Info Meltdown and Spectre Vulnerabilities Information

[Deleted member 217926]

Should note the January 3rd KB4056892 update shows as having failed on both my main systems. Apparently that's a known bug and it really worked.

https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892

It isn't showing up as available for my old Core2 E8400 laptop yet.

 

[goldstone77]

https://www.phoronix.com/forums/forum/phoronix/general-discussion/999103-more-linux-kernel-gcc-patches-come-out-in-the-wake-of-spectre-meltdown/page4

I've heard back from AMD.... At least this PR person is saying: . “Disabling branch prediction” is definitely not an accurate description and we are working to address with SUSE now.
Michael Larabel

Edit: https://twitter.com/david_schor/status/949426541427150848

 

[jankerson]

Update worked on both of my Windows 10 Pro machines.

Nothing on the Windows 7 Pro box yet.

 

[Darkbreeze]

Now whether the motherboard vendors will provide these updates in their BIOSes for older boards is an open question.

Well, as of so far I've seen no new bios releases for Gigabyte Z170, Z270 or Z370 boards, so they must be lagging. When the IME vulnerability came up, they had new bios out within two days.

 

[Darkbreeze]

Also, I installed the Win10 update on my mom's FX-6300 system, and it immediately reset the computer. Black screen, restart, whole works. WTF? Upon restarting it did the same thing after about two seconds into the desktop. Had to roll back to the previous image and works fine. Installed the update again, same thing. Black screen, restart. I've had to unplug her system from the internet which basically makes it worthless as it keeps automatically installing the update now and no way to disable that (Windows updates) as we well know.

 

[jankerson]

Dunno about the AMD side, I don't have any AMD machines.

 

[randomizer]

Also, I installed the Win10 update on my mom's FX-6300 system, and it immediately reset the computer. Black screen, restart, whole works. WTF? Upon restarting it did the same thing after about two seconds into the desktop. Had to roll back to the previous image and works fine. Installed the update again, same thing. Black screen, restart. I've had to unplug her system from the internet which basically makes it worthless as it keeps automatically installing the update now and no way to disable that (Windows updates) as we well know.

Did you install it manually or via Windows Update? If you installed it manually it could be caused by an incompatibility with the AV software. Most have been updated already but if it's got a more obscure product or it hasn't been updated in a long time it might still be incompatible.

 

[Darkbreeze]

It was done through Windows update. Her antivirus is Spybot search and destroy and it's fully up to date. I don't think that would have any affect though as it was done normally though windows update. Still, even so I've never seen AV software cause a computer to instantly hard reset with no blue screen or anything. Just instant black screen, click sound from PSU resetting, reboot. Shampoo, rinse, repeat. System runs perfectly fine so long as I don't allow it to install todays updates.

Weird. I think I'm going to do a clean install on her system along with all the updates and nothing else on it to see if there are still issues that way.

 

[randomizer]

I didn't know Spybot had AV capabilities. In any case, if it came through Windows Update then either you didn't have an AV installed (as far as Windows is concerned) or it flagged itself as compatible by setting a particular registry key.

 

[Darkbreeze]

I didn't know Spybot had AV capabilities.

Spybot +AV: The all-in-one anti-malware, anti-rootkit, anti-exploit, anti-spyware and antivirus software solution.


At 15 bucks a year it's a much more palatable option than Malwarebytes for 59.99 per year. If I didn't already have a lifetime license for MB then I'd be using Spybot on my personal system too. For my mom, spybot is more than enough.

 

[goldstone77]

It was done through Windows update. Her antivirus is Spybot search and destroy and it's fully up to date. I don't think that would have any affect though as it was done normally though windows update. Still, even so I've never seen AV software cause a computer to instantly hard reset with no blue screen or anything. Just instant black screen, click sound from PSU resetting, reboot. Shampoo, rinse, repeat. System runs perfectly fine so long as I don't allow it to install todays updates.

Weird. I think I'm going to do a clean install on her system along with all the updates and nothing else on it to see if there are still issues that way.

I just watched the WAN show talking about Anti-Virus software algo's using the speculative branch chain, and causing all kinds of problems!
https://youtu.be/PEmC5-BdO28?t=462

 

[goldstone77]

http://www.guru3d.com/articles_pages/windows_vulnerability_cpu_meltdown_patch_benchmarked

Fact is that all OSes will need to be patched, yours as well. For Windows, this will be done through an incremental software update, and very likely your motherboard will need to be upgraded with a new BIOS as well. On Tuesday that patch will automatically become available, and who knows perhaps it is propagating already. The new security patches for Windows 10, however, can be download as standalone already. I decided to grab it, install it and see what happens.

Notice they talk about the motherboard requiring a bios update, but actually just test the windows 10 update. Wait for the big hit from speculative branch prediction from the microcode update for the bios to make these benchmarks worst! Like the reddit post showing a minor degree of impact with just a software patch, and then the microcode bios update hit it even harder!

 

[goldstone77]

https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/
https://www.youtube.com/watch?v=_qZksorJAuY

Pinned by Hardware Unboxed
Hardware Unboxed
1 day ago (edited)
The full fix will also rely on firmware updates from Intel, so I’ll keep you guys up to date with news and benchmark results.

Update: I've also tested the Sandy Bridge 2600K and haven't found anything different. The 4K performance is noticeably down but other than that everything else is much the same. I won't make another video till we get the BIOS updates.

@Darkbreeze you were heading in the right direction, about speculative branch prediction. The microcode is going to be the big hit that no one has released testing on except one guy using real bench on reddit.

Edit: I bet we starting seeing these benchmarks popping up soon!

 

[Darkbreeze]

Well, like I said before, if the hit is anywhere overall near what was initially estimated, it means that comparatively (With me being on Skylake) we will soon all be back to Ivy bridge performance levels and it will take three to five years of performance increases just to get back to where we were three years ago when Skylake came out. For Coffee lake users, you could think going back to Haswell performance levels. For Ryzen, well, all those Ryzen 7 folks now have FX-8350's. This is big time suck no matter how you look at it. Especially since there's really no option not to patch, since F#$#% windows 10 no longer allows you to opt out of updates.

What about all the people out there that have no fricking idea about what a bios update is or would ever be likely to read about the need to do one in the first place? How do they plan to push bios updates to all these peoples systems? This nightmare is ONLY just beginning.

 

[goldstone77]

Well, like I said before, if the hit is anywhere overall near what was initially estimated, it means that comparatively (With me being on Skylake) we will soon all be back to Ivy bridge performance levels and it will take three to five years of performance increases just to get back to where we were three years ago when Skylake came out. For Coffee lake users, you could think going back to Haswell performance levels. For Ryzen, well, all those Ryzen 7 folks now have FX-8350's. This is big time suck no matter how you look at it. Especially since there's really no option not to patch, since F#$#% windows 10 no longer allows you to opt out of updates.

What about all the people out there that have no fricking idea about what a bios update is or would ever be likely to read about the need to do one in the first place? How do they plan to push bios updates to all these peoples systems? This nightmare is ONLY just beginning.

Yeah, but look at the motherboard manufacturers how long do they have to support a motherboard, 1-3 year warranty? Only the newer motherboards ~skylake will probably be covered for the microcode in reality. There will be a lot of unsecure systems. And this goes back to the fist statement I made when I seen the Meltdown patch!

Well, that's one plan to get everyone to upgrade their PC/processors!
3,2,1 GO... stage 1 complete.

http://www.tomshardware.com/forum/id-3529443/intel-coffee-lake-8th-generation-megathread-faq-resources/page-9.html#20552167

 

[Darkbreeze]

Yeah, but like "I" said, upgrade to what? If that was even remotely feasible there would already be products in the pipeline that didn't have this vulnerability. NOW, if we find out in a couple of months that Cannon lake doesn't have this, then the shiznit can really hit the fan. Of course, depending on how you look at it. That's good, but that's awfully, very, suspiciously, bad.

 

[goldstone77]

Yeah, but like "I" said, upgrade to what? If that was even remotely feasible there would already be products in the pipeline that didn't have this vulnerability. NOW, if we find out in a couple of months that Cannon lake doesn't have this, then the shiznit can really hit the fan. Of course, depending on how you look at it. That's good, but that's awfully, very, suspiciously, bad.

You are looking at it all wrong. Remember what Intel said? These performance issues will lessen over time hahaha! They just lengthed out existing technology, with improvements being done to the patch on newer processors to gain back lost performance! They can fix it with a deficit! Then slowly bring it back up! They don't have to shrink the node down anymore, which is getting more costly! They are back to living high on the hog!

Edit: Maybe tomorrow the benchmarks come, and maybe it won't be so bad. I guess we'll just have to wait and see.

 

[Darkbreeze]

That's pretty funny. I like it.

 

[juanrga]

So branch prediction is only disabled on AMD CPUs.

Only parts of it are disable not all of it.

The patch is pretty clear: "This new firmware disables branch prediction on AMD family 17h processor"

So it disables branch prediction, not parts of it.

I think your taking the statement too literal. To completely disable it would cause a serious impact on performance.

Edit: To test this theory ask anyone who has the windows 10 patch installed on a Ryzen system.

It is really not clear what they actually did.

I went through the whole list of changes in the Kernels and I found this:

- x86/CPU/AMD: Add speculative control support for AMD (bsc#1068032).
- x86/CPU/AMD: Make the LFENCE instruction serialized (bsc#1068032).
- x86/CPU/AMD: Remove now unused definition of MFENCE_RDTSC feature
(bsc#1068032).
- x86/CPU: Check speculation control CPUID bit (bsc#1068032).
- x86/enter: Add macros to set/clear IBRS and set IBPB (bsc#1068032).
- x86/entry: Add a function to overwrite the RSB (bsc#1068032).
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
(bsc#1068032).
- x86/entry: Use IBRS on entry to kernel space (bsc#1068032).
- x86/feature: Enable the x86 feature to control Speculation (bsc#1068032).

Juan is right they outright say they disabled the branch predictor (indirect? are there 2 types in Zen?), but the actual details in the kernel changes list does not say that explicitly. Quite the contrary: they added speculative control support for AMD. Is that basically to allow programs to know if they can use it or not?

And to add more confusion SUSE published this yesterday

https://lwn.net/Articles/743224/

CVE-2017-5715 / "SpectreAttack": Local attackers on systems with modern
CPUs featuring branch prediction could use mispredicted branches to
speculatively execute code patterns that in turn could be made to leak
other non-readable content in the same address space, an attack similar
to CVE-2017-5753.

This problem is mitigated by disabling predictive branches, depending
on CPU architecture either by firmware updates and/or fixes in the
user-kernel privilege boundaries.

Please also check with your CPU / Hardware vendor on updated firmware
or BIOS images regarding this issue.

As this feature can have a performance impact, it can be disabled using
the "nospec" kernel commandline option.

 

[juanrga]

And to add more fun to this 2018, now a vulnerability in the AMD PSP is announced

https://www.phoronix.com/scan.php?page=news_item&px=AMD-PSP-2018-Vulnerability

Apparently a fix (incomplete?) was released in December. I guess it has something to do with people reporting on December how the latest AGESA update for RyZen had disabled the PSP processor.

 

[juanrga]

Red Hat confirms that IBM is also affected for security flaws (I guess they mean some version of the Spectre attack). Systems affected are Power 8 and Power 9 and Z-series.

My guess was wrong. IBM is also affected by Meltdown.

 

[juanrga]

I am copying here and replying here to this post from the AMD thread

To be fair, there are TWO separate classes of issues. AMD is believed to be immune to the first (which is the more immediate problem), but *everyone* is affected by the second.

Believed by whom? The researches that discovered the flaw claim this " Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown."

http://www.tomshardware.co.uk/forum/id-3609004/cpu-security-vulnerabilities-information.html

What is comes down to is that a Meltdown was tested on Intel CPU's successfully, and unsuccessfully on AMD or ARM processors, so only Intel has had to apply a patch to fix the Meltdown vulnerability. This is also what sparked all the attention on day one of the story, because of potential performance decreases associated with high system calls from the patch Intel had to apply. The fixes for Spectre were mitigated through OS updates, and thought to cause minimal performance loss.

6.4 Limitations on ARM and AMD
We also tried to reproduce the Meltdown bug on several
ARM and AMD CPUs. However, we did not manage
to successfully leak kernel memory with the attack described
in Section 5, neither on ARM nor on AMD.

All this information and more is readily available in this thread. Read the papers on each form of attack, and the subsequent post form a timeline of events as they appeared.
http://www.tomshardware.com/forum/id-3609004/cpu-security-vulnerabilities-information.html

Edit: Just to be clear the patch Intel applied, and the OS software mitigation are band aids to help reduce the likely hood of a successful attack, and do not prevent it completely! Only hardware design changes will fix this.

One has to read the full quote from the Meltdown paper, not only the part that you quote above. The full quotation is

6.4 Limitations on ARM and AMD
We also tried to reproduce the Meltdown bug on several
ARM and AMD CPUs. However, we did not manage
to successfully leak kernel memory with the attack described
in Section 5, neither on ARM nor on AMD. The
reasons for this can be manifold. First of all, our implementation
might simply be too slow and a more optimized
version might succeed. For instance, a more shallow
out-of-order execution pipeline could tip the race
condition towards against the data leakage. Similarly,
if the processor lacks certain features, e.g., no re-order
buffer, our current implementation might not be able to
leak data. However, for both ARM and AMD, the toy
example as described in Section 3 works reliably, indicating
that out-of-order execution generally occurs and
instructions past illegal memory accesses are also performed.

As one can see, the authors don't claim that AMD and ARM are invulnerable to Meltdown. They claim that their attack wasn't successful and then argue the reason could be on their current implementation being too slow or relying on specific features not present in AMD and ARM CPUs, and another implementation of the attack could be successful. They end by mentioning how the proof-of-concept also applies to "both ARM and AMD".

They have not proved that AMD and ARM are vulnerable, but in the other hand they believe that there is no fundamental reason why a different algorithm couldn't work. So in the meltdown site we can read

Which systems are affected by Meltdown?
Desktop, Laptop, and Cloud computers may be affected by Meltdown. More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 (except Intel Itanium and Intel Atom before 2013). We successfully tested Meltdown on Intel processor generations released as early as 2011. Currently, we have only verified Meltdown on Intel processors. At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.

"Unclear" is not the same than invulnerable.

Since the status of the vulnerability of AMD chips to Meltdown attack is "unclear" at this time I think that we would take the safe approach and assume that all x86 CPUs are vulnerable until more research is performance on AMD chips. This is the original approach taken by linux kernel devs, but AMD complained its chips would be free from the Meltdown patch and Linus trusted AMD. So current version of the Meltdown patch in linux kernel only applies to Intel chips.

My question is, what if tomorrow a Meltdown attack is successful on AMD chips? All AMD systems will be insecure.

 

[randomizer]

Proving immunity is very difficult. I think taking AMD's word for it is the right thing to do at the moment. If it turns out that AMD processors are vulnerable then it will be a serious embarrassment.

 

[-Fran-]

Proving immunity is very difficult. I think taking AMD's word for it is the right thing to do at the moment. If it turns out that AMD processors are vulnerable then it will be a serious embarrassment.

And will deserve all the karma payback associated to it, I might add.

Let's hope that is not the case, since I don't think they really need something like that; specially when they have started to be a player, again, in the market.

Cheers!

 

[juanrga]

Proving immunity is very difficult.

Not always. For instance older Atoms and Cortex-A53 are immune to attacks because don't have speculative execution.