Page 1 of 3

Intel CPU security flaw

Posted: Wed Jan 03, 2018 6:56 pm
by hyenaz
https://www.theregister.co.uk/2018/01/0 ... sign_flaw/

Has anyone else been following this? Can we expect a performance hit in music applications?

Re: Intel CPU security flaw

Posted: Wed Jan 03, 2018 8:13 pm
by folderol
From what I've read, we probably (mostly) dodged the bullet.
It seems the fix will mostly affect I/O not processor intensive tasks.
Building up a buffer full of sound will be fine, but there may be a bit of a bottleneck getting each buffer to the soundcard

Re: Intel CPU security flaw

Posted: Wed Jan 03, 2018 10:09 pm
by hyenaz
Good to hear. I don't want to lose 30% of CPU speed.

This was really funny:

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."

Re: Intel CPU security flaw

Posted: Fri Jan 05, 2018 2:34 pm
by thetotalchaos
hyenaz wrote: Has anyone else been following this? Can we expect a performance hit in music applications?
I hope not. In less than a year, both Intel and Mozilla, two of the finest examples of freedom respecting companies, betrayed us and let us down. And although i am quite happy, using Chromium and Epiphany, I am not ready to assemble a new AMD Based home system. My configuration is less then an year old, Intel based.....s*it.

Re: Intel CPU security flaw

Posted: Fri Jan 05, 2018 4:05 pm
by hyenaz
Reading Intel's PR statement, it basically translates to:

There is no problem, and the problem effects all chip manufacturers, and the problem will be minor for most users, and the problem will be mitigated in the long term.

So hopefully fixes in the longer term will mitigate any CPU hit.

Re: Intel CPU security flaw

Posted: Fri Jan 05, 2018 5:50 pm
by windeguy

Re: Intel CPU security flaw

Posted: Fri Jan 05, 2018 5:56 pm
by folderol
Intel are doing their usual mixture of flat out lies plus bait and switch.

There are very real and serious problems and there are two separate issues.

The first, is immediately and easily exploitable. It is specific to all Intel processors since 2009, and also one (as yet unreleased) class of ARM processors. it doesn't affect AMD nor any other class of processors. This is the 'Meltdown' one that devs all round the world have been working flat out for months to work-around it. Note this is not a fix. A proper fix has to be done with new CPU hardware.

The other one (spectre) is much harder to exploit, and requires more uninterrupted attack time - unfortunately it is also much harder to fix. This one affects just about all modern processors. Browser makers are working to produce blocks in javascript to close that particular attack vector. Once more, this is not a fix, and again, eventually hardware solutions need to be found.

The final gotcha is that new hardware doesn't solve the problem for old systems that for one reason or another can't be replaced. For them, there will always need to be some form of software hack.

On the plus side, there have already been a lot of benchmark tests done on the new code, and we should get off pretty lightly.

The people who will be in the worst position are relatively small ISPs who's machines are doing mostly net and storage accessing.

Re: Intel CPU security flaw

Posted: Fri Jan 05, 2018 7:12 pm
by m.lp.ql.m
Related, but more selfish question: I was just about to start putting together a new system. Any guesses as to when the new, "fixed," hardware will be available?

Re: Intel CPU security flaw

Posted: Fri Jan 05, 2018 8:14 pm
by English Guy
I want to keep an old kernel on hand and run it on an offline system when I work

Re: Intel CPU security flaw

Posted: Sat Jan 06, 2018 9:20 am
by Lyberta
English Guy wrote:I want to keep an old kernel on hand and run it on an offline system when I work
KPTI can be disabled with runtime switch. If you don't run untrusted code, you can easily turn it off.

Re: Intel CPU security flaw

Posted: Sat Jan 06, 2018 9:33 am
by briandc
Kinda sounds to me like a big scare to get people buying new computers.


brian

Re: Intel CPU security flaw

Posted: Sat Jan 06, 2018 9:51 am
by tavasti
briandc wrote:Kinda sounds to me like a big scare to get people buying new computers.
Problem is real. Current state, any website can put javascript reading all your passwords from your browsers password manager or from your keepass if it is open. Same goes for office documents, reading memory with word doc macros is possible. However, implementing word doc which works also in libreoffice in linux might be bit harder :-)

So if there is update for your browser available, update now.

Re: Intel CPU security flaw

Posted: Sat Jan 06, 2018 11:16 am
by tavasti
m.lp.ql.m wrote:Related, but more selfish question: I was just about to start putting together a new system. Any guesses as to when the new, "fixed," hardware will be available?
https://twitter.com/securelyfitz/status ... 0652196864

That says maybe some minor fixes on summer. Something bit better 2019-2010. Full fix 2021.
That isn't word of god, but anyway guess from somebody who knows workflow and constrants on processor industry.

Re: Intel CPU security flaw

Posted: Sun Jan 07, 2018 6:18 am
by tavasti
42low wrote:
m.lp.ql.m wrote:Any guesses as to when the new, "fixed," hardware will be available?
I've read on a linux forum that the software fix is to be expected this weekend. Then the hardware bug isn't a problem anymore.
Fix for meltdown, which gives access to kernel memory to all processes will be fixed, and this will cause slowdown.

For spectre, which will allows reading memory from other process there won't be single fix, but many fixes here and there. Most likely it can't be fixed fully in software. Never ever. And this problem is also in amd processors.

Re: Intel CPU security flaw

Posted: Sun Jan 07, 2018 1:43 pm
by Jack Winter
Spectre is arguably the bigger problem...