'Kernel memory leaking' Intel processor -- a serious cpu bug!?!

Configure and optimize you computer for Audio.
Post Reply New Topic
RELATED
PRODUCTS

Post

Ha! Nobody has considered the possibility that this might be the fabled back door forced on Intel by the NSA...

Image

Post

dzilizzi wrote: I can probably not do the update, since my music computer is running Windows 7 and I only go online to certain companies, like NI or Toontrack, to download and update products.
Same here. Studio computer is running Win 7 and I only go online for accessing my financial accounts and as you say things like IK Multimedia, Native Instruments, iLok Soft Manager etc. It never checks e-mail or randomly surfs the net.

We can probably fight off any KB that M$ releases but I'll probably want to accept the update on another computer and start doing banking there.

Bottom line for me, if the update to fix this security issue somehow hoses my studio computer that will be all it takes to convince me to retire from all this nonsense. I've been contemplating it lately anyway.

So where do we sign up for the Class Action Lawsuit ? :hihi:

Doom and Gloom:

https://venturebeat.com/2018/01/04/cert ... place-cpu/
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe

Post


Post

Bad computer, bad.

Post

rgarner wrote:I'm running MacOS 10.12.6, or Sierra (no High – I'm holding off due to that OS still settling down).

The patch for Sierra appears to have been released on 6th December. Look down to "Kernel" and you'll see a reference to Ian Beer of Google Project Zero.
As I understand, this patch was for something else, not Meltdown or Spectre...

Meltdown and Spectre are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754
Patrice Brousseau

Post

Apple Statement: https://support.apple.com/en-us/HT208394

Diddly squat info about updates for macOS prior to High Sierra :(
Last edited by lnikj on Fri Jan 05, 2018 5:16 am, edited 1 time in total.

Post

dzilizzi wrote:The way I see it, doesn't matter if you have AMD, because if the OS is issuing the fix, it will affect AMD processors the same as Intel.
That sure is what Intel would like you to believe.

In reality each processor has an identification code, and we programmers can change how our programs behave by checking it.

You can't modify this code from the system or other software, so the OS can't control the code provided by the CPU. Obviously since AMD and Intel chips have different features with different performance for certain opcodes, software can be optimized to work best for each CPU by changing the code that is run based upon the identification the CPU provides.

I'm not sure if you remember 10 or 20 years ago, but this is how it was possible to have one program that could auto-detect MMX or SSE (SSE2, SSE3, SSE4) support and use special optimizations if they were supported. The same code would be able to run on any of these processors by checking whether the features it used were supported before attempting to use them.

Post

lnikj wrote:
nIGhT-SoN wrote: However, it is possible to prevent specific known exploits based on Spectre through software patches.
I read that as - once an an exploit is known then it can be patched; however, Spectre opens the door to exploits yet unknown.

I could be wrong though. Not an expert!

Edit: From the paper: https://spectreattack.com/spectre.pdf

"The feasibility of exploitation depends on a number of factors, including aspects of the victim CPU and software and the adversary’s ability to interact with the victim. While network-based attacks are conceivable, situations where an attacker can run code on the same CPU as the victim pose the primary risk. In these cases, exploitation may be straightforward, while other attacks may depend on minutiae such as choices made by the victim’s compiler in allocating registers and memory. Fuzzing tools can likely be adapted by adversaries to find vulner- abilities in current software."

Suggests to me that the number of exploits is currently indeterminate.
From: https://www.anandtech.com/show/12214/un ... nd-spectre

"It’s not clear just what the full security ramifications of Spectre are: While Meltdown is the more immediate threat, how it works and how to mitigate it are fairly well documented. Spectre however is a definite wildcard right now. There are multiple proof of concept attacks as it stands, but more broadly speaking, Spectre attacks are a new class of attacks not quite like anything vendors have seen before. As a result no one is completely confident that they understand the full security ramifications of the exploit. There is a risk that Spectre attacks can be used for more than what’s currently understood.

It’s also not clear just how well Spectre can be mitigated: The corollary to not fully understanding the attack surface of Spectre is that defending against it is not fully understood either. The researchers behind the attack for their part are not convinced that software or microcode updates are enough to fully resolve the problem, and are advising that they should be treated as stop-gap solutions for now. Specific types of Spectre attacks can be mitigated with care, but those protections may not help against other types of Spectre attacks. It’s an area where a lot more research needs to be done."

Post

pekbro wrote:Ha! Nobody has considered the possibility that this might be the fabled back door forced on Intel by the NSA...

Image

pffff ... please. that's covered in the first 2 minutes of the first introductory class of 'IT conspiracy theories 101'

my conspiracy theory goes like this .... intel see themselves at a ceiling in terms of chip innovation and squeezing out more cycles/power from their chips. how are they gonna keep selling chips when the gains are marginal ? .... give all the chips of the past 10 years a performance 'haircut' (if not a complete security buzzcut) by allowing a hardware weakness/backdoor you know about to be discovered.

plus, microsoft and intel are in bed together - as evidenced by how they cooperated when it came to 7th/8th gen chipsets 'only' being supported on Windows 10 (you got to hack and tweak your way around it, to get win7 running on those chips). Windows 10 ... an OS that FORCES updates on users. The very same updates that will effectively hobble your machine's performance. It's probably not a huge logical leap to assume that anyone buying high-end chips are actually looking to benefit from the performance they promise to deliver, so a performance haircut should typically be felt. are there people who buy i7's to check emails and skype with their grandmother ? probably, but i have to assume the largest demograph of high end chip owners are people with high end performance uses.

anyway, that's the gist of my line of conspiratorial thinking right now. not saying it's fact, or 'obvious' ... but when i try to see how this would benefit the mega-corp ... i come to the conclusion it benefits them, ultimately, by selling new chips ... if not to recoup lost performance margins on previous chips, then to address security concerns.

pie in the sky stuff, probably.







i'm pissed about my new laptop though. i feel like emailing ASUS support to demand they provide comprehensive Win 7 drivers (they only provide Win 10, but after a cursory look I think most components have a Win 7 driver. no intel graphics driver, but the laptop has a dedicated nvidia gpu anyway which does have a Win 7 driver...). And emailing Intel to demand they officially support Win 7 with their 7th/8th gen chips. And even a longshot like emailing microsoft to demand they support 7th/8th gen chipsets on Win 7.

why Win 7 ? .... so the user, me, can have the option to NOT be hobbled by the software fix, by not installing the relevant update ... particularly since my machine's sole purpose is as a high-end performance workstation.

Alternatively, I'd also appreciate if Windows 10 policy was adjusted to allow the user to opt out of the update that causes the performance hobbling.

I'm not sure. I haven't even turned the laptop on yet as I 'wait & see' and ponder what to do with it.

Post

We're talking about server farms or "cloud" running mostly Linux though, so ultimately all that would encourage is replacing Intel chips with competitors. Even ARM processors or others which would devastate the entire PC market irreparably. That would make most of your old plug-ins stop working, and it would be many years before current ones would start working again on ARM processors.

Many, many products would simply disappear, unavailable on anything other than older hardware and never to be upgraded/updated again.

This very well could be the x86 Armageddon.

Intel wouldn't commit suicide that way. Even if the NSA had forced them to incorporate a back-door, you'd expect them to have very cleverly hidden an "off switch" if the evidence were ever to come out. That would allow them to say "not our fault, the NSA forced us! ... but we have a solution!"

In this case it's a plain old f**k-up and they have shit-all for solutions.

Post

Excellent summary of the state of play today: https://www.theregister.co.uk/2018/01/0 ... explained/

NB There are 2 pages.

Post

Only the Apple watch might not affected.
Now i need Logic Pro on Apple watch :)

Post

aciddose wrote:
dzilizzi wrote:The way I see it, doesn't matter if you have AMD, because if the OS is issuing the fix, it will affect AMD processors the same as Intel.
That sure is what Intel would like you to believe.
Linus says something differnt on the commit comment

https://git.kernel.org/pub/scm/linux/ke ... source=anz
Exclude AMD from the PTI enforcement. Not necessarily a fix, but if AMD is so confident that they are not affected, then we should not burden users with the overhead"
I assume MS and OSX kernles will do same, simply to avoid unnecessary performance degrade compared to Linux on AMD.

Post

I'm looking for a free benchmark app for W10x64 that will let me look at changes over time. Then I'll try and patch up.

Post

Am I correct in saying that both of these exploits require software to be installed that takes advantage of those exploits ? In other words you can't access them remotely ?

If so would the short term solution be not to install any new software on critical systems ? I have everything I'll ever need on my studio computer so never installing any new software on it would keep it safe from Meltdown and Spectre ? :?
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe

Post Reply

Return to “Computer Setup and System Configuration”