There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).
People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (twitter.com/grsecurity/status/947147105684123649 (embed)
) and people with Intel, Amazon and Google emails are CC'd.
According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation".
People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one.
Reminder that Brian Krzanich sold ~50% of his holdings in Intel leaving him with 250000 shares which is the contractually required minimum he can hold without losing his position as CEO.
Basically only vulnerable if you can flash the firmware. You can only do this with valid Intel management credentials. So its mostly a non issue.
Wyatt Phillips
>g4560 its already slow and this.. what the fuck intel.
Easton Phillips
IT ISN'T TRUE! THE BUG IS MADE UP LIES BY AMD RUSSIAN HACKERS!!!
Oliver Phillips
Are you really surprised?
Robert Morales
This has literally nothing to do with the issue in OP
Thomas Richardson
You pajeetel shill, this is a SEPARATE problem from the PTI vulnerability.
In fact, this just shows how hilariously fucked intel is.
Kayden Robinson
mfw we will witness the fall on Intel
Justin Thomas
That's the wrong completely devastating issue, baka.
Brandon Edwards
>He doesn't actually know what intel ME is lel
Jace Ross
...
Cameron Martin
It is still under embargo retard, this is a different bug
Wyatt Phillips
Intel is: [_] Finished [_] Bankrupt [X] FINISHED AND BANKRUPT
Brayden Robinson
...
Kevin Young
If this is bait, its fucking excellent
Christian Bailey
...
Parker Smith
>Intel has so many vulnerabilities that shills can't even keep track of which one they're supposed to damage control at a given moment
Nathan Cook
totally nothing suspicious goin on here..nope.
Isaiah Thompson
Windows 10 users are now finally fucked with the automatic updates
Hunter Miller
>Syscall overhead roughly doubles >Insignificant performance loss for most desktop applications, but VERY significant loss for syscall-heavy applications >That includes GPU drivers >Gaymers are going to flock to AMD because AMD doesn't nerf their GPU performance >Intel's monopoly on desktop CPUs will collapse because entire segments of the market will refuse to use their CPUs holy shit guys this might be it
Charles Perry
Windows 7/8 users are now finally fucked if they don't install the patch.
Camden Young
Time to buy cheap intel machines and just use them offline
Grayson Wood
Reminder that ARM Aarch64 is also fucked
>lists.infradead.org/pipermail/linux-arm-kernel/2017-November/542751.html >The performance hit from this series isn't as bad as I feared: things like cyclictest and kernbench seem to be largely unaffected, although syscall micro-benchmarks appear to show that syscall overhead is roughly doubled, and this has an impact on things like hackbench which exhibits a ~10% hit due to its heavy context-switching.
Angel Bell
People are better off with a slower system than a vulnerable one in this case.
>doubles Potentially quadruples, I think, judging by the dude on /r/sysadmin.
Hunter Lee
> November Wtf? Does that mean it's already known that long?
Xavier Flores
This vulnerability is very severe. It has to be patched
Kayden Long
That's before they figured out that AMD is not affected.
Thomas Russell
ARM
Levi Morris
AMD =/= ARM
Liam Sullivan
That's when Intel's CEO sold his stocks, so clearly.
Jonathan Evans
Let's summarize guys >diversity >shitty yields >constantly delayed 10 nm process >foreskin thermal paste instead of solder in the ihs >even in their fucking xeons >netburst 2.0 like temps >unscallable ringbus >massive thermal infernos in their i9 processors >that let the PowerPC 970 and the fucking 9590 like a winter look like a candle in the fucking Minnesota >now this horrible bug that will hamper at least 30% of the performance AMD did nothing and its winning this year. Hell, even they will a FX renaissance.
Wyatt Gonzalez
>all that green
Alexander Robinson
>@
Nolan Morris
>>that let the PowerPC 970 and the 9590 look like a cande flame in the fucking Minnesota's winter FTFM.
Jason Cooper
They've been working on this from at least early 2017 but it turned into a serious push near the end of the year.
I think there's been studies about exploiting speculative execution feature for even longer time.
IT DOESN'T AFFECT NEHALEM IT DOESN'T AFFECT NEHALEM IT DOESN'T AFFECT NEHALEM MY I7 920 FINE
Nicholas Price
You forgot how they blew lots of cash on failed Atoms in smartphone and tablets, the bricked Atoms C2000, and several remotely-exploitable Management Engine bugs.
Kevin Davis
guys guys what if this is a plot to make people buy ryzen
don't believe this news until theres hard proof aka a patch and benchmarks before&after. DONT FALL FOR THIS
Sebastian Roberts
AAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHH everyone running a DB or network centric application on Intel is screwed!
Intel stock will drop 20% by the end of Q1 2018. Screenshot this. >Intel Corporation Common Stock Real Time Stock Quotes >$47.30
Connor Fisher
Time to spend all my spare 3000 usd to buy some AMD stocks.
Mason Harris
so there is no point in these threads until the update hits and we see if there is any difference at all
>Intel stock will drop 20% by the end of Q1 2018. Not just their stock, but also their performance.
Jack Green
Sauce please.
Jacob Foster
holy fuck!
Luis Ross
...
Levi Cox
Go back to Twitter, kid
Luke Morris
Guess we know how they achieved their "single-threaded" performance now.
Jace Edwards
Feels good to use a secure CPU.
Eli Reyes
on a secure os!
Lincoln Collins
what about BSD? any relevant patches anyone?
William Howard
Dude that's nothing, have you seen the I/O performance? OVER 50% SLOWER, fucking insane, this is going to be a fatal blow to Intel.
Luis Rogers
Welp, looks like it might finally be the end of my 2500K.
It was fun while it lasted.
Goodbye, old friend.
Evan Cooper
...
Jace Jenkins
Optane is fucking dead now.
Elijah Wilson
you are forgetting about most motherboard vendors whom haven't even patched all their system affected by the intel management engine bug. "intel management engine bug" has a good sound to it, given current events, brian is probably the exploit that management engine
Jaxson Murphy
Include me in the meme screenshot
Easton Perez
I wonder how Intel will advertise their next couple generation when they fixed the bug and can't use this speculative execution anymore to improve IPC.
New Intel core i9-9870k with -10% IPC Kek
Ryan Perez
THEY SAID IT'S WESTMERE ONWARD
Logan Myers
I'll upgrade to some minimal distro and make an imageboard, like that dude some days ago
Colton Hill
>OPTANE NVDIMMS STILL NOT AVAILABLE OPTANE NVDIMMS STILL NOT AVAILABLE >OPTANE NVDIMMS STILL NOT AVAILABLE OPTANE NVDIMMS STILL NOT AVAILABLE >OPTANE NVDIMMS STILL NOT AVAILABLE OPTANE NVDIMMS STILL NOT AVAILABLE >OPTANE NVDIMMS STILL NOT AVAILABLE OPTANE NVDIMMS STILL NOT AVAILABLE I summon Charlie.
Asher Fisher
I need to fucking short intel
Wyatt Wood
...
Christopher Cooper
However, it may be that the vulnerability in Intel's chips is worse than the above mitigation bypass. In an email to the Linux kernel mailing list over Christmas, AMD said it is not affected. The wording of that message, though, rather gives the game away as to what the underlying cockup is:
>AMD processors are not subject to the types of attacks that the kernel page >table isolation feature protects against. The AMD microarchitecture does not >allow memory references, including speculative references, that access higher >privileged data when running in a lesser privileged mode when that access >would result in a page fault.
A key word here is "speculative." Modern processors, like Intel's, perform speculative execution. In order to keep their internal pipelines primed with instructions to perform, the CPU cores try their best to guess what code is going to be run next, fetch it, and execute it. It appears, from what AMD software engineer Tom Lendacky was suggesting above, that Intel's CPUs speculatively execute code potentially without performing security checks. It seems it may be possible to craft software in such a way that the processor starts executing an instruction that would normally be blocked – such as reading kernel memory from user mode – and completes that instruction before the privilege level check occurs. That would allow ring-3-level user code to read ring-0-level kernel data.
Gabriel Howard
If I'm not running VMs is there any reason why I would be affected by this update?
Xavier Miller
>Intel's low-powered Bonnell microarchitecture employed in early Atom processor cores also uses an in-order dual pipeline similar to P5
Noah Smith
Why would you buy anything now wait for black friday
Eli Gomez
Yes. This flaw has nothing to do with virtualization.
Daniel Evans
Depends, is your CPU Intel and running OS?
Ethan Bennett
Depends on what you do and how utilized your processor currently is.
Austin Hall
>If I'm not running VMs is there any reason why I would be affected by this update?
The defacto loss (I can read your keys yo) of all privilege separation on all OSs.
James Foster
FreeBSD is being patched as well.
Nathaniel Brooks
There's already a patch and benchmarks. Just not from news sites.
Jason Wright
Everything is fine if it can't go below ring 0
Cameron Thomas
VMs ≠ Virtual Memory. Affects all CPUS.
Andrew Brown
...
Easton Perry
...
Jace Smith
INTEL IS BANKRUPT AND FINISHED HOW WILL INTELLETS EVER RECOVER?
- /* Assume for now that ALL x86 CPUs are insecure */ - setup_force_cpu_bug(X86_BUG_CPU_INSECURE); + if (c->x86_vendor != X86_VENDOR_AMD) + setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
fpu__init_system(c);
Easton Jenkins
If you don't apply the patch your computer will get compromized and taken over by a hacker.
Charles Carter
It's a feature you filthy goys, you should be happy.
Josiah Butler
When can I sue the Intel/NSA?
David Barnes
ayymdee bros WW@
Jordan Young
I already have no AV anyway
Dominic Parker
In reality this is a plot to force people to hastily adopt a rigged security update. Rigged by the merchants.