https://en.wikipedia.org/wiki/Pentium_FDIV_bug

It really depends. The FDIV bug was limited to that series of Pentium CPUs. This now seemingly impacts 10 years worth of CPUs. In addition the software patch that made sure the issue did not occur on the pentium cost around 1% performance - this, depending on the workload, can reach up to 23%.

Intel took quite a hit back then by simply promising to exchange affected CPUs even though most people didn't do it. They could not financially exchange the number of CPUs affected now (aside from the huge number of CPUs soldered on instead of socketed nowadays).

FDIV however resulted in incorrect results, which KPTI/FUKWIT does not. So in the eyes of some it might be less of an issue.

 

[LordOfChaos]

is that legal? he should have known that this was coming right? doesn't sound right to me to cash in like that when you know shit is gonna hit the fan

He sold down to his minimum legal holding, so I think it's as legal as can be gotten away with within those laws.

 

[llien]

10 fucking years! Christ almighty!! It is for sure one of the greatest fuck-ups in hardware history. Who's gonna buy intel CPUs now after all this? Damn, AMD is probably LTAO right now.

I think it is very unlikely to get levels of attention it deserves.

 

[Meh3D]

I'm admittedly no pro at any of this, but from everything I've looked through I have a fair bit of confidence that AMD hardware is entirely unaffected. The Register article you linked is quite clear on this:
....

I think you're not really giving yourself credit here. When I say you, I mean specifically you, have read up on the issue and you don't have to be "pro" to do that. Most will not, and most don't bother to go into those specifics which happens.

Speaking of which I did some research on my own. In a Neogaf exclusive, here is the white paper for speculative execution published in 2006 as a speed enhancement feature.

On the topic of AMD, I'm with the Kernel developers on this. Until full disclosure and appropriate penetration test they're approaching all x86 as potentially unsafe. It's really how this work until hardware is tested. Ironic that Intel revealed this as a feature 10 years ago .

He sold down to his minimum legal holding, so I think it's as legal as can be gotten away with within those laws.

Word on the street is Martha Stewart went to jail for less. LINK

Exactly and if anyone wishes to read a more educated discussion on this head over to the thread at HardOCP

Unfortunately, that thread is on the decline FAST.

 

[Edvardelis]

what about Consoles?

Even if they had the bug it's far far harder to run arbitrary code on a console than it is on a computer. As systems go they're locked down pretty tightly to begin with.