Jump to content

New found CPU bug could seriously downgrade performance for most of us


Azimech

Recommended Posts

Once upon a time I used to program and do the interrupt calls directly . . . 21h. You could do that up until Windows Millenium 98 (noone actually was dumb enough to buy millenium). 

BTW, at least part of the problem is not new, implementation of Virtual Memory Page storage is basically the point were your OS goes from 60 MPH to 1 MPH and most of the slow-down was unnecessary. The so-called swap file generally tried to swap more memory that was necessary, and windows was very poor at cleaning up memory it did not need. The Microsoft aps frequently loaded with all the procedures they needed but many they hardly used that could be keep in DLL files. If you worked in an institution this proved to have rather annoying and time consuming consequences. For example Norton's CIS would try to load all its definitions onto the computer at start up (keeping in mind the old WinNT OS could only access up to 3 gb of memory, and the OS takes up 400m . CIS up to 1 gig. .by the time all the constitutive stuff was loaded there was little space left for the user.

I suspect its not a bug, its probably a feature that some lawyers and engineers sat down and designed to give the 'ultimate' processor protection, realizing the loss of power, and blind to its unintended consequences. Intel specifically designed CPU protection because the OSs were asking for them, they did not want the users peeking and poking the memory. When your OS is loaded before you have a chance to access the process it puts the CPU in a protected state, your stuff talks to the Kernal and the kernal talks to the processor. If this done really securely, such as OS2 and higher, there is no way a process can take over the machine, for example, from the keyboard you can always stop a process, even a do_loop that has no exits.

Don't be surprised if this is not another way the powers that be try to find ways to get in and access your computer without your knowledge.

 

Link to comment
Share on other sites

My understanding is that performance drop for KSP will not be significant. It's an issue with needing to secure kernel calls, something that usually happens during file I/O, not intensive physics calculations like the Unity rigid-body-physics engine.

Regardless, I'm under the impression it has to deal with fiddly details of how speculative execution is done, an unanticipated method of accessing secure information. What's interesting to me is that Google claims AMD chips are vulnerable, while AMD claims they're secure from it... despite using the same x86-64 instruction set as Intel, with many of the same hardware mechanisms.

Link to comment
Share on other sites

1 hour ago, Starman4308 said:

My understanding is that performance drop for KSP will not be significant. It's an issue with needing to secure kernel calls, something that usually happens during file I/O, not intensive physics calculations like the Unity rigid-body-physics engine.

Regardless, I'm under the impression it has to deal with fiddly details of how speculative execution is done, an unanticipated method of accessing secure information. What's interesting to me is that Google claims AMD chips are vulnerable, while AMD claims they're secure from it... despite using the same x86-64 instruction set as Intel, with many of the same hardware mechanisms.

There are two separate issues here: named meltdown and spectre.  Meltdown is Intel only, spectre seems to hit Intel much harder.  The ARMs (used in tablets and phones, not compatible with Intel) vary with the weakest units not vulnerable as they don't speculate enough to hit this (everything is run in order).

My poor AMD [bulldozer: the old wimpy one], can't afford to lose any performance.  No idea if AMD's better system was invented when they designed it.

Link to comment
Share on other sites

FUD - nothing but FUD.  (fear, uncertainty, doubt)

Actual performance impact for most user-related workloads is ~1%.  Gaming impacts are negligible.  (on either Intel or AMD)

http://www.tomshardware.com/news/meltdown-spectre-exploits-intel-amd-arm-nvidia,36219.html

(now, if you are running a virtualized datacenter, the performance impact is a bit more 'real'.... but then you should get back to work on patching your servers rather than reading this...)

Link to comment
Share on other sites

10 minutes ago, wumpus said:

There are two separate issues here: named meltdown and spectre.  Meltdown is Intel only, spectre seems to hit Intel much harder.  The ARMs (used in tablets and phones, not compatible with Intel) vary with the weakest units not vulnerable as they don't speculate enough to hit this (everything is run in order).

Incorrect, even according to AMD. Bound check bypassing hits almost all modern CPUs, but can be patched in software by very strict isolation of kernel functions, which is where the performance hit comes in.

Branch target injection is theoretically possible on AMD hardware, but has not yet been demonstrated due to hardware differences. Rogue data cache load is the only one thought to be purely an Intel thing. These two cannot, to my knowledge, be resolved by software patches, except in specific known cases.

EDIT: Either I'm mis-remembering things, or there's conflicting information on what's "Meltdown" and what's "Spectre".

Edited by Starman4308
Link to comment
Share on other sites

From what I understand (from a call made on Dec 26 with previously embargoed information) is that the Linux kernel will not include the fixes on AMD as they don't think it is vulnerable. https://lkml.org/lkml/2017/12/27/2  (this may assume the user/sysadmin patched the chip via microcode, that isn't clear).

There is supposed to be an ARM chip as vulnerable as current Intel chips, but I don't think it is shipping yet.

Link to comment
Share on other sites

1 hour ago, Starman4308 said:

My understanding is that performance drop for KSP will not be significant. It's an issue with needing to secure kernel calls, something that usually happens during file I/O, not intensive physics calculations like the Unity rigid-body-physics engine.

Regardless, I'm under the impression it has to deal with fiddly details of how speculative execution is done, an unanticipated method of accessing secure information. What's interesting to me is that Google claims AMD chips are vulnerable, while AMD claims they're secure from it... despite using the same x86-64 instruction set as Intel, with many of the same hardware mechanisms.

Just add more memory to your system, that's a sure-fire way of reducing the need for file calls. This has always been the case, when KSP says you need 8 gb of memory, you buy 16, thats just the thing to do. This has been the case with the PC since I dunno . . . . . . 1981.

AMD probably has its own separate problems. Remember the axiom 'for every action there is a equal and opposite reaction'. In computing for every added security feature some other feature is compromised. At the forefront is straitline processing speed. Even if you get rid of that you still have some added subprocessors that generate more heat to compensate. So they want to get out on the market something that has the highest rated speed, which means the highest voltage or osscillator speed or both, which means they don't want to add heat added or amp taking subprocessors . . . . . . that's where the compromises comes in.

Most of Intels users are companies . . . . . .they set the standard, they want increased security at the cost of some performance. That is their lunch, the consumer PC market is the icing on the cake. Companies buy lots of the same thing, for example 1000 dell computers configured exactly the same way, this cuts both Intels cost and Dells cost. They can farm out this work to the lowest paid people or contractors that use undocumenteds so that they can cut labor cost to almost nothing. We ran into an issue because we were forced to start using winNT/XP which makes RS232 communication difficult but on Windows 7 RS232 almost becomes impossible, and many new computers don't support RS232 although most laboratory machines, including some being built today have RS232 ports on them. I had a real battle with our IT because they did get the fact that we 'do stuff' and they eventually backed off and we got the Win XP updates. They pulled the plug on some of my machines and those machines could never be revived. Happy to be done with the lot of them. 

You've got to understand this the world of Microsoft-IT departments high-end IT departments . . . they live in a cloud, what you see as a problem, its not particularly in their view . . . .its kind of like a car, if the car is broken to you at your house or you are driving . . .if you take it to a certified mechanic and he plugs in his 15,000$ machine and the machine does not see a problem . . .it doesn't exist. Its like carbon monoxide in Ford explorers.

Windows has bigger problems. Its Windows 10 update cannot throttle bandwidth. If you have two or more computers on a DSL and there is an update, they will shut each other down, they will corrupt each others update, and you will never be able to use either until you wipe off previous updates and reload one from scratch. Its best to keep a Windows 7 machine somewhere that you can backup to, lol. Windows 10 is one of the most poorly designed OS that MS has ever built, in ranks with millenium. Why is this true, because Microsoft doesn't give a rat's rear-end about DSL users, they should have upgraded. Thats what they are . . .thats what they do . . they are arrogant.

There are no surprises here . . . . .they want you to feel inferior that way you will go out an purchase their latest chip. You buy Intel . . .they do something to you and you buy AMD (new MB). . .they do something to you and you buy Intel (and New MB) and so on and so on.

Link to comment
Share on other sites

3 minutes ago, PB666 said:

If you have two or more computers on a DSL and there is an update, they will shut each other down, they will corrupt each others update, and you will never be able to use either until you wipe off previous updates and reload one from scratch.

Can't say I've run into that, having used it since it came out and having at least two PCs running it. If you want to turn off the update sharing which was designed to minimize bandwidth in a multi-PC household, it's in Updates, Advanced, "Choose how updates are delivered." But even with this turned on, I've had few difficulties, and corrupted updates will get skipped because their digital signatures should fail to verify.

What I did run into was an update that broke DHCP, back in December 2016. Had to hand-install an update pack from the Update Catalog to resolve that, and I had to set up a temporary static IPv4 address to get there.

Not sure why you're raising a bunch of this Microsoft ranting in a thread discussing an Intel processor bug.

Link to comment
Share on other sites

3 minutes ago, Gordon Fecyk said:

Can't say I've run into that, having used it since it came out and having at least two PCs running it. If you want to turn off the update sharing which was designed to minimize bandwidth in a multi-PC household, it's in Updates, Advanced, "Choose how updates are delivered." But even with this turned on, I've had few difficulties, and corrupted updates will get skipped because their digital signatures should fail to verify.

What I did run into was an update that broke DHCP, back in December 2016. Had to hand-install an update pack from the Update Catalog to resolve that, and I had to set up a temporary static IPv4 address to get there.

Not sure why you're raising a bunch of this Microsoft ranting in a thread discussing an Intel processor bug.

You mean Wintel . . . . . .thats the reality. Try to install a linux dual boot on a Wintel  machine, Windows wants to be the one an only. You have to basically screw MS to get a workable dual boot system.

49 minutes ago, Green Baron said:

What a steaming pile of s... !

I always used Intel processors, until now. Will switch to AMD asap if boards permit, have to check this.

It won't and how do you know that AMD does not have something worse that has not been identified and how do you know the new designs have something worse you don't know about. Many times these problems suddenly appear when the companies want the consumers to go buy something else.

Remember that marketing is about creating a need and selling to that need.

Link to comment
Share on other sites

11 minutes ago, PB666 said:

It won't and how do you know that AMD does not have something worse that has not been identified and how do you know the new designs have something worse you don't know about. Many times these problems suddenly appear when the companies want the consumers to go buy something else.

I don't. But i feel a bit better :-) Just last year I bought a new machine (Intel) !

Quote

Remember that marketing is about creating a need and selling to that need.

You mean it is all "half as wild" and we're just tricked into buying new stuff / accepting new viral updates ? Listen to what Google says ! :sticktongue:

Edited by Green Baron
Link to comment
Share on other sites

5 hours ago, Green Baron said:

What a steaming pile of s... !

I always used Intel processors, until now. Will switch to AMD asap if boards permit, have to check this.

While Intel chips are affected by the Meltdown bug, AMD processors are affected by the Spectre bug - as are the more powerful ARM processors.

You might as well save your dosh.

Link to comment
Share on other sites

Moderator Warning: A couple of posts have strayed into Conspiracy Theory territory. Stick to facts, and avoid making assumptions about people having ulterior motives for designing CPUs the way they do. Above all, avoid those words "The powers that be", because that could get a warning about breaking rule 2.2.h.

Also, just generally keep things cool here.

Link to comment
Share on other sites

A handy guiding principle, I've found, is this:  Never attribute to malice that which can be adequately explained by stupidity.  An aspect of Occam's razor, basically.

I've been in the software biz for more than a couple of decades, working on many different teams at companies large and small.  And while I have seen examples of actual skulduggery at the technical level... in my experience, those tend to be vanishingly rare.  Much more common is that there's a problem because someone simply made a mistake.  Computer hardware and software is hard, even for highly trained and scrupulously careful professionals with many years of experience.  It's really easy to make mistakes.

So when you see something technical go wrong... it's almost certainly a goof, not a sinister plot.

So, let's keep it real, shall we?

Link to comment
Share on other sites

Do you think that these errors do not show up or at least engineers are aware during design and testing and they remain undetected for a decade ? I mean, how large is a team that designs a processor and how long does it take to do so ? Will there be nobody who says "Guys, we have a principle problem !" ? I doubt that this can be attributed to stupidity, rather greed.

I think, like with many mass products (grocery, cars, medicine, software ...) too few providers face too many customers. We simply accept these things because they happen every day. I have a long list in my mind. But that doesn't make them more excusable. I do all banking from the PC, but due to my habits i never in 30 years had a virus. What now ?

Thinks

gb

Link to comment
Share on other sites

26 minutes ago, Green Baron said:

Do you think that these errors do not show up or at least engineers are aware during design and testing and they remain undetected for a decade ? I mean, how large is a team that designs a processor and how long does it take to do so ? Will there be nobody who says "Guys, we have a principle problem !" ?

Yes, I think that's completely plausible.

Bear in mind that once you've shipped a CPU, it's out there.  If they knew it had that flaw when they built it, they would have fixed it.  And after they've shipped it, the people who work there aren't really in any better position to find the flaw than anyone else.  You find flaws by analyzing the behavior and carrying out tests, and anyone can do that, since the processors are publicly available.

And, in fact, the public is better equipped to find the flaw than the creators... if only because there are orders of magnitude more of them.  Like buying a hundred lottery tickets rather than just one.

So, yes.  I think it's perfectly plausible (and overwhelmingly the most likely scenario) that this is simply an oversight.  If it's been out there for a decade and not one of the thousands of security professionals whose bread and butter is finding this sort of thing has spotted it until now, it just means that it's a hard problem to spot.  And so I see zero evidence that the chip creators would be more likely to spot this problem than the folks who announced it.  I expect that they became aware of the problem when they heard the news from the discoverers.

30 minutes ago, Green Baron said:

I doubt that this can be attributed to stupidity, rather greed.

[citation needed]

 

31 minutes ago, Green Baron said:

I do all banking from the PC, but due to my habits i never in 30 years had a virus. What now ?

Depends on your habits, and also on more information about the vulnerability than we currently have, but if I had to make a wild guess, I'd guess that there's no immediate need to change your habits other than making sure that you have a recent update of your web browser that protects against this particular vulnerability.

Realistically, if Bad Stuff is going to get into your computer, there are really two main potential pathways of entry:

  1. (overwhelmingly most likely) You visit a malicious web site that is running something that can exploit the hole, and your browser isn't protected.
  2. You install software on your computer that has malware in it.

If you generally only visit trusted websites, and if you aren't in the habit of installing random programs that you get off the Internet from untrusted sources, then your immediate vulnerability on your computer is probably pretty low.  Not a sure thing, certainly (for example, it's technically possible that the bad guys could hack one of your trusted websites, and get to you that way), but somewhat unlikely, I would think.

A greater concern would be vulnerability on the server's side.  An awful lot of websites these days are hosted on cloud providers, i.e. the company whose website you're visiting isn't actually running their own servers.  Rather, they're leasing compute instances from some cloud provider such as Amazon AWS or Microsoft Azure.  Those cloud providers are multi-tenant platforms, i.e. the web server that you're hitting could be running on hardware that's also running someone else's code in what's supposed to be a separate "space", but with these security bugs, I could imagine a scenario in which information could leak across from one to the other, allowing the bad guys to harvest passwords or whatever.

So, what should you do there?  The same thing that people have been telling you to do for years:  don't re-use passwords across multiple sites.  And my guess is that really sensitive websites (such as your bank's, or other financial institutions) probably run on their own dedicated servers, since they tend to be ultra-paranoid about security risks, so you can probably keep banking.

That's just a total wild guess on my part, but I think it's a reasonable one.  That would be my default assumption until/unless there's information to the contrary.

Link to comment
Share on other sites

55 minutes ago, Green Baron said:

Do you think that these errors do not show up or at least engineers are aware during design and testing and they remain undetected for a decade ? I mean, how large is a team that designs a processor and how long does it take to do so ? Will there be nobody who says "Guys, we have a principle problem !" ? I doubt that this can be attributed to stupidity, rather greed.

Snark wants us to assume that they are stupid, not malicious, ...........

Lets do the logical analysis a different way, one that is applicable in a civil court.
They have known since when, June . . . .they have been selling processors since June ( I should know I bought one in October). . . .did they pull the processors even after they knew they had vulnerabilities? . . were any processors pulled from the shelves? . . . .are they offering customers replacements and free installation?  . . . . . . . Were there other competitive options available? (Yes).

Walks, talks, quacks . . . what is it?   Of course people are going to ventilate over this, Jeeze. My processor that I just bought wont even get 20$ on Ebay in 6 months , even if the defect the prospective purchasers they are all black-list processors. Thanks intel for getting the word out to your distributers  . . .Caveot Emptor.

Economically we have to imagine this is going to cause an OS fork in Win 10 when the new processors come out, that this will be a thing either in the later half of 2018 or 2019, so that if you need to replace the CPU, more than likely you will need a new MB .and someones going to have to install them so  . . . .$250 per box . . . . . . . Again, the reason I am not panic stricken is one simple reason, I tend to over invest on memory and solid state drives and try to keep the interrupt calls to a minimum. And finally, the overwhelming slowdown is the fact that MS cannot throttle their updates and completely overwhelm the DSL connection. If I can deal with that an additional 12% on the I/O int calls is not going to be too much of a bother.

I should add to this that if you bought the OEM version of Windows 10 and you replace your processor with new one that OEM version is no longer valid.
 

 

 

 

Edited by PB666
Link to comment
Share on other sites

Part of it, I suspect, was simply that this was a vector of attack nobody would likely think about. It is a side effect that never touches main memory unless directly exploited, reliant on out of order execution (which returns the same result with purely temporary side effects), and is based on hardware, not software.

The hardware guys said "we get the same result as sequential", and security analysts trusted that, with nobody looking at this tiny little detail of an ephemeral side effect.

Until now.

Link to comment
Share on other sites

24 minutes ago, PB666 said:

They have known since when, June . . . .they have been selling processors since June ( I should know I bought one in October). . . .did they pull the processors even after they knew they had vulnerabilities? . . were any processors pulled from the shelves? . . . .are they offering customers replacements and free installation?  . . . . . . . Were there other competitive options available? (Yes).

Sure, but now you're talking about (potential) marketing skulduggery, not technical.  You're talking about a company that's slow to respond after a flaw has come to light.  That happens all the time, at lots of companies, and has nothing to do with engineering.

I was speaking to some of the wilder conspiracy theories that folks seemed be espousing here, e.g. saying or implying that the flaw was put there on purpose somehow, or that they discovered it themselves years ago and deliberately hid it, or something.  That's nonsense, in my experience.

But even if we change the subject to the potential marketing unscrupulousness that you're proposing:

It's also worth noting that when there's a delay between "company finds out about problem" and "company does something about problem", it's not necessarily something sinister.  It can be, certainly-- there are some well-known examples of that.  But there are also perfectly legitimate reasons, too.  One of the most common ones is that it takes time to come up with a technical fix for the problem, and a company may be loath to release dangerous information before they've had a chance to come up with a technical fix, which is eminently sensible:  you don't want to tell the bad guys "hey, our lock doesn't work" until you've replaced the lock, if you can help it.

And, to be clear, a technical flaw like this doesn't actually mean someone is "stupid", usually.  Engineers are smart, careful, meticulous people.  And they check each other's work.  Much more likely is that it's simply an oversight, because computer hardware and software is very, very complex and it's really easy to overlook something, even if you're diligent about testing and looking for flaws.  Nothing is ever 100% bug-free.

Again:  I'm basing this on decades of experience working as an engineer, and working with other engineers.  Mistakes happen all the time; it's unavoidable.  This whole kerfuffle strikes me as a particularly unluckily placed needle in a very large haystack.

That said:  sure, I can't prove you wrong.  It's entirely possible that somebody greedy was trying to sit on something as long as possible (we're talking months at the outside, not a decade) for financial reasons; it's happened.  It's also entirely possible that that's not at all what happened.  Or there could be some elements of both.

But until / unless there's actual evidence that someone did something wrong, I'd suggest not leaping to wild and unsupported conclusions.  We'll find out the answer soon enough, so speculation is silly.  This kind of situation is the poster child for lawsuits-- I'd say it's a virtual certainty that somebody, somewhere (more likely a lot of somebodies) will try to sue the chipmakers over this.  And when a lawsuit pops up, that's when "who knew what, when" comes out, with actual evidence.  So if something underhanded happened, it'll very probably come out in the wash.

 

9 minutes ago, JedTech said:

Intel said says that the problem was "not a design flaw". I suspect that the problem was actually a backdoor design ordered by the NSA.

[citation needed]

Link to comment
Share on other sites

5 minutes ago, Snark said:

[citation needed]

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/\

Quote

Intel believes these exploits do not have the potential to corrupt, modify or delete data.

That's not the issue, malicious software can access data and use that data to do something malicious. This is the way the problem Intel describes and there defense on the topic does not address the data theft issue.

 

Edited by PB666
Link to comment
Share on other sites

13 minutes ago, JedTech said:

Intel said says that the problem was "not a design flaw". I suspect that the problem was actually a backdoor design ordered by the NSA.

A, citation needed.

B, the same chips that the NSA uses?

C, I have finally thought of a good analogy for this.

Intel engineers in 1995: "We've made a good chip; this out-of-order execution is going to significantly speed up processing."

Death Star engineers in 0 BBY: "We've made a good battle station that will finally crush this Rebellion."

No Intel engineer in 1995: "What if some hacker* creates a branch statement into some kernel code and flushes the cache into main memory?"

*1995 probably had much less concern about computer security; you didn't have a situation where everybody had a smartphone and tablet where they did all their banking, communication, etc.

No Death Star engineer: "What if some pilot flew at high speed down a trench littered with defensive firepower and protected by TIE fighters and dropped a photon torpedo into a 1-meter-diameter thermal exhaust vent?"

 

3 minutes ago, PB666 said:

Which says nothing of the sort; Intel's news release mostly just clarifies that it is not unique to Intel hardware.

Edited by Starman4308
Link to comment
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...