A Massive Intel Hardware Bug May Be on the Horizon

maxius said:
lets be clear amd is labeled insecure at this time but the issue does not affect them and has a work around that is waiting to be merged into the kernel.

"AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.

Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>"
Click to expand...

And that translated for the layman by the Register helps make it more clear at least for me.

It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel's CPUs speculatively execute code potentially without performing security checks. It seems it may be possible to craft software in such a way that the processor starts executing an instruction that would normally be blocked – such as reading kernel memory from user mode – and completes that instruction before the privilege level check occurs.

That would allow ring-3-level user code to read ring-0-level kernel data. And that is not good.
Click to expand...

It reads like Intel is doing an awful lot of speed cheating with their speculative code execution at everyone's cost. smh
 
Ocellaris said:
Linux still sucks on the desktop, but at least they are hard at work finding CPU bugs for everyone else :)
Click to expand...

Linux rocks on the desktop, is aok for gaming.
I dualboot and most modern games or windows exclusives I run in Windowns but everything else I use linux for.
It's quite problem free, I install it, 2 minutes later it's installed - Graphics card has it's drivers, network, audio, wacom board, webcam and you name it.
Having a simple config for software sources and adding them or a script for it and you can have all your usual stuff installed in matter of minutes.

no surfing billions websites for download links, downloading, running install-> next-next-next -> finish. etc

being an IT admin using mostly Microsoft tech I who am very familiar with both sides often do a task and use a day and think to myself... if this was only linux I could do this in 5 minutes!
And I have used windows 1000 times more than Linux and yet...

but that being said, most people have 30 years+ of experience with windows's quirks and don't find them hard cause they've grown up with it... but they're completely idiotic and cumbersome but linux is new and therefore "difficult" much like a manual car for many americans but I've driven them all my life so therefore not hard.
and finally official support for many applications and games is still lacking but for my use I don't have anything I miss except games and gaming performance which is starting to get really good nowadays :)
 
A lot of stuff is under embargo right? Perhaps they found a problem after the AMD engineer made that comment but aren't publicly saying anything. Maybe they are still testing AMD's stuff. Wait till embargo ends.
 
this is a huge issue it affects intel cpu users on NT, OSX, and LINUX literally everyone is going to get the D from this we are just seeing the Linux side since everything is done in the open in the open sourced world
 
thesmokingman said:
And that translated for the layman by the Register helps make it more clear at least for me.



It reads like Intel is doing an awful lot of speed cheating with their speculative code execution at everyone's cost. smh
Click to expand...

And they essentially bragged about it in the white papers and press briefs for Core/Conroe. It wasn't rainbow dust and unicorn farts that helped them achieve the IPC increase they did back then, it was cache/memory optimization and instruction sets.

While this will be hit or miss for con/prosumers, it could be a nightmare in the data center. They are usually "Space&Power" provisioned up to the edge anyway, suddenly needing to add 10-30% capacity to meet your current workload would bust lots of budgets, consumer and provider alike.
 
I hope that this issue, and the performance loss aspect of its fix, won't affect Cannon Lake and Ice Lake.
 
Full Otto said:
And they essentially bragged about it in the white papers and press briefs for Core/Conroe. It wasn't rainbow dust and unicorn farts that helped them achieve the IPC increase they did back then, it was cache/memory optimization and instruction sets.

While this will be hit or miss for con/prosumers, it could be a nightmare in the data center. They are usually "Space&Power" provisioned up to the edge anyway, suddenly needing to add 10-30% capacity to meet your current workload would bust lots of budgets, consumer and provider alike.
Click to expand...

The fun fact of the matter is that each cluster we have see measured 50% cpu but we're at near 100% i/o.
The newer cpu's give better i/o performance which is absolutely essential... it's what most in datacenters struggle with and not raw ipc\performance... like how fast it can calculate some bullshit.
memory is also another bottleneck we often face, with amd now having good I/O, not affected, offering tons of memory capacity per server... may this be amd's chest full of gold for 2018 ?
 
Delicieuxz said:
I hope that this issue, and the performance loss aspect of its fix, won't affect Cannon Lake and Ice Lake.
Click to expand...

intel has to fix it in its design may be one of the 1000 reasons why 10nm has been delayed for so long as if i am reading all the info correctly its almost needing a clean sheet design or at least a new branch prediction unit that doesn't rely on "speculative execution"
 
i don't understand wtf is going on, but I am not going to panic prematurely.

I play games, browse porn, occasionally encode video. As long as this shit doesn't take a 30% performance hit, I don't care.

But I wouldn't mind a 30% refund from Intel for my laptop chip. The i7 6700hq is already slow enough. a 30% hit is terrible if it affects a lot of shit.
 
Kdawg said:
i don't understand wtf is going on, but I am not going to panic prematurely.

I play games, browse porn, occasionally encode video. As long as this shit doesn't take a 30% performance hit, I don't care.

But I wouldn't mind a 30% refund from Intel for my laptop chip. The i7 6700hq is already slow enough. a 30% hit is terrible if it affects a lot of shit.
Click to expand...

Cliff notes from above goes something like this with heavy amounts of oversimplification, each execution has to pass security checks before being run. However Intel is using speculation to execute code before the security check completes. Knowing this behavior one could capitalize on it and do some very bad shit. But bad shit aside, you're fundamentally not supposed to run code like that, defeating the point of security. This might explain these IPC jumps in a way, its the wild wild west in here lol.
 
If I was Google, Azure or Amazon, I would for sure sue Intel. All of a sudden I lose 30% of my performance of my data centre or server farm. This in fact means a 30% loss of value of my hardware. It took quite a while for Intel to reap the evil they have sown 10 years ago.

May they reap hard. Their time has come. The wheel sometimes turns slowly, but it does turn eventually. Flame me all you want, but I really have very little sympathy for Intel. I really hope huge class action lawsuits will follow.
 
Johan Steyn said:
If I was Google, Azure or Amazon, I would for sure sue Intel. All of a sudden I lose 30% of my performance of my data centre or server farm. This in fact means a 30% loss of value of my hardware. It took quite a while for Intel to reap the evil they have sown 10 years ago.

May they reap hard. Their time has come. The wheel sometimes turns slowly, but it does turn eventually. Flame me all you want, but I really have very little sympathy for Intel. I really hope huge class action lawsuits will follow.
Click to expand...

They dont lose 30% in average. I can see clickbaits work ;)
 
The King of Pants said:
I've been hearing rumbles that the SEC is looking for a BIG scalp to take, and here you have this asshole stropping the razor for them/
Click to expand...

AMDs entire list of VPs could go as well then. Look at when they sold up to different overhyped products.
 
Shintai said:
They dont lose 30% in average. I can see clickbaits work ;)
Click to expand...
Unless you have benchmarks you can legally share with us kindly stop pretending what you say is fact and not opinion. If there is anything [H] needs less of, it's supposed industry insiders trying to sway public opinion while maneuvering around a NDA like they're a Ukrainian ballerina whose parents will be sent to the Gulag if she doesn't at least get a silver.
 
Last edited:
DedEmbryonicCe11 said:
Unless you have benchmarks you can legally share with us kindly stop pretending what you say is fact and not opinion. If there is anything [H] needs less of, it's supposed industry insiders trying to sway public opinion while maneuvering around a NDA like they're a Ukrainian ballerina whose parents will be sent to the Gulag if she doesn't at least get a silver.
Click to expand...

Its already benched. Games 0%, Encoding 0%, SQL 5-10%.
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1
 
ALL modern CPU's use speculative execution. (It's just that only Intel's chips appear to have the bug) It has existed in Intel chips since the Pentium Pro. The hardware fix for this (in future chips) should have zero or very little performance impact.

On Linux, at least, you can disable this patch by adding nopti to the kernel command line.

Also, there are benchmarks out there right now. Benchmarks are NOT embargoed. In fact you can run some yourself -- Windows fast-ring users should already have the patch and if you install Linux kernel 4.15-rc6 it has the patch as well. Using linux and the nopti command line you can do an a/b test with an otherwise identical setup to see the exact impact of the patch.
 
Shintai said:
Its already benched. Games 0%, Encoding 0%, SQL 5-10%.
https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-Initial-Gaming-Tests
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1
Click to expand...
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=2
Oh gee you must have left out this link by accident right? If you honestly think those are enough benchmarks to give everyone a clear understanding of the impact on their personal use...:cautious:
 
extide said:
No, he included that article and even mentioned the results in his text...
Click to expand...
He gave his own summary of the results which many people would take at face value without looking at the actual charts. The results thus far indicate the impact is anything from nothing to severe depending on the workload. How is his statement accurate in that context?
 
DedEmbryonicCe11 said:
He gave his own summary of the results which many people would take at face value without looking at the actual charts. The results thus far indicate the impact is anything from nothing to severe depending on the workload. How is his statement accurate in that context?
Click to expand...

No I did check the charts and applying it to real life with gaming, encoding, SQL. Let me guess, your view of it is to run a synthetic test? :D

Just as you tried to tell me I left out a link I didn´t.
 
Gaming not affected? Good :) Though if I run game + recording it + Skype + some web browsing = will it cause a lot of syscalls and memory swapping?
 
almalino said:
Gaming not affected? Good :) Though if I run game + recording it + Skype + some web browsing = will it cause a lot of syscalls and memory swapping?
Click to expand...

By memory swapping do you mean applications paged out when unused?

Pretty much anything in user space isn't affected.
 
Shintai said:
No I did check the charts and applying it to real life with gaming, encoding, SQL. Let me guess, your view of it is to run a synthetic test? :D

Just as you tried to tell me I left out a link I didn´t.
Click to expand...
Please keep skirting around my original statement. Unless you have information that isn't already publicly available that you are legally allowed to divulge, please stop pretending what you say is fact and not your own personal opinion. I'll repeat this as many times as is necessary until it sinks in.
 
DedEmbryonicCe11 said:
Please keep skirting around my original statement. Unless you have information that isn't already publicly available that you are legally allowed to divulge, please stop pretending what you say is fact and not your own personal opinion. I'll repeat this as many times as is necessary until it sinks in.
Click to expand...

It´s you having a problem with the published benches it seems ;)
 
Johan Steyn said:
If I was Google, Azure or Amazon, I would for sure sue Intel. All of a sudden I lose 30% of my performance of my data centre or server farm. This in fact means a 30% loss of value of my hardware. It took quite a while for Intel to reap the evil they have sown 10 years ago.

May they reap hard. Their time has come. The wheel sometimes turns slowly, but it does turn eventually. Flame me all you want, but I really have very little sympathy for Intel. I really hope huge class action lawsuits will follow.
Click to expand...

I wonder how much the recent spate of hacks and ransomware have been attributed to these encryption bugs, if losses are suffered because of that and its is traced to this then possibly see class action suites, though I think the consumer market will take the biggest hit and that hurts more than a single damages case.
 
OrangeKhrush said:
I wonder how much the recent spate of hacks and ransomware have been attributed to these encryption bugs, if losses are suffered because of that and its is traced to this then possibly see class action suites, though I think the consumer market will take the biggest hit and that hurts more than a single damages case.
Click to expand...

You can try run Authenticode on Zen and tell me how that works out for you.

I get the search for drama is high at this point. From the looks of recent AMD stock purchasers I can understand why :D
 
Shintai said:
You can try run Authenticode on Zen and tell me how that works out for you.

I get the search for drama is high at this point. From the looks of recent AMD stock purchasers I can understand why :D
Click to expand...

Because cyber criminals worry about authenticode, when they can read millions of users undumped cache and break system security with intrusions.

What does AMD's stock have to do with anything here? unless you are telling me that stock indicates success, in that case Nvidia is about 5x bigger than Intel, Samsung......a whole lot bigger (2456USD/share).

I think I will wait for the full investigation report than to concern myself with your pseudo expertise.
 
DeathFromBelow said:
Where's juanrga? I want to watch him spin like Taz.
Click to expand...

thesmokingman said:
Yay for Intel?

He's still figuring out how to spin this one?
Click to expand...

2f9.jpg
 
Shintai said:
You can try run Authenticode on Zen and tell me how that works out for you.

I get the search for drama is high at this point. From the looks of recent AMD stock purchasers I can understand why :D
Click to expand...
Please, tell us more about unrelated AMD things in an Intel disaster thread. Throw in some GPU lines for good measure.

You are insufferable.
 
Meeho said:
Please, tell us more about unrelated AMD things in an Intel disaster thread. Throw in some GPU lines for good measure.

You are insufferable.
Click to expand...

easy there tiger, I mean Senpei is harmless, just a fanboy and president of the local fanboy pajama party club, but other than that the bark is like the bite, harmless.
 
The fanboys can remain fanboys. They are partly responsible for a slight humorous undertone in an otherwise heavy topic at times.
However, no matter how hard they cheer from the sidelines, they can't put points on the scoreboard where they don't belong.
 
Someone should test if CPU load goes up with heavy I/O access with this patch.
If so it could be another big factor in datacenters. Maybe also for some laptop users.
 
OrangeKhrush said:
easy there tiger, I mean Senpei is harmless, just a fanboy and president of the local fanboy pajama party club, but other than that the bark is like the bite, harmless.
Click to expand...
I get your sentiment but there are a lot of people that browse tech sites like this without the understanding to recognize who is speculating and who actually knows what they are talking about. Which is exactly why I requested he speak in a form that clearly indicates it is not fact when discussing topics he couldn't possibly know about in such detail without violating a NDA.
 
You must log in or register to reply here.
Back
Top