CPU Security Flaws MELTDOWN and SPECTRE

Discussion in 'PC Industry' started by Bondrewd, Jan 2, 2018.

  1. Arnold Beckenbauer

    Veteran

    Joined:
    Oct 11, 2006
    Messages:
    1,346
    Likes Received:
    285
    Location:
    Germany
    here my Medion Tablet with the updated Windows 10 x32 1709 (x5-Z8350):
     
  2. Malo

    Malo YakTribe.games
    Legend Veteran Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    6,120
    Likes Received:
    2,135
    Location:
    Pennsylvania
    Interesting. It says it requires kernal VA shadowing for your Atom but isn't enabling it?
     
  3. DavidGraham

    Veteran

    Joined:
    Dec 22, 2009
    Messages:
    2,002
    Likes Received:
    890
    milk, Grall and Lightman like this.
  4. HMBR

    Regular

    Joined:
    Mar 24, 2009
    Messages:
    399
    Likes Received:
    88
    Location:
    Brazil
    sandy bridge on win10 64

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: True
    Windows OS support for kernel VA shadow is enabled: True
    Windows OS support for PCID optimization is enabled: False


    E2140 (C2D Pentium) on WIn10 32

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: False
    Windows OS support for branch target injection mitigation is disabled by system policy: False
    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is present: False
    Windows OS support for kernel VA shadow is enabled: False
     
    swaaye and BRiT like this.
  5. Arnold Beckenbauer

    Veteran

    Joined:
    Oct 11, 2006
    Messages:
    1,346
    Likes Received:
    285
    Location:
    Germany
    Windows 10 Pro x64 1709 (updated today) with A10-9600P:
     
  6. Malo

    Malo YakTribe.games
    Legend Veteran Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    6,120
    Likes Received:
    2,135
    Location:
    Pennsylvania
    So some Intels the patch is enabling and some are not? Is the patch possibly needing slightly different code for different Intel CPUs and it's not ready yet?
     
  7. swaaye

    swaaye Entirely Suboptimal
    Legend Subscriber

    Joined:
    Mar 15, 2003
    Messages:
    8,321
    Likes Received:
    481
    Location:
    WI, USA
    We'll have to see what comes of that. I imagine Pixel C and Shield TV will get updates.
     
  8. Ryan Smith

    Regular Subscriber

    Joined:
    Mar 26, 2010
    Messages:
    561
    Likes Received:
    761
    Location:
    PCIe x16_1
    [Ignore me, it's late]
     
    #88 Ryan Smith, Jan 5, 2018
    Last edited: Jan 5, 2018
  9. Bondrewd

    Regular Newcomer

    Joined:
    Sep 16, 2017
    Messages:
    329
    Likes Received:
    133
    Wait what. I thought recent update enables Kernel VA Shadowing, that mitigates Meltdown and it's Spectre v2 that needs microcode updates?
     
    Ryan Smith likes this.
  10. Ryan Smith

    Regular Subscriber

    Joined:
    Mar 26, 2010
    Messages:
    561
    Likes Received:
    761
    Location:
    PCIe x16_1
    You're right. It's late and I'm confusing my CVE numbers.

    Meltdown is fully mitigated in Windows without a microcode update. Improved Spectre mitigations require new microcode.
     
  11. HMBR

    Regular

    Joined:
    Mar 24, 2009
    Messages:
    399
    Likes Received:
    88
    Location:
    Brazil
    it just looks like the meltdown fix is not enabled on 32bit windows?
    I have the latest patches on my E2140 PC but it didn't enable it
     
  12. Kaarlisk

    Regular Newcomer Subscriber

    Joined:
    Mar 22, 2010
    Messages:
    293
    Likes Received:
    49
    About that Windows tool's output: why is it that some systems do mention PCID, some do not, and none have it enabled? (as far as I can find) + at least yesterday, I did not find explanations for what does each line mean.
    Also, Intel mentions releasing updates. Presumably, microcode updates. I could not actually find a list of which microcode applies to which CPU, and in any case, the latest microcode file I could find was for November 2017.

    This was mentioned before, but the quiet on Core 2 is also disappointing. There are still lots of systems using it, and the impact there would be the highest (as it is the slowest). It would be nice that, if a microcode mitigation is possible, Intel would release it.
     
  13. 3dilettante

    Legend Alpha

    Joined:
    Sep 15, 2003
    Messages:
    7,865
    Likes Received:
    2,155
    Location:
    Well within 3d
    Apple's latest security disclosure indicated Meltdown and Spectre affected all their platforms. Spectre seems reasonably expected, but Meltdown mitigation was also patched into iOS 11.2, macOS 10.13.2, and tvOS 11.2.
    https://support.apple.com/en-us/HT208394
    Perhaps I'm blanking on Apple's product lines, but wouldn't the iOS and tvOS versions patched apply to Apple's cores?

    On a side note, redhat's article on the security issues vaguely indicates some level of applicability to IBM's SystemZ and POWER 8 and POWER 9, although what similar exploits those are is unclear. I have not run across an update besides requests for clarification from IBM that have not been answered.
    https://access.redhat.com/security/vulnerabilities/speculativeexecution

    While the fury of a number of people online is notable towards Intel's alleged incompetence for missing something so obvious as a side-channel exploit of retirement-stage quashing of privilege level page faults leveraging the latest high-resolution timers and crafted L1 probe sets--apparently obvious to people who did not know until a day ago or probably still don't know what speculation or a page is--this is a class of exploits in a failure case that many if not most did not anticipate or did not foresee the full impact.
    Kudos to AMD that Meltdown specifically doesn't apply, although I'd like to know how much of its current immunity was due to prescient and steely resolve to protect kernel address space for decades in advance versus a "but for the grace of God go I" scenario where their internal op format or critical loop started out with a bifurcated permission check and load forwarding process, or they couldn't make a tradeoff for single-stage fault handling at in-order retirement with K7. (edit: the later case being hypothetical, I've never thought to look into which stage could flag permissions and/or suppress forwarding from the L/S until the last few days)
     
    #93 3dilettante, Jan 5, 2018
    Last edited: Jan 5, 2018
    Putas and Kaarlisk like this.
  14. Ryan Smith

    Regular Subscriber

    Joined:
    Mar 26, 2010
    Messages:
    561
    Likes Received:
    761
    Location:
    PCIe x16_1
    Correct. Which is what makes Apple's disclosure especially interesting.
     
  15. Arnold Beckenbauer

    Veteran

    Joined:
    Oct 11, 2006
    Messages:
    1,346
    Likes Received:
    285
    Location:
    Germany
    Windows 10 1709, i3-2310 (Sandy Bridge, too):

    Looks so. Maybe x32 vs. x64?
     
  16. 3dilettante

    Legend Alpha

    Joined:
    Sep 15, 2003
    Messages:
    7,865
    Likes Received:
    2,155
    Location:
    Well within 3d
    It seems like it's almost a coin-flip as to whether an architecture would defer exception detection in total or not to the retirement stage, and any number of factors could push things in one direction or another.
    Simply continuing with what works while more pressing matters in other areas are in flux could have made a decision set down before this could even be a concern take on new significance.

    The rough model used to explain the initial description of what became Meltdown cited Tomasulo's Algorithm as an explanatory device, an OoOE method that was built into an IBM System/360 Model 91 computer with no caches.
    For context, it was just barely newer than the Model 85, which is credited with having the first cache of any kind, and a little before virtual memory managed with paging was considered a proven tech.



    I'm not sure what sort of validation people are asserting has been skipped, particularly if it turns out that a notable subset of high-performance architectures may have some avenue for Meltdown. If it's the sort of validation I'm thinking of, it would never be caught because what we're seeing has been up until now not been defined as incorrect.

    A bunch of architectures are likely in the basket of not being able to do a thing which I'm not sure is all that laudable, much like how I am not good enough to fail to gain control over a caught ball before being brought to the ground in the Superbowl and so should not be praised over a receiver who almost had a reception in the Superbowl.
    The side-channel attack is a holistic threat that leverages the behaviors of multiple architectural features, many of those behaviors not considered part of the software-visible semantics of an architecture. A lot of blocks that evolved to be agnostic to details best handled by someone else, and in eras where no one could present a sane reason as to why a given predictor, cache, or pipeline would be de-tuned so as to lie or obfuscate about what it or something else was doing--especially not when the things were barely within human understanding to begin with.

    Given the complexity and demands on virtual memory (with page-controlled permissions in particular) and TLBs, I think it's also the case that it hasn't always been clear which path was the right one.
    Even now, I'm not sure if halting speculation on these conditions is the only way to go about doing things, or without cost.
     
    Lightman likes this.
  17. entity279

    Veteran Regular Subscriber

    Joined:
    May 12, 2008
    Messages:
    1,098
    Likes Received:
    347
    Location:
    Romania
    Car analogies please people ? ;)
     
    Kaarlisk likes this.
  18. 3dilettante

    Legend Alpha

    Joined:
    Sep 15, 2003
    Messages:
    7,865
    Likes Received:
    2,155
    Location:
    Well within 3d
    A bunch of architectures are likely in the basket of not being able to do a thing which I'm not sure is all that laudable, much like how I am not good enough to fail to make a car analogy before being brought to the ground in the Superbowl and so should not be praised over a Nürburgring who almost had a successful manual transmission in the Le Mans endurance race.

    While I am not well-versed in automotive competition or American Football, I think I have made my metaphor equally applicable to both realms.
     
    Kej, Silent_Buddha, hoom and 5 others like this.
  19. swaaye

    swaaye Entirely Suboptimal
    Legend Subscriber

    Joined:
    Mar 15, 2003
    Messages:
    8,321
    Likes Received:
    481
    Location:
    WI, USA
    #99 swaaye, Jan 5, 2018
    Last edited: Jan 5, 2018
  20. Esrever

    Regular Newcomer

    Joined:
    Feb 6, 2013
    Messages:
    556
    Likes Received:
    244
    I don't know how many android devices will get patched because so many never get updates. Still hard to know the scope of the exploit on the average user. I can imagine a lot of things will never get patched. Not just PC and phones but routers and firewalls and stuff. How long until we get a large scale attack like Wanna Cry that makes use of all the unpatched systems?
     

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...