Intel chip design flaw will need major OS updates

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Intel chip design flaw will need major OS updates

Nathan Raymond
Windows and Linux updates confirmed to be coming soon, presumably Apple is working on something themselves:

http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

The article does a good job covering what is publicly known about the flaw right now (a lot of information is still in embargo while the OS patches are being prepared/tested). Looks like the separation of kernel and user process virtual memory space will incur a 5-30% performance hit depending on the number of kernel calls a process makes.

- Nate



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Thomas Roberts
Apparently Apple has already (at least partially) implemented a fix: 


With more to come in 10.13.3. 



On Jan 3, 2018, at 8:15 AM, Nathan Raymond <[hidden email]> wrote:

Windows and Linux updates confirmed to be coming soon, presumably Apple is working on something themselves:

http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

The article does a good job covering what is publicly known about the flaw right now (a lot of information is still in embargo while the OS patches are being prepared/tested). Looks like the separation of kernel and user process virtual memory space will incur a 5-30% performance hit depending on the number of kernel calls a process makes.

- Nate


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

George Wade
DISCOUNTED Prices equal to the % slowdown would ease the pain of this flaw a lot.  

George

On 3 Jan 2018, at 20:09, gastropod wrote:

> One of my Sierra installs has a security update 2018-001 available, which is probably for this, but there's no information from Apple about it yet.
>
> Note that there are actually two kernel flaws, now named Meltdown and Spectre.  Only Meltdown has a fix, and Spectre might affect AMD and ARM processors too.  Depending on what a program is doing and how many calls to the kernel it makes, the Meltdown fix could slow things down by 30% or more.
>
> Ars Technica has a couple of good articles:
>
> https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
>
> https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
>
> --
> gastropod



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Nathan Raymond

On Fri, Jan 5, 2018 at 10:23 AM, George Wade <[hidden email]> wrote:
DISCOUNTED Prices equal to the % slowdown would ease the pain of this flaw a lot.

George

On 3 Jan 2018, at 20:09, gastropod wrote:

> One of my Sierra installs has a security update 2018-001 available, which is probably for this, but there's no information from Apple about it yet.
>
> Note that there are actually two kernel flaws, now named Meltdown and Spectre.  Only Meltdown has a fix, and Spectre might affect AMD and ARM processors too.  Depending on what a program is doing and how many calls to the kernel it makes, the Meltdown fix could slow things down by 30% or more.
>
> Ars Technica has a couple of good articles:
>
> https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
>
> https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
>
> --
> gastropod



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Alexander Forbes
In reply to this post by George Wade


On Jan 5, 2018, at 8:23 AM, George Wade <[hidden email]> wrote:

DISCOUNTED Prices equal to the % slowdown would ease the pain of this flaw a lot.

A factory rebate (from Intel and/or Apple/Android/Microsoft) on the purchase price, or a free CPU replacement, would be even better: fairer, and more consistent with precedents set in other industries, such as automotive.

If it were determined that a particular vehicle motor could freeze up  catastrophically at some resonating rpm or percentage of full torque, the public would not tolerate remedial governors as a substitute for making good on the problem to good-faith buyers of that model.

Alex




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Zeedar Marc-2

> On Jan 5, 2018, at 4:53 PM, Alexander Forbes <[hidden email]> wrote:
>
> If it were determined that a particular vehicle motor could freeze up  catastrophically at some resonating rpm or percentage of full torque

That's not a good metaphor. This is a *security* issue, not a situation where the equipment stops working.

A better analogy is discovering that your keyless entry system to your car is easily hackable so anyone can potentially steal your car.

So far I haven't seen many car manufacturers even bothering to fix those problems even though they're widely documented, let alone offering rebates or discounts.

With the CPU issue, OS makers are offering free updates that fix the problem, so I don't see much liability.


Marc Zeedar
Publisher, xDev Magazine and xDevLibrary
www.xdevmag.com | www.xdevlibrary.com





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Alexander Forbes


On Jan 5, 2018, at 6:20 PM, Zeedar Marc <[hidden email]> wrote:

That's not a good metaphor. This is a *security* issue, not a situation where the equipment stops working.

I disagree, Marc. If I understand correctly from previous posts on this thread that current and proposed software “fixes” result in significant machine or device slowdowns, that’s not just a security issue or a software issue. Manufacturers in many other industries have been found liable in product liability cases before, and have willingly or otherwise been forced to make mechanical repairs.

My 2009 Mac Pro is frozen on El Capitan and I am not saying it should make the cut, but one or two year old machines certainly should. I would hate to see us accepting that degrading a 2015 27” iMac back to the speed of a 2009 machine, for example, is to be meekly tolerated.

In the past, the computing consumer has just bit the bullet and said “Oh well, I am about due for a new machine anyway” and waited loyally for the new, improved model. There is a legal issue here, and I hope that this time consumer advocates will consider looking at it that way.

Alex




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

@lbutlr
On 06 Jan 2018, at 06:48, Alexander Forbes <[hidden email]> wrote:
>> On Jan 5, 2018, at 6:20 PM, Zeedar Marc <[hidden email]> wrote:
>>
>> That's not a good metaphor. This is a *security* issue, not a situation where the equipment stops working.
>
> I disagree, Marc. If I understand correctly from previous posts on this thread that current and proposed software “fixes” result in significant machine or device slowdowns,

That is speculation and does not match what Apple has said, “No measurable difference in benchmarks”.

The machines that are going to be most impacted by slowdowns are the large servers running many virtualized machines. Think datacenters. Microsoft’s Azure. Amazon Web Services.

--
"Kill yourself and roll a rogue. We'll wait"




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Dave Scocca

> On Jan 6, 2018, at 10:10 AM, @lbutlr <[hidden email]> wrote:
>
> The machines that are going to be most impacted by slowdowns are the large servers running many virtualized machines. Think datacenters. Microsoft’s Azure. Amazon Web Services.

As I understand it, those are also the machines most subject to real security issues from the unpatched flaw.  The issue has to do with a process being able to access memory it shouldn’t.  On a server like this, it’s theoretically possible for one user’s process to have access to data from another user’s process, even across VM instances.

On a single stand-alone machine, this is a case where you’d have to actually download and run malware for anything bad to happen.  

The contrast is that on the server the malware can be run intentionally or accidentally by any other user of the same physical machine and you have no real defense.

Dave





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Travis Butler
In reply to this post by Alexander Forbes

On Jan 6, 2018, at 7:48 AM, Alexander Forbes <[hidden email]> wrote:



On Jan 5, 2018, at 6:20 PM, Zeedar Marc <[hidden email]> wrote:

That's not a good metaphor. This is a *security* issue, not a situation where the equipment stops working.

I disagree, Marc. If I understand correctly from previous posts on this thread that current and proposed software “fixes” result in significant machine or device slowdowns, that’s not just a security issue or a software issue.


"As an operating system vendor, Apple has updated both iOS and macOS to use the dual page table mappings that are the recommended solution here. For Apple, this is perhaps not such a big change; the 32-bit x86 versions of macOS already used a similar scheme. This was because Apple wanted to give 32-bit applications access to the full 4GB of virtual memory, rather than splitting that 4GB between the program and the kernel. While this imposes a performance cost, it provided better compatibility with the PowerPC macOS, which also gave applications the full 4GB."

Manufacturers in many other industries have been found liable in product liability cases before, and have willingly or otherwise been forced to make mechanical repairs.

I strongly disagree with the idea of liability suggested here. To me, liability involves fault or responsibility; either someone actively screwed up, or they failed to prevent a foreseeable problem. And I don’t think either one applies in this case.

From a non-technical standpoint, the fact that this was a UNIVERSAL flaw argues against liability. Damn near *every* processor from *every* manufacturer in the last 5-10 years is susceptible to this issue. The idea that every single manufacturer actively committed the same screw-up goes beyond belief. Likewise, the fact that every single manufacturer fell victim to the problem strongly suggests that it wasn’t a reasonably foreseeable problem.

From a technical perspective, the fact that it’s such an obscure and esoteric exploit also argues against liability. This isn’t the case of someone running across a bug in the processor that lets them dump a copy of the cache contents.This is in the nature of a scientific breakthrough, where researchers noticed execution delays in the range of a few microseconds, and after a lot of work developed a way to use those delays to infer the contents of the cache. I’m frankly surprised that it was even possible to do this, and I don’t think it’s something chipmakers could reasonably have predicted and defended against.

To me, this is more in the nature of a natural disaster or Act of God. Sometimes, stuff just happens, and everyone gets stuck dealing with it.





____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

@lbutlr
In reply to this post by Dave Scocca
On 06 Jan 2018, at 08:31, Dave Scocca <[hidden email]> wrote:
> On Jan 6, 2018, at 10:10 AM, @lbutlr <[hidden email]> wrote:
>> The machines that are going to be most impacted by slowdowns are the large servers running many virtualized machines. Think datacenters. Microsoft’s Azure. Amazon Web Services.
>
> As I understand it, those are also the machines most subject to real security issues from the unpatched flaw.  The issue has to do with a process being able to access memory it shouldn’t.  On a server like this, it’s theoretically possible for one user’s process to have access to data from another user’s process, even across VM instances.

That’s my understanding as well.

> On a single stand-alone machine, this is a case where you’d have to actually download and run malware for anything bad to happen.  

Yes, but it appears to be difficult to detect, so the mitigation is necessary.

--
"Anything that is in the world when you’re born is normal and ordinary
 and is just a natural part of the way the world works. Anything that’s
 invented between when you’re fifteen and thirty- five is new and exciting
 and revolutionary and you can probably get a career in it. Anything
 invented after you’re thirty-five is against the natural order of
 things."  -- Douglas Adams




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Ron Risley
In reply to this post by Travis Butler

> On Jan 6, 2018, at 10:25, Travis Butler <[hidden email]> wrote:
>
> To me, liability involves fault or responsibility; either someone actively screwed up, or they failed to prevent a foreseeable problem. And I don’t think either one applies in this case.

I suspect that questions of liability will focus on the fact that manufacturers were informed of the flaw in early June 2017, and continue to this day to ship product that does not conform to the reasonable expectations of customers.

It is readily apparent that processors' memory protection features are expected to not have trivial bypasses. The fact that so many operating systems, compilers, and applications relied on solid memory protections argues strongly that there was a reasonable expectation on customers' part that these features actually work, even if Intel is now claiming that their products all "perform as designed."

For the average home device user, the processor flaws can likely be effectively mitigated through software workarounds alone. But they ARE workarounds, not fixes. For operators of data centers, HPC clusters, and enterprises that rely on virtualization, the current crop of Intel processors are simply not fit for purpose. It will take more than a round of OS patches to make them safe to use, and it is possible that they cannot be rendered fit through software changes at all, ever. At this point, nobody actually knows.

(If I can indulge in some speculative execution of my own, I suspect that -- if it is possible to do so -- we will see at least some release of microcode blobs that simply disable speculative execution altogether, incurring significant speed penalties but preserving memory integrity.)

> From a non-technical standpoint, the fact that this was a UNIVERSAL flaw argues against liability. Damn near *every* processor from *every* manufacturer in the last 5-10 years is susceptible to this issue.

To my knowledge, zero RISC-V cores from any manufacturer are affected.

Only a subset of ARM cores have any exposure to the flaws. For example, from where I sit I can touch three current ARM-equipped devices using ARM1176, Cortex-A7, and Cortex-A53 cores: these are immune.

AMD processors seem to be immune to Spectre/Variant Two ("Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.") and Spectre/Variant Three ("Zero AMD vulnerability due to AMD architecture differences.") (statements from AMD). Meltdown (Variant One) is not as much as a concern because it can likely be completely mitigated through OS and userland patches.


> From a technical perspective, the fact that it’s such an obscure and esoteric exploit also argues against liability.

"Obscure" and "esoteric" are sort of fuzzy and relative terms, but I think it's worth noting that the flaws are trivial to exploit in many configurations. The main reason that they weren't discovered earlier is just that most OS designers made the assumption that processor manufacturers wouldn't sell processors with "memory protection" that didn't actually, well, protect memory.

--Ron


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Travis Butler

> On Jan 6, 2018, at 6:48 PM, Ron Risley <[hidden email]> wrote:
>
>
>> On Jan 6, 2018, at 10:25, Travis Butler <[hidden email]> wrote:
>>
>> To me, liability involves fault or responsibility; either someone actively screwed up, or they failed to prevent a foreseeable problem. And I don’t think either one applies in this case.
>
> I suspect that questions of liability will focus on the fact that manufacturers were informed of the flaw in early June 2017, and continue to this day to ship product that does not conform to the reasonable expectations of customers.


… — …
… — …

OK, let me get this straight. You’re saying that at the time they were notified of the flaw, every chip manufacturer should have shut down their production lines until fixed chips could be shipped. As I recall, the minimum lead time on a processor design is about a year, and add to that the time needed to develop a fix. So you’re saying that effectively the entire desktop/server computer industry should have shut down for a minimum of a year, more likely a year and a half? "Sorry we can’t do your operation, but the computer with our records broke down and we can’t replace it until the computer industry re-starts." I think that’s way over into a cure worse than the disease.

On top of that, such a shutdown would have immediately disclosed the existence of a flaw; the details might not have leaded immediately, but it almost certainly would have gotten out well before anyone had any kind of mitigation in place, making it open season on exploits. Yeah, that would have been real helpful.

Dunno about you, but I’d call any liability standard that required that kind of action to be ridiculously DANGEROUS.

> It is readily apparent that processors' memory protection features are expected to not have trivial bypasses. The fact that so many operating systems, compilers, and applications relied on solid memory protections argues strongly that there was a reasonable expectation on customers' part that these features actually work, even if Intel is now claiming that their products all "perform as designed."

All of which has nothing to do with fault or responsibility. Expectations are not liability. Ordinary people also have an expectation that a flood won’t destroy their basement, that a tree limb won’t fall and crush their car, that a tornado won’t wreck their house.

Unless you can establish that the expectations failed due to an active screw-up on the part of an entity, or due to failing to take action to prevent a problem that can be foreseen, I have a hard time saying you can reasonably claim liability.

>> From a non-technical standpoint, the fact that this was a UNIVERSAL flaw argues against liability. Damn near *every* processor from *every* manufacturer in the last 5-10 years is susceptible to this issue.
>
> To my knowledge, zero RISC-V cores from any manufacturer are affected.

And how many systems actually use RISC-V?

I said 'damn near', and I stand by that; there may have been some exceptions, but from the coverage I’ve read, everything in common use that uses speculative branch prediction is affected by one of the flaws.

> Only a subset of ARM cores have any exposure to the flaws. For example, from where I sit I can touch three current ARM-equipped devices using ARM1176, Cortex-A7, and Cortex-A53 cores: these are immune.

Yup, older/low-power ARM designs aren’t susceptible. Of course, the Cortex-A7 is a low-performance core used mainly as a big.little core with A15’s doing the heavy lifting, and A53 was current back in 2014. From what I’ve heard, all the 'modern' ARM designs (the kind you’d use in a general-purpose computer instead of an embedded system) are vulnerable, so I don’t think people get to use ARM as a counterexample.

> AMD processors seem to be immune to Spectre/Variant Two ("Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.") and Spectre/Variant Three ("Zero AMD vulnerability due to AMD architecture differences.") (statements from AMD). Meltdown (Variant One) is not as much as a concern because it can likely be completely mitigated through OS and userland patches.

So now, if it’s 'mitigated', it suddenly doesn’t count as an example either? Uh-huh.

>> From a technical perspective, the fact that it’s such an obscure and esoteric exploit also argues against liability.
>
> "Obscure" and "esoteric" are sort of fuzzy and relative terms, but I think it's worth noting that the flaws are trivial to exploit in many configurations.

Nope, sorry, don’t buy it. It might be relatively easy to implement after all the initial research has been done, but that initial research sounds anything but trivial. And when you’re talking about 'could they have predicted this and guarded against it', it’s the initial research that counts.

> The main reason that they weren't discovered earlier is just that most OS designers made the assumption that processor manufacturers wouldn't sell processors with "memory protection" that didn't actually, well, protect memory.

Uh-huh. And I’m arguing that until the researchers made the discovery that memory protection *could* be bypassed in this way - and as I said earlier, I’d call that discovery comparable to a scientific breakthrough, which you can’t predict ahead of time - that was a perfectly reasonable assumption to make.






____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

@lbutlr
On 06 Jan 2018, at 19:09, Travis Butler <[hidden email]> wrote:
> Uh-huh. And I’m arguing that until the researchers made the discovery that memory protection *could* be bypassed in this way - and as I said earlier, I’d call that discovery comparable to a scientific breakthrough, which you can’t predict ahead of time - that was a perfectly reasonable assumption to make.

I don’t want to quote the entire article, but everything ‘cousin’ Travis said in this post is spot on.

--
But just because you've seen me on your TV Doesn't mean I'm any more
enlightened than you




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|

Re: Intel chip design flaw will need major OS updates

Fearghas McKay
In reply to this post by Ron Risley
Ron

On 6 Jan 2018, at 19:48, Ron Risley <[hidden email]> wrote:

From a non-technical standpoint, the fact that this was a UNIVERSAL flaw argues against liability. Damn near *every* processor from *every* manufacturer in the last 5-10 years is susceptible to this issue.

To my knowledge, zero RISC-V cores from any manufacturer are affected. 

Only a subset of ARM cores have any exposure to the flaws. For example, from where I sit I can touch three current ARM-equipped devices using ARM1176, Cortex-A7, and Cortex-A53 cores: these are immune. 

AMD processors seem to be immune to Spectre/Variant Two ("Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.") and Spectre/Variant Three ("Zero AMD vulnerability due to AMD architecture differences.") (statements from AMD). Meltdown (Variant One) is not as much as a concern because it can likely be completely mitigated through OS and userland patches.


This article from Eben Upton, the founder of the RaspberryPi project might be useful to explain why some ARM cores are affected and others are not:


It is definitely worth reading the comments and Eben’s replies to the questions. It is a technical article but Even is pretty good about explaining stuff :) https://en.wikipedia.org/wiki/Eben_Upton

f



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____