Intel's Chip Bug

[munkeyinorbit]

With the release of information regarding a severe bug in Intel's processors that require parts of the windows/linux kernels to change I wonder if some users here who use intel processors could run some before and after benchmarks for us.

For those unaware;

https://hothardware.com/news/intel-c...-windows-macos

I am more interested in finding out where I can sign up for the class action lawsuit. I don't care if I only get a dollar because of the billion devices out there affected. I also want to know where I can sue the mobile phone manufacturers because there is no way they are getting me a patch because I don't have a late 2017 flagship phone and there are 5 billion of those phones around.

[Magnosh]

One could make the argument that Intel knew about Meltdown and Spectre in June 2017

Which means that they knew about this when they released the Coffe Lake CPUs.

[Gray_Matter]

Which means that they knew about this when they released the Coffe Lake CPUs.

That could be a problem for them. Probably even more for Skylake than Coffee Lake. People would have been buying Skylake for processing which could take a significant knock after the patch. There will probably be a class action lawsuit because of this.

[Kagthul]

I am more interested in finding out where I can sign up for the class action lawsuit. I don't care if I only get a dollar because of the billion devices out there affected. I also want to know where I can sue the mobile phone manufacturers because there is no way they are getting me a patch because I don't have a late 2017 flagship phone and there are 5 billion of those phones around.

You wont get a dime. Those lawsuits will go nowhere.

This wasn't due to malfeasance or negligence, and it hasn't caused any damage to anyone because it was found in a lab and has been patched before it could be exploited.

There's about as much chance as any of those cases proceeding as there is of the sun coming up in the west tomorrow.

[DeltrusDisc]

No, it is a workstation platform.



Almost all other Motherboard brands have a similar piece of software.

Gigabyte certainly does.

its convenient to simply click one button and get all my drivers and firmware updated - you know, like a civilized modern OS.

Obviously you don't understand what enthusiast entails. Also, that's nice you just want to blindly install drivers and firmware, some of us like to know what we are installing, maybe we do a little more than just plug and play than you.

- - - Updated - - -

You wont get a dime. Those lawsuits will go nowhere.

This wasn't due to malfeasance or negligence, and it hasn't caused any damage to anyone because it was found in a lab and has been patched before it could be exploited.

There's about as much chance as any of those cases proceeding as there is of the sun coming up in the west tomorrow.

Only one of these major errors is being patched easily. Thanks for playing, sit down.

[Twoddle]

When's the next load of Intel chips coming out without the flaw and not needing the patch? I was gonna build a new PC soon.

[thunterman]

That could be a problem for them. Probably even more for Skylake than Coffee Lake. People would have been buying Skylake for processing which could take a significant knock after the patch. There will probably be a class action lawsuit because of this.

People have already tested the patch, and are reporting slight performance increases. It's yet another blown out of proportion drama fest (meltdown atleast) Meltdown can be ignored entirely, Spectre is the only cause for concern, and one can assume a fix is incoming, the Embargo is today. We shouldn't be blaming chip makers here, we should be blaming the assholes that leaked a unfixed exploit, it defeats the object of Project Zero. When Project Zero announces a discovery that has already been patched, no one even bothers to read it, when one is leaked by the media, there is mass panic. Shit, there's probably bugs like this discovered on a weekly basis but you don't ever hear about them because they aren't at the centre of a misinformed, misunderstood social media shitstorm. The reason for the damn embargo, which some jackass broke. The lawsuit should be on them, not intel.

[Gray_Matter]

People have already tested the patch, and are reporting slight performance increases. It's yet another blown out of proportion drama fest (meltdown atleast) Meltdown can be ignored entirely, Spectre is the only cause for concern, and one can assume a fix is incoming, the Embargo is today. We shouldn't be blaming chip makers here, we should be blaming the assholes that leaked a unfixed exploit, it defeats the object of Project Zero. When Project Zero announces a discovery that has already been patched, no one even bothers to read it, when one is leaked by the media, there is mass panic. Shit, there's probably bugs like this discovered on a weekly basis but you don't ever hear about them because they aren't at the centre of a misinformed, misunderstood social media shitstorm. The reason for the damn embargo, which some jackass broke. The lawsuit should be on them, not intel.

What? Meltdown can be "ignored entirely"? Not everyone plays games. We have 250 processing VM's and I am not even talking about our development machines. Even a 10% drop will necessitate us getting more servers or cutting the number of processing VM's. People who bought Skylake systems for processing could see noticeable drops in some activities. Time will tell how badly the effects will be but it's definitely not something that can be ignored.

Just to prove my point. This is from Epic Games and their servers:

https://www.epicgames.com/fortnite/f...ability-update

We wanted to provide a bit more context for the most recent login issues and service instability. All of our cloud services are affected by updates required to mitigate the Meltdown vulnerability. We heavily rely on cloud services to run our back-end and we may experience further service issues due to ongoing updates.

The following chart shows the significant impact on CPU usage of one of our back-end services after a host was patched to address the Meltdown vulnerability.

[Deleted]

When's the next load of Intel chips coming out without the flaw and not needing the patch? I was gonna build a new PC soon.

I would say 2019 at earliest. It is unlikely that Intel will be able to fix it for next cpu series release and even if they did they would have to push it back a lot - so yeah 2019 or later. For AMD side it is same story - their Ryzen 2 are done and in production so no changes can be made. Zen 2(Ryzen 3) will be 2019 and that's when you can expect fix from AMD.

In case of both Intel and AMD the next cpu is shrink/optimization and not new arch so it is rather doubtful they will fix it then, especially since as mentioned earlier it would require costly delays.

[Sturmbringe]

When we tested and published this article, the Windows 10 emergency fix had been out for just a few hours and no microcode or firmware updates had become available. For laptops and brand name desktops, that means you also have to update your system with new firmware that will come from your respective OEM. For builders, that means you have to wait for an update from your motherboard manufacturer.

As of writing, a handful of companies have started to offer these updates on some of their product lines: Dell, Lenovo/ThinkPads, Asus, Microsoft Surface, and some others. When our test platform receives a security firmware update we plan to add those results to this article. Users around the web have started to post benchmarks of their systems with both patches applied and the result appears to be slightly worse performance than when they had only applied the OS patch.

It's our understanding that the Windows patch and other OS-level updates cover only one of three known vectors for exploiting the flaws. The combination of OS and firmware should cover all three, although in some scenarios application-level patches will also be required to be fully secure. To have a better understanding of Meltdown and Spectre we suggest you read our condensed what you need to know or read the whitepapers.

https://www.techspot.com/article/155...mance-windows/

Folks are starting to upgrade their CPU microcodes and they are reporting losing performance compared to when they had installed just the OS patch.

So, we are seeing TWO distinct instances of performance loss, one instance AFTER installing OS patch and a second instance AFTER updating CPU microcode.

[Magnosh]

People have already tested the patch, and are reporting slight performance increases. It's yet another blown out of proportion drama fest (meltdown atleast) Meltdown can be ignored entirely, Spectre is the only cause for concern, and one can assume a fix is incoming, the Embargo is today. We shouldn't be blaming chip makers here, we should be blaming the assholes that leaked a unfixed exploit, it defeats the object of Project Zero. When Project Zero announces a discovery that has already been patched, no one even bothers to read it, when one is leaked by the media, there is mass panic. Shit, there's probably bugs like this discovered on a weekly basis but you don't ever hear about them because they aren't at the centre of a misinformed, misunderstood social media shitstorm. The reason for the damn embargo, which some jackass broke. The lawsuit should be on them, not intel.

This patch is not solving everything from what I understood so you can't say that the only performance loss might be on the meltdown patch, both under evaluating and exaggerating the full extend of the patches on the performance is wrong.

How can the meltdown be ignored if it is the one where people can get access to your passwords and stuff because it breaks the barrier between the Kernel and user level software? Some strains of Specter could be ignored as it apparently needs your computer to be infected by someone that has physical access to it.

The lawsuit should be on Intel for knowing about this and that this is has no proper fix and still releasing the Coffe Lake CPUs probably to get ahead of AMD's Ryzen.

And I'm saying this and I will still probably buy an intel i5 8600k next week because it is probably still better for wow than ryzen.

[Kagthul]

Obviously you don't understand what enthusiast entails.

.... this the most unintelligible drek there is. Im not stating an opinion, im stating a fact. Its a prosumer workstation chipset. Theres nothing “enthusiast” about it. Conversely, theres also nothing NOT enthudiast about it either.

Also, that's nice you just want to blindly install drivers and firmware, some of us like to know what we are installing,

Ahh, so you manually sift through driver repositories at manufacturer websites? Somehow, i call bullshit. Unless your entusiasm is spent on tracking down specific driver revisions or something. Everyone has a special something. Some people collect stamps.

maybe we do a little more than just plug and play than you.

linux called. It says it misses you.

- - - Updated - - -



Only one of these major errors is being patched easily. Thanks for playing, sit down.

.... uh, you should maybe actually, i dunno, read. Theyre both patched already, at least as far as Intel CPUs are concerned, on MacOS, Windows 10, and Linux. Not that it matters since the following things are still true:

This isnt due to malfeasance on the part of any actor (AMD, Intel, ARM, IBM, etc)
This isnt due to negligence on the part of any actor.
There is no conspiracy to harm on the part of any actor.
There has been no false advertisement, claims, etc made by any actor
There has been no material harm to any end user.

There is no basis to form a Class, let alone proceed from there. You can be as butt hurt about that as you like, but it isnt going to happen. Except maybe to AMD, since they DID make some outrageous public claims trying to diss Intel about how they werent affected, only for that to be untrue. Even thne, highly unlikely.

And i didnt even have to stand up.

[Remilia]

The class action that's possible is Coffee Lake, since they knew the vulnerability at that time. Previous ones not so much.

AMD isn't affected by Meltdown, which is the one that AMD responded to with the detailing on how privilege is respected, they are however affected by Spectre. Meltdown affects all Intel CPUs for the past decade and ARM A75. Meltdown is the biggest one atm in terms of performance hit. They're all based off of speculative execution but doesn't work the same way.

[mrgreenthump]

Except maybe to AMD, since they DID make some outrageous public claims trying to diss Intel about how they werent affected, only for that to be untrue.

??

It was Intel dev that flagged all CPUs insecure in the Meltdown patch with

Code:

setup_force_cpu_bug(X86_BUG_CPU_INSECURE);

Rather than only flagging Intel CPUs. This lead to comments on AMD wrongly being flagged as vulnerable for Meltdown.

[Magnosh]

.... uh, you should maybe actually, i dunno, read. Theyre both patched already, at least as far as Intel CPUs are concerned, on MacOS, Windows 10, and Linux.

Apparently not the Specter Variant 1

You should read this https://gist.github.com/woachk/2f867...f71c90cd6533e9

Plus apparently this was already being discussed in 2016:

https://technet.microsoft.com/en-us/...or=-2147217396

Last name and presentation on that list.

[Kagthul]

??

It was Intel dev that flagged all CPUs insecure in the Meltdown patch with

Code:

setup_force_cpu_bug(X86_BUG_CPU_INSECURE);

Rather than only flagging Intel CPUs. This lead to comments on AMD wrongly being flagged as vulnerable for Meltdown.

The whole thing broke (before the embargo) because an AMD dev pushed a patch to the Linux kernel with tags on it claiming AMD processors were immune. Thats how this whole thing “broke” to the public. Users noticed the flag and comments in the code repository and it broke to the internets.

AMD essentially broke the embargo date through hubris and stupidity on the part of one of their devs. As i said, i expect it to go nowhere, because it simply isnt that big of a deal.

[Barnabas]

The whole thing broke (before the embargo) because an AMD dev pushed a patch to the Linux kernel with tags on it claiming AMD processors were immune. Thats how this whole thing “broke” to the public. Users noticed the flag and comments in the code repository and it broke to the internets.

AMD essentially broke the embargo date through hubris and stupidity on the part of one of their devs. As i said, i expect it to go nowhere, because it simply isnt that big of a deal.

No through honesty because it doesn't affect them. The spectre issue gives more credence to conspiracy theories related to government being allowed a backdoor to computers.

[Kagthul]

No through honesty because it doesn't affect them. The spectre issue gives more credence to conspiracy theories related to government being allowed a backdoor to computers.

..SPECTRE -DOES- affect AMD. It affects literally everything... AMD, ARM, Intel, IBMs POWER, anything. If it uses branch prediction, its vulnerable to SPECTRE, period/end.

SPECTRE is the far more dangerous of the two, to boot, as some parts of it simply are not fixable, at all. Thankfully those require physical access to the hardware. MELTDOWN can basically be patched/worked around on via software fixes.

And regardless, they werent supposed to break the embargo date. It exists for a reason. There have been (far) worse bugs caught by Project Zero that were never exploited precisely because of embargo dates.

AMD (though im totally willing to believe that the Dev in question was just being a cheeky asshole and wasnt directed to place the comments to the code by his bosses) basically stepped in it hard because of that statemrnt. They (or the Dev) tried to use this to tar Intel, only to have it backfire spectacularly.

[Barnabas]

..SPECTRE -DOES- affect AMD. It affects literally everything... AMD, ARM, Intel, IBMs POWER, anything. If it uses branch prediction, its vulnerable to SPECTRE, period/end.

SPECTRE is the far more dangerous of the two, to boot, as some parts of it simply are not fixable, at all. Thankfully those require physical access to the hardware. MELTDOWN can basically be patched/worked around on via software fixes.

And regardless, they werent supposed to break the embargo date. It exists for a reason. There have been (far) worse bugs caught by Project Zero that were never exploited precisely because of embargo dates.

AMD (though im totally willing to believe that the Dev in question was just being a cheeky asshole and wasnt directed to place the comments to the code by his bosses) basically stepped in it hard because of that statemrnt. They (or the Dev) tried to use this to tar Intel, only to have it backfire spectacularly.

Oh waa they patched things the best they could for now and will mitigate further if needed.

[DeltrusDisc]

When's the next load of Intel chips coming out without the flaw and not needing the patch? I was gonna build a new PC soon.

This is extremely new and most of us only know what we can read. You could know just as much of us if you read articles and reports.

In short: who knows. Hopefully soon.