Intel's Chip Bug

[Triggered Fridgekin]

Full well knowing the implications of Meltdown and Spectre I still went ahead and upgraded to an i7-8700k if only to go completely overkill for years to come since I primarily use my desktop for gaming which is where it's less of an issue. I also don't own an M.2 SSD which seems to have the biggest hit in 4k writes and javascript is pretty much on lock down as much as possible.

Utterly pointless upgrade but for once in my life I was able to afford to splurge rather than mull around in mid-range hardware and even if we're talking 5% performance hit from the microcode there's no way this thing won't last me till Zen2 or beyond.

[Remilia]

The patches are changing SE to not cache memory, that is where the performance hit is coming from. Theoretically it should be possible to add a encryption layer and re-enable SE.

As I mentioned further up the thread, there are many WPA2 exploits still in existence, that are easy to exploit (which meltdown / spectre is not) In the grand scheme of things, this is not the worst active exploit in computing, but it is the most publicised. I'm more worried that pretty much anyone with a phone can pluck data out the air at will while I'm using public wifi, or even my home network. As long as you are using noscript and adblockers, which most do, it is going to be borderline impossible for anyone to even use the Spectre exploit against you, as in this case, there is only one way to utilise it, which would involve you downloading a virus of some form.

It's a problem for novice users, and they should be applying the patches but at the same time, novice users are going to be wholly unaffected by the performance loss anyway.

Most people do not use noscript. Just going by addon number, only 1.5m people use noscript. Ublock on chrome supposedly 10m+, but that pales in comparison to the 67 million shipped and sold in a quarter from all OEMs.

I'm not even sure if you know what I mean by truly fix the security problem. This problem and exploit is a fundamental side effect of Out of Order Execution and Speculative Execution, both performance enhancing capabilities built in to all modern high performance CPUs. As of now the only true fix is on the silicon level removing the capabilities. The current attack vectors may be patched but we don't know if there are different ways to exploit the same concept or if the patches themselves may cause holes.

Also please list these thousands you mentioned. All I remember for WPA was a couple or some years ago, and that's just one. Please do list them, basically put up or shut up.

[Vash The Stampede]

As I mentioned further up the thread, there are many WPA2 exploits still in existence, that are easy to exploit (which meltdown / spectre is not) In the grand scheme of things, this is not the worst active exploit in computing, but it is the most publicised. I'm more worried that pretty much anyone with a phone can pluck data out the air at will while I'm using public wifi, or even my home network. As long as you are using noscript and adblockers, which most do, it is going to be borderline impossible for anyone to even use the Spectre exploit against you, as in this case, there is only one way to utilise it, which would involve you downloading a virus of some form.

The difference with WPA2 and Spectre is that WPA2 deals with networking and there's lots of ways to secure a network. A single exploitable access point is just one layer you have to break through to get someone's info. Exploiting WPA2 to get free internet is not a huge concern for most people. A CPU exploit that could allow sensitive information to be stolen is a whole new problem. It's made worse when we don't know exactly what's being done to secure these machines. Those hackers though, they know a lot better. All it takes is something to sneak into your system and suddenly other people have all your personal info.

It's a problem for novice users, and they should be applying the patches but at the same time, novice users are going to be wholly unaffected by the performance loss anyway.

Not entirely true. We just don't know how much of an effect this has on everything. And it definitely seems the older the Intel CPU you use, the more of a performance impact you see. Needs a lot of testing to see.

[thunterman]

The difference with WPA2 and Spectre is that WPA2 deals with networking and there's lots of ways to secure a network. A single exploitable access point is just one layer you have to break through to get someone's info. Exploiting WPA2 to get free internet is not a huge concern for most people. A CPU exploit that could allow sensitive information to be stolen is a whole new problem. It's made worse when we don't know exactly what's being done to secure these machines. Those hackers though, they know a lot better. All it takes is something to sneak into your system and suddenly other people have all your personal info.

Not entirely true. We just don't know how much of an effect this has on everything. And it definitely seems the older the Intel CPU you use, the more of a performance impact you see. Needs a lot of testing to see.

I've noticed no change at all on a 6600k. I'm seeing allot of people recalling benchmark results that are over a year old, then testing again now, the 5-10% they are reporting could be down to dust over a year for all I know. I cut 20 degrees off my GPU just by getting a can of compressed air and removing all the dust from my case. In the world of PC's I trust my own results more than anyone's, and all I know from my results is there is 0 performance impact in any of the areas I use my PC. Every single tech reviewer has slightly different results, and every single tech website does too, it's hard to know who's lying, whos effecting results e.t.c I trust my numbers, and they tell me there isn't a big issue. Some people are even reporting slight performance increases after ME updates... so there is that.

There is also networking vulnerabilities that put your data at risk, not just free access to your wifi. They are considerably easy to use compared to spectre.

[Zenny]

So it appears AMD is vulnerable to Spectre 2: https://www.engadget.com/2018/01/12/amd-spectre-patch/

More difficult to exploit then on Intel, but the threat still exists.

[kaelleria]

Unless you're running a data center or very specific IO intensive applications, most people will be unaffected. Intel's PR response was pretty garbage but AMD tipping the hand a few days before things were actually ready shows them to be a pretty shitty corporate citizen.

Forcefully Unmap Complete Kernel With Interrupt Trampolines is a vulnerability that is most dangerous to people running things on the cloud.

[Evildeffy]

Unless you're running a data center or very specific IO intensive applications, most people will be unaffected. Intel's PR response was pretty garbage but AMD tipping the hand a few days before things were actually ready shows them to be a pretty shitty corporate citizen.

Forcefully Unmap Complete Kernel With Interrupt Trampolines is a vulnerability that is most dangerous to people running things on the cloud.

So how would you (you being AMD) respond when Intel patches the issue by making your CPU suffer the same penalty when that's an issue you'd be unaffected by?

Also AFAIK it wasn't AMD that tipped it off but the Linux patches by Intel, correct me if I'm wrong on this.

Linus Torvald's response to Intel's issues was spot on if I'm honest and that guy hates all of them with a passion (especially nVidia though, he HATES nVidia with a passion).

[pansertjald]

I've noticed no change at all on a 6600k. I'm seeing allot of people recalling benchmark results that are over a year old, then testing again now, the 5-10% they are reporting could be down to dust over a year for all I know. I cut 20 degrees off my GPU just by getting a can of compressed air and removing all the dust from my case. In the world of PC's I trust my own results more than anyone's, and all I know from my results is there is 0 performance impact in any of the areas I use my PC. Every single tech reviewer has slightly different results, and every single tech website does too, it's hard to know who's lying, whos effecting results e.t.c I trust my numbers, and they tell me there isn't a big issue. Some people are even reporting slight performance increases after ME updates... so there is that.

There is also networking vulnerabilities that put your data at risk, not just free access to your wifi. They are considerably easy to use compared to spectre.

The once saying they lost 5-10% performance are the once that have updated their BIOS for the Microcode. If you only updated the Windows fix, you wont see anything in performance.

But as soon as you update your BIOS you will properly see a performance hit in the 5-10%. Mainly in read/write speed

Im still waiting on updating my Gigabyte BIOS because i don't really see a reason to do it and i don't wanna lose performance

[pansertjald]

I mean, how often do people upgrade their bios anyway?

This time people have to updated their BIOS if they want to fix the Intel bug

[Gray_Matter]

So it appears AMD is vulnerable to Spectre 2: https://www.engadget.com/2018/01/12/amd-spectre-patch/

More difficult to exploit then on Intel, but the threat still exists.

They never said that the chips weren't susceptible. They are patching out of an abundance of caution.

- - - Updated - - -

I've noticed no change at all on a 6600k. I'm seeing allot of people recalling benchmark results that are over a year old, then testing again now, the 5-10% they are reporting could be down to dust over a year for all I know. I cut 20 degrees off my GPU just by getting a can of compressed air and removing all the dust from my case. In the world of PC's I trust my own results more than anyone's, and all I know from my results is there is 0 performance impact in any of the areas I use my PC. Every single tech reviewer has slightly different results, and every single tech website does too, it's hard to know who's lying, whos effecting results e.t.c I trust my numbers, and they tell me there isn't a big issue. Some people are even reporting slight performance increases after ME updates... so there is that.

There is also networking vulnerabilities that put your data at risk, not just free access to your wifi. They are considerably easy to use compared to spectre.

It won't effect most people, at least not noticeably. Game servers, yes, games, not much at all.

- - - Updated - - -

I mean, how often do people upgrade their bios anyway?

The microcode updates are also being included in some OS patches.

Edit - corrected first statement

[c313]

This time people have to updated their BIOS if they want to fix the Intel bug

Which will only be a very small fraction of PC users. Most won't even know where to begin, hell the average person has no idea of this whole Spectre/Meltdown fiasco.

[pansertjald]

Which will only be a very small fraction of PC users. Most won't even know where to begin, hell the average person has no idea of this whole Spectre/Meltdown fiasco.

And your point is?. People still have to update their BIOS to fix the bug

[c313]

And your point is?. People still have to update their BIOS to fix the bug

That's the thing. The average person won't.

[Medusa Cascade]

Still don't have the Windows update to help mitigate this...looks like I'll be doing it manually

[Evildeffy]

https://wccftech.com/amd-class-actio...four-meltdown/

A little bit more of a clarification regarding this matter for AMD's side of "Being vulnerable to Spectre v2" .. which is what I've said but people tend to fire at someone before reading.

[kaelleria]

So how would you (you being AMD) respond when Intel patches the issue by making your CPU suffer the same penalty when that's an issue you'd be unaffected by?

Also AFAIK it wasn't AMD that tipped it off but the Linux patches by Intel, correct me if I'm wrong on this.

Linus Torvald's response to Intel's issues was spot on if I'm honest and that guy hates all of them with a passion (especially nVidia though, he HATES nVidia with a passion).

Actually, AMD basically disclosed the meltdown/spectre stuff a full week before with a Linux commit with snarky comments and accompanying reddit post. Then they turned out to be vulnerable too and their API documentation was completely incorrect and bricked a bunch of AMD servers...

This article is basically a written version of what I've been seeing on Twitter about this. https://arstechnica.com/information-...ctre-meltdown/

[Evildeffy]

Actually, AMD basically disclosed the meltdown/spectre stuff a full week before with a Linux commit with snarky comments and accompanying reddit post. Then they turned out to be vulnerable too and their API documentation was completely incorrect and bricked a bunch of AMD servers...

According to the article you linked it was actually Google itself whom released the information on January 3rd where AMD's statement prior to that was that they stated that with the proposed vulnerability discussion, which again according to your own link had been going on for months, that AMD had little to fear as it wouldn't work.
They were actually correct with their original assessment as that statement still stands today.

As far as the API documentation (which wasn't on servers but on normal PCs btw) ... I think the documentation was correct as Intel's Broadwell and Haswell CPUs had a lot of rebooting issues as well, Microsoft simply shifted the blame for their rushed ineptitude in their patches, not the first time ... nor will it be the last.
Because admitting guilt means admitting responsibility and thus opening a massive can of legal issues in the U.S. and that is akin to being asked to be sued.

That still said though my statement of what you quoted stands... if the other side would introduce a patch commit to screw over your product's performance would you then abide by that and have your product screwed over by the competition?

Yes it was snarky but if the opposition, who has more control than we'd like to admit, tries to screw you over (as you could see from their PR) you fire back.
AMD in this case answered harshly and deservedly in my opinion, their security assessments still standing to this day as is.

This article is basically a written version of what I've been seeing on Twitter about this. https://arstechnica.com/information-...ctre-meltdown/

Actually a very informative link, thanks for that.

But it does hold some weird things such as the patch you prior mentioned... they call it as AMD rolling out a firmware patch when it was in fact Microsoft rolling out a failed OS patch which had no microcode connection to AMD nor any software discussion from them, so it's weird calling it firmware that bricked PCs.
Which you could easily fix by simply uninstalling the patch, even in safe mode, thus not being "bricked"... perhaps they don't understand what bricked means?

He's right though that the whole keeping it to themselves thing is/was retarded... but then Linus Torvalds was vocal enough on that.

[chronia]

I think its this post that ppl are referring to when talking about "AMD blowing the lid", as from what i've read in quite a few of analysis and heard is that this was the first post that actually mentioned Speculative references. https://lkml.org/lkml/2017/12/27/2

Before that there were rumours aboput something being "not quite right" due to all the changes and sudden implementations of stuff like KAISER and PCID, but this post basicly showed "the world" what it was actually about from what i can find.

[Gray_Matter]

I think its this post that ppl are referring to when talking about "AMD blowing the lid", as from what i've read in quite a few of analysis and heard is that this was the first post that actually mentioned Speculative references. https://lkml.org/lkml/2017/12/27/2

Before that there were rumours aboput something being "not quite right" due to all the changes and sudden implementations of stuff like KAISER and PCID, but this post basicly showed "the world" what it was actually about from what i can find.

The issue that Intel commited code that basically hamstrung all AMD processors with the performance degradation that should only have been incurred for Intel CPU's and it was 1 week before release. What else was AMD supposed to do? They even had questions with that check-in when it included the commit message. Can you imagine what would have happened if they had just checked it in with no message. I am not saying that it was correctly handled but there is definitely enough blame to go around, including Intel. If you were into conspiracy theories then one could even argue that they did it on purpose. I wouldn't go that far. I would say that Intel just made a mistake in the same way that AMD did with their check in commit message.

[Evildeffy]

As far as the API documentation (which wasn't on servers but on normal PCs btw) ... I think the documentation was correct as Intel's Broadwell and Haswell CPUs had a lot of rebooting issues as well, Microsoft simply shifted the blame for their rushed ineptitude in their patches, not the first time ... nor will it be the last.
Because admitting guilt means admitting responsibility and thus opening a massive can of legal issues in the U.S. and that is akin to being asked to be sued.

Update on this:

Apparently MS and Intel are both highly inept with rushing updates causing issues.
Because what I said above for Broadwell/Haswell ... apparently extends all the way from Sandy Bridge up to and including Kaby Lake.
https://newsroom.intel.com/news/firm...enter-systems/

This is what you call a full blown panic mode release without proper QA, mistakes are made and consequences happen.
They couldn't be bothered fixing this all the way back in June and now that the lid's blown off you have to last minute fix it.

Serves whomever is caught in this right, regardless of whomever it is, be it AMD, Intel or ARM in general.
(Unsure as of the manufacturers since I think only the big hardware companies knew about this along with Google, MS and limited amount of others?)

This is going to blow out of proportions within this year with added issues.