tl;dr: There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).
People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (twitter.com/grsecurity/status/947147105684123649) and people with Intel, Amazon and Google emails are CC'd.
According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation".
People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one.
Ha ha looks like chinks smelled it ages ago and are busy stockpiling on EBYN.
Ayden Jones
>Intel lets VMs freely snoop each other What in the name of fuck. What. The fuck.
Dylan Wilson
So does this impact home users in any way? I run VMs for testing out my software and I'm using Fedora as the host OS. What now? Am I going to take a massive performance hit when using these VMs? I use them locally and I don't have any remote access to them set up. Does this impact the overall performance when using the host OS?
Really, what the hell? I'm about to buy one of those POWER9 workstations. They're expensive but I'm willing to pay more for shit that works.
Joseph Gomez
You won't be affected as long as your VMs are isolated. But anyway, buy AMD.
Jaxson Nguyen
>as long as your VMs are isolated And what does unisolated means ? How do you check that ?
Jaxson Price
>buying Intel which has hardware backdoors and now hardware bugs in them
Should've bought AMD instead son
Jace Myers
AMD also has backdoors (though it's a TrustZone implementation, aka not designed by retards at Intel).
Robert Sullivan
Apparently it might be related to speculative execution: >The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.
Basically, Intel CPUs might speculatively execute privileged instructions from unprivileged code, and the results can be obtained via side channels even if the speculation was wrong.
If you use an Intel CPU, then Linux PTI/the equivalent Windows fix will be active and you'll take a significant performance hit. It seems you'll be able to disable PTI through a kernel flag in Grub for example: lkml.org/lkml/2017/12/27/145
But it might affect you even if you aren't a cloud provider. For example, mere JavaScript code executed in the browser could read/write kernel memory (and basically pwn you).
Wyatt Hernandez
>buy AMD I've considered it. The only reason why I put this Intel workstation together last year was because I have the option to use ME cleaner to disable the Intel ME, and it's working fine. AMD has the PSP which is even more obscure with no way to disable it, and it's a massive security risk. Non-x86 platforms don't have this problem and I can still run x86 software at reasonable speeds in VMs on it.
Eli Flores
Lol, enjoy your fix intel
Adrian Hernandez
linfags btfo
Jason Edwards
PSP is a TrustZone implementation, it's much less of a risk than Intel's retardation because multiple vendors use it thus making ARM give a fuck about it.
Xavier Wood
>For example, mere JavaScript code executed in the browser could read/write kernel memory (and basically pwn you). And I though suicidal Avoton/Rangeley Atoms were bad enough. B R A V O I N T E L
Aiden Anderson
See and >then Linux PTI/the equivalent Windows fix will be active and you'll take a significant performance hit Well fuck. Do you know if it will also decrease the performance of software running on the bare metal? If it doesn't I guess a temporary fix would be to buy a few external hard disks and install the operating systems on those instead to use for testing. It's far less convenient than using VMs but I could work with that. Or I could give each virtual machine an extra core.
It's still untrusted hardware that's tampering with the boot process in ways that it shouldn't, so I'm not thrilled about it.
>It's still untrusted hardware that's tampering with the boot process in ways that it shouldn't, so I'm not thrilled about it. ARM also has it, and POWER are useless housefires. PSP is manageable (looks like the final 1.0.0.7 implementation would allow UEFI to kill it post-boot).
Jordan Davis
>I can still run x86 software at reasonable speeds in VMs on it. Really? I'm very interested on this (running virtualized x86 on non-x86 hardware at acceptable speeds) but don't want to derail this thread, could you make a new thread about it and link it?
Kayden Cooper
you can disable psp in asrock board,
feel bad, im using asus fuckin jewasus still not give the option
Levi Edwards
Looks like it's a part of 1.0.0.7 implementation. ANUS would probably have it eventually.
Gabriel Baker
One (1) X299 Raid Key ($299 MSRP) has been sent to your home adress.
Thanks again for correcting the record.
/Intel CS Team
Connor Ross
>ARM also has it
Trustzone != Intel ME Rockchip ARM processors can be booted fully open source No binary blobs required
>Rockchip ARM processors can be booted fully open source >No binary blobs required I too love eating trash for the sake of freedumbz. Goddamit, stalldrones are the worst.
Leo Cox
Wait a sec. Which Asrock boards have been updated with 1.0.0.7 agesa? The x370 taichi is still stuck on 1.0.0.6b using bios 3.20.
Nathaniel Cruz
ARM is objectively superior to X86 Fewer cycles per instructions
Different user, but can you go into more detail? I've been thinking of getting a ThinkPad and the constant news of security fuck ups form Intel make me wonder if I should save up and buy a Ryzen powered A series.
>It's still untrusted hardware that's tampering with the boot process in ways that it shouldn't, so I'm not thrilled about it. well there haven't been as many stories about AMD fucking up the security of their processors and between the two AMD's much more likely to open source PSP, as remote is that would seem right now. Both companies should at least be showing the source code, if not publicly, to independent researchers.
Juan Smith
>Fewer cycles per instructions And more instructions to do the same fucking job as x86. Eat shit stalldrone.
Connor Morgan
>AMD's much more likely to open source PSP They will NEVER, EVER do that until hyperscale or goverment buys their CPUs. But they do allow disabling it on some boards right now.
Gabriel Reyes
>ARM also has it This doesn't make me like it.
>and POWER are useless housefires No, not really. They run a little hot which makes it shit in laptops but in servers and desktops it's great with proper cooling.
>would allow UEFI to kill it post-boot Here's the thing. I don't want it active at all. With Intel I have the ME firmware stripped to just the Bring Up module which does very basic hardware init and power manage and handoff to the BIOS for higher level hardware startup tasks. That's still too much and leaves a bad taste in my mouth about the whole thing. I should be able to completely remove the PSP firmware and have the thing not boot at all, and have only the BIOS handle hardware and bootloader and/or kernel startup. I don't want any blackbox co-processor bullshit at all. I don't use secure boot or disks larger than 2TB so UEFI and the PSP don't do anything for me that a $15 kensington lock and common sense can't.
>could you make a new thread about it and link it? There's not really a good reason not to discuss alternatives here and I'm lazy. Basically I've used POWER at work and you can virtualize x86_64 hardware pretty well with it. When I say well, I mean that it's not hard to get the same speeds you would out of an average higher end laptop or a low-mid range prebuilt desktop. You aren't going to get as good performance as you would on Intel or AMD hardware but it's definitely good enough for testing out the Windows and OS X software I work on. QEMU support is really good because of the enterprise adoption of POWER hardware. As far as my consumer experience with it goes, the closest thing I've used is PPC Macs, which aren't really a good comparison except I can say that the Debian repos still have a good selection of somewhat up to date software for it.
I still don't want or need something that I can't verify to not be malicious. I don't trust it.
Lincoln Lee
>Here's the thing. I don't want it active at all. Then get a tinfoil hat and run away into the woods away from the evulz botnet.
Matthew Hall
yfw 1.3GHz ARM A11 benchmarks as high as 3.5GHz Intel laptop
>Geekbench That's like measuring HPC performance with a fucking LINPACK. Eat shit ARMdrone.
Ryder Bailey
Yes, it's exactly like making an objective measure of performance and seeing the X86 architecture crumble under the load
Michael Davis
>smallkernels in L1$ I request another "Linus against ARM shill inhabiting RWT forums" rant.
Aaron Lewis
>follow @grsecurity, @scarybeasts and others on Twitter for up-to-date info
Posts like these should be fucking banned.
Stop advertising twitters. If something new comes up, you should post it here.
Colton Lopez
>it's tinfoil to not want a ring -3 hardware backdoor that could be exploited and used by criminals if it's not already being exploited by big companies or the government You sound like one of the asshats that unironically thought UEFI was a good idea. Why are you in favor of maximizing the attack surface of system critical, low level hardware and software? Were you dropped on the head as a child? Help me understand what kind of mental retardation you're suffering from.
Carter Sullivan
How the fuck can it actually be exploited? The only currently available way to breach IME requires direct physical access to attacked PC. And you can't even breach the fucking TrustZone, you schizo! Fucking stalldrones. It's also unrelated to fucking bug in the OP (you know, the one that *actually* matters.).
Austin Nelson
Well, Brad Spengler and Chris Evans are reputable security experts and they were discussing it, so I thought it would be a good recommendation to point that out. Advertising wasn't my intention.
Josiah Perry
This is actually worse than the fucking TLB bug. EPYC sales will skyrocket Q1/Q2 2018.
Lincoln Ramirez
>EPYC sales will skyrocket Q1/Q2 2018. This, from the looks of things, many companies will have no choice if the "fix" effects performance as badly as people are saying.
Henry Sullivan
>The only currently available way >And you can't even I've heard it all before. Why should I even entertain the possibility of being vulnerable to an attack like that when I don't even utilize the extra hardware for anything? It's just there for no reason and carries with it the potential for future security problems. Common sense is telling me that I should buy hardware without any management engines at all until I can fully disable it in the platforms that do have it. I don't care if the software is better written that that Jewtel is putting out. It's all bad and AMD engineers are not perfect. I've already been burned once and I'm not trying to get burned again, you fucking idiot.
William Lee
>tfw you think it can never happen >tfw you think Intel can protect your computer on a thread about the latest Intel fuckup fucking kek m8
Leo Foster
I hope it coincide with the release of ZEN based APU for mass market desktops.
Noah Garcia
>yfw Icelake-SP is already past the tapeout and nothing will fix it
William Barnes
>tfw i don’t have data i’m attached too
Feels comfy.
Cameron Howard
>I still don't want or need something that I can't verify to not be malicious. I don't trust it. I often feel this way but my use case can't always be served by old or low performance hardware. here's a libertarian wallpaper.
>They will NEVER, EVER do that until hyperscale or goverment buys their CPUs. maybe I'm being too optimistic but I wouldn't rule it out entirely. 4 years ago people on this board would have said the same thing about the quality of open source video drivers. News stories like the one in the op are becoming more frequent so I'm not going to completely rule out the possibility.
>But they do allow disabling it on some boards right now. seriously? Any chance my motherboard is one of those chip sets? This would greatly please the snake
he's probably an underage normalfag from Reddit. I always suspect people with no regard for privacy or security are dumb kids from Reddit.
Angel Gutierrez
Who here ryzen
Bentley Bailey
Might be a good time to get your shit out of "The Cloud". I don't imagine this is going to be a smooth ride for a little while.
Ryan Hughes
Or you can simply move your VMs to EPYC machines. Your happy AMD merchant would always like to help you.
Ian Robinson
I mean that there's bound to be a rough patch for customers due to server issues caused by the patch, and probably some problems caused by hardware changes, should those servers move to AMD.
Ethan Cox
poozen checking in, intelfags on suicide watch
Jaxon Thompson
Oy vey, this is bad
Oy vey...
Caleb Cooper
Is there a list of processors affected by this bug, and the performance hit they will take?
Owen Stewart
Looks like everything remotely recent Intel.
Camden Kelly
Dude, this is not *bad*. This is "TLB bug"-tier catastrophe.
It's been said that it can decrease performance by 50%.
Jackson Sanders
...
Easton Torres
>literally too lazy to upgrade hardware >saved LOL is there anything better than being a lazy fuck
Jace Miller
Guys, is this really the happening that takes down intel?
Blake Foster
Just how 'recent' is 'recent'? All the i7 lineup, even going as far back as the i7 2600? Core2Duo?
>it can decrease performance by 50% From what I've seen that varies depending on the processor, which is why a list of affected models and performance hits would be handy, is it too early to tell?
James Jones
Yes. It's their own TLB bug. This is so fucking bad.
Anthony Brooks
>2018 >share same calendar as the following years >1900, 1906, 1917, 1923, 1934, 1945, 1951, 1962, 1973, 1979, 1990, 2001, 2007 >en.wikipedia.org/wiki/Führer_of_Germany >1934 to 1945
Oy vey, this year is antisemitic
Blake Roberts
Assuming it's related to speculative execution, the list will go up a while back. Like, a WHILE back.
Cooper Myers
intel, not even once™
Ryan Butler
Honestly, no. But, it's a very good start for 2018. Here's what will happen this year that will fuck them up, in no particular order.
>this >amd's existence >two biggest platforms (apple and microsoft) pushing ARM exclusive devices with emulation (no intel at all) >growing anti-israel sentiment >stale executives who can't stop fucking up
It's a good year. :)
Jeremiah Perez
How much better is ARM compared to x86 and x86_64?
Jose Harris
go back to Sup Forums, kid. stop inserting this anti jew Sup Forums bullshit on the thread
Jaxon Howard
Same shit, different ISA. And most SoCs are vendor locked-in shitfests. Enjoy!
Elijah Mitchell
Oy gevalt! Another Shoah! Shut it down!
James Nelson
Now is the time for Apple to step in. The A11 chip is already more powerful than an i5, once this happens Apple will be in a position to be a big player on the CPU market by putting A chips in their Macs.
BASED APPLE A S E D
A P P L E
Oliver Long
It's not a direct comparison, so I can't answer that. However, all major players are turning to ARM which has had way more progress in recent years and is a complete battery beast. Which isn't so important to desktops, for obvious reasons, but desktops can still benefit due to smaller sizes, less power consumption, and less Intel.
You have to be pretty blind to not see the anti-israel sentiment building up. I don't agree with them whatsoever, but it's pretty fucking obvious. The recent UN example is one you should not ignore. Has nothing to do with Sup Forums you sperg.
Henry Brooks
speaking of apple. grsecurity is reporting a performance hit on intel processors by almost 1/3rd. apple is already under fire for limiting the performance of their phones because muh battery, what happens when they limit the cpu speed for normies macbooks?
Jason Martin
Oh the burn is strong. Feel the burn Intel ! Lol
Time to buy a threadripper before they all sell out lol
Christopher Diaz
>1/3 perfhit
pretty xtreme desu, people will scream
Jack Brooks
Easy, they just won't patch it, so the users don't have a meltdown. If Microsoft can get away with not patching the Atom Tables bug, Apple can do it.
Owen Ramirez
It’s intels fault not apples. But what a perfect time for Apple to migrate all their Macs over to A11+ chips which are on par with current i7 chips and once this performance hit kicks in they will dominate them.
APPLE A BASED.
Levi Gonzalez
which do you think will cause more of an issue, normies whining that their 4000$ facebook machine doesn't load 1000x compressed jpgs or shit rags like motherboard/vice posting an article that apple ignored a security vulnerability in macos kernel?
Michael Fisher
Is this being discussed in this context of a 30% performance hit for all intel processors anywhere other than Sup Forums?
Forgive me but it’s harder to trust it if Sup Forums is the only place. Also if true then I need to load up on Intel puts.
lol that's being exceptionally optimistic in every way possible people noticed a fucking ~200 difference in geekbench scores (~200-600mhz clocks), they're going to rage about this too apple will be on indirect damage control for a bit
Ethan Thompson
Post YFW Apple finally breaks free of intel handcufffs and starts crafting beautiful MacBooks with ARM processors which are more powerful and use less energy
Blake Brown
>ARM >More powerful
Andrew Turner
Wilco, fuck off already.
Evan Ward
Intel/AMD shills BTFO
BASED APPLE A S E D
A P P L E
Christopher Perez
literally one of the few white hands that don't look like they belong to an obese person on Sup Forums
Chase Sullivan
wtf america
again?
Josiah Robinson
I doubt Apple will move all Macbooks to fucking ARM unless they want to lose more market share in the personal computer marketplace. I could see it MAYBE in a sub $600 macbook air style laptop.
Jordan Parker
Those are soyboy hands, son
Kevin Nguyen
looks like amd shills are at work
oh wait, AMD is too poor and cheap to pay for shills, these are just sad fanbois who spend their free time researching POTENTIAL bugs
Zachary Reed
>intel shill sweating
Gavin Mitchell
The fact this performance hit is so big, coupled with the complexity of the bug (which normal people won't regard as something very serious), makes it impractical to patch.
Normal people will have a hard time trying to grasp why this is a serious bug, and will default to choosing the convenience of speed over security. I don't know if Apple is going to patch it, but from the point of view of users, I think they'd bend over and take it. Maybe Apple could introduce a setting where they allow the user to choose between both options.
Apple can definitely get away with it
Camden Ward
Based Brad
Jordan Hernandez
So that's why Baidu has been soaking up every fucking Ebyc chip since the last quarter.
This feels like the World War Z movie where Israel knew about the zombie attack before everyone else and built the wall
Ryan Brown
What's the likelihood Intel will be forced to recall their CPUs and replace them for free? 35% performance penalty seems way too big to not issue a formal recall.
Connor Long
so this is the power of the average macfag...
Landon Sanders
top comfy
Jaxson James
soyboy hands > sugaboy hands
For sure, they'll deal with it. But users will still flip out unless a compromise of sorts occurs bundled with a separation between what caused this and future apple products.