CPU Vulnerabilities, Meltdown and Spectre, Kernel Page Table Isolation Patches, and more

Discussion in 'Hardware Components and Aftermarket Upgrades' started by hmscott, Jan 2, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,001
    Messages:
    17,582
    Likes Received:
    21,599
    Trophy Points:
    931
    Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery
    For now, have some code that won't crash Skylakes and stay close to your Telescreens
    By Simon Sharwood, APAC Editor 8 Feb 2018 at 08:03
    https://www.theregister.co.uk/2018/02/08/intel_spectre_meltdown_microcode_update/

    "Intel's offered the world some helpful advice about how to handle the Meltdown and Spectre chip design flaws it foisted on the world.

    "I can't emphasize enough how critical it is for everyone to always keep their systems up-to-date," wrote Navin Shenoy, executive veep and general manager of Intel's data centre group, bemoaning the fact that punters are slow to install patches and criminals use that tardiness to do their worst.

    Sound advice, but a bit hard to swallow given that Shenov's "Security Issue Update" revealed that Intel is yet to develop properly working microcode updates for many of the CPUs imperilled by Spectre and Meltdown.

    The effort to do so turned out to be more complicated than Intel thought, as some of its early updates made the silicon unstable. So unstable, in fact, that Intel recommended rollback as the best option.

    Chipzilla has managed to sort out sixth-generation Skylakes, as a February 7th Microcode Revision Guidance (PDF) document records.

    But Shenov's post - the first on Meltdown/Spectre to grace Intel's newsroom since January 22nd - also explained that the company "expects" to have working microcode or other platforms in coming days. Just what will land or when is anyone's guess.

    The post also points out that PC-and-server-makers, not Intel, will be the source of the fixes.

    There's more irony in Shenov's signoff, which says "We remain as committed as ever to addressing these issues and providing transparent and timely information."

    Given that Intel approved the formation of a small cabal of OEMs to address the problem and kept their efforts secret for months, then dodged questions from the press and has now been asked to explain itself by the US congress, we hope Shenov is talking about some form of transparency other than Intel's previous action as this crisis unfolded. "
     
    Last edited: Feb 8, 2018
    Robbo99999 and Vasudev like this.
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,001
    Messages:
    17,582
    Likes Received:
    21,599
    Trophy Points:
    931
    Intel re-issues Meltdown and Spectre patches with fresh code to rid users of performance issues
    Lee Bell, 8 Feb, 2018
    http://www.itpro.co.uk/security/30485/intel-re-issues-meltdown-and-spectre-patches-with-fresh-code-to-rid-users-of

    "After issuing a patch to fix the Spectre and Meltdown flaws in its Skylake chips, then telling users not to download it after all because it was causing performance issues, Intel has finally issued a working update.

    It arrives over two weeks after original buggy patch release, where the chip giant quickly decided to advise customers not to download it, and Microsoft issued an update to reverse it.

    At the time, the firm’s executive vice president, Navin Shenoy, apologised for the issues being caused and recommended OEMs, cloud service providers, system manufacturers, software vendors, and end users “stop deployment of current versions on specific platform as they may introduce higher than expected reboots and other unpredictable system behaviour”.

    However, Intel has said that a working update free of any nasty side effects is now shipping to its PC partners with a fresh code that doesn’t cause system instability. Although the new patch addresses just a subset of the affected users, focusing on those who own Skylake-based Core or Core M processors.

    While Intel said late last month it was testing a fix for Haswell and Broadwell PCs, it's still yet to roll this out. But an Intel blog post revealed patches should be hitting "more platforms in the coming days.”

    The new patch has been a long time coming for some, and might be too little too late. Especially Linux creator Linus Torvalds, who lambasted Intel for the fiasco surrounding its patching process, calling the fixes "pure garbage".

    In a post on the Linux kernel mailing list, Torvalds said the patches “do literally insane things” to the performance of the systems they are installed on.

    “They do things that do not make sense,” Torvalds said. “That makes all your arguments questionable and suspicious. The patches do things that are not sane. WHAT THE F*CK IS GOING ON?”

    He continued to rant that the patches are “ignoring the much worse issue, namely that the whole hardware interface is literally mis-designed by morons”."

    Intel releases stable Spectre patches for Skylake PCs, recovering from a bad bout of bugs
    No word yet on when Broadwell and Haswell systems will get updated code.
    By Mark Hachman Senior Editor, PCWorld | FEB 7, 2018 4:54 PM PT
    https://www.pcworld.com/article/325...s-stable-spectre-patches-for-skylake-pcs.html

    "If you own a Skylake-based PC and receive a patch to address the Spectre vulnerabilities, install it—Intel has greenlit the code.

    About two weeks after Intel recommended users halt or roll back Spectre and Meltdown patches because of system instability, the company disclosed that it has shipped new code to its PC partners that solves the problems of the earlier, buggy patch.

    Right now, though, the new patches address just a subset of the affected users: specifically those who own Skylake-based Core or Core m processors. On January 22, Intel said it had begun testing a fix for Haswell and Broadwell PCs, though Intel has not rolled that final patch code to its partners. An Intel spokesman didn’t immediately respond to an emailed question about when those patches would be available, though an Intel blog post said it would patch "more platforms in the coming days."

    “Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days,” Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel, wrote in the blog post. “We also continue to release beta microcode updates so that customers and partners have the opportunity to conduct extensive testing before we move them into production.”

    Intel said that the code has been approved for the Skylake U-, Y-, H-, and S-series chips, as well as the U23e. Intel’s updates come as part of a new document that tracks the progress of the microcode revisions, which will presumably continue to be updated over time.

    In early January, Intel disclosed that virtually all of its microprocessors were potentially affected by both the Spectre and Meltdown vulnerabilities, which attack the speculative architecture of Intel’s chips. Other manufacturers were also affected, including ARM and to a lesser extent, AMD. But while Intel works to eliminate the Spectre and Meltdown vulnerabilities from future designs (and AMD does as well), the industry has had to deal with the issue that the patches themselves will slow down their PCs. Check PCWorld's constantly updated Spectre FAQ to keep up with all the latest developments.

    What you need to do: Patch. In this case, Intel’s Shenoy himself puts it best: “Ultimately, these updates will be made available in most cases through OEM firmware updates,” he wrote. “I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change.”"
     
    Last edited: Feb 8, 2018
    Robbo99999, Vasudev and KY_BULLET like this.
  3. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    4,241
    Messages:
    7,322
    Likes Received:
    4,920
    Trophy Points:
    431
    For skylake, I see the same uCode C2.
     
    Robbo99999, hmscott and Raiderman like this.
  4. Raiderman

    Raiderman Notebook Deity

    Reputations:
    462
    Messages:
    746
    Likes Received:
    1,726
    Trophy Points:
    156
    It's an MSI X370 gaming pro carbon. I think I have the ability to roll back the bios through ezflash. It looks like AMD is making the patch an optional flash, via your link. So I will update this weekend, and see how it performs. Back in the day, they used to roll out monthly bios updates, not 5 months. The last bios update is dated September.

    Sent from my SM-G935T using Tapatalk
     
    KY_BULLET, Vasudev and hmscott like this.
  5. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,001
    Messages:
    17,582
    Likes Received:
    21,599
    Trophy Points:
    931
    Intel releases new Spectre microcode update for Skylake; other chips remain in beta
    Previous microcode update was reported to cause unwanted system reboots.
    Peter Bright - 2/7/2018, 5:25 PM
    https://arstechnica.com/gadgets/201...kylake-other-chips-remain-in-beta/?comments=1

    "After recommending customers not use its microcode fix for Broadwell and Haswell chips, Intel has issued a new microcode update for Skylake processors that gives operating systems the ability to protect against the Spectre flaw revealed earlier this year.

    The Spectre attacks work by persuading a processor's branch predictor to make a specific bad prediction. This bad prediction can then be used to infer the value of data stored in memory, which, in turn, gives an attacker information that they shouldn't otherwise have.

    The microcode update is designed to give operating systems greater control over the branch predictor, enabling them to prevent one process from influencing the predictions made in another process.

    Intel's first microcode update, developed late last year, was included in system firmware updates for machines with Broadwell, Haswell, Skylake, Kaby Lake, and Coffee Lake processors.

    But users subsequently discovered that the update was causing systems to crash and reboot. Initially, only Broadwell and Haswell systems were confirmed to be affected, but further examination determined that Skylake, Kaby Lake, and Coffee Lake systems were rebooting, too.

    In response, consumers were advised not to use the new microcode, and operating system features that leveraged the new capabilities were disabled.

    The new microcode is being distributed to hardware companies so that they can include it in a new range of firmware updates. This latest update is only for mobile Skylake and mainstream desktop Skylake chips.

    It neither fixes the Broadwell or Haswell problems, nor does it apply to Kaby Lake, Skylake X, Skylake SP, or Coffee Lake processors.

    Intel says that beta testing of other microcodes for these processors is ongoing. As such, laptop and desktop owners of Skylake systems should see firmware updates arriving soon. Everyone else, however, still has to wait."
    Sasparilla Ars Scholae Palatinae et Subscriptor FEB 7, 2018 5:36 PM

    It's Intel, they know what they're doing. /s

    Who wants to go first?

    hollis Smack-Fu Master, in training FEB 7, 2018 5:51 PM

    I highly doubt mainboard manufacturers will make new bios/uefi firmwares now just for Skylake and then again do new ones when Kaby etc. is done (given that Skylake and Kaby Lake run on the same boards). At best they'll do one new firmware for such boards, once all new microcode updates are out. Everything else would really surprise me.

    NinjaNerd56 Ars Tribunus Militum FEB 7, 2018 6:03 PM

    Just installed...

    ...luks lik iswrkng finn.

    Fatesrider Ars Tribunus Militum et Subscriptor FEB 7, 2018 6:11 PM

    Given that this is for Skylakes and I have a Haswell, I'll pass, thanks.

    I'm going with AMD next time I upgrade. Intel's response to this problem makes me wonder what ELSE it knows about, but isn't revealing. I can't for the life of me imagine why the problem wasn't shared in the same manner as other security flaws have been in the past - unless there's more to hide there than this (at least off the top of my cynical head).

    I expect by the time I go out and do that, AMD will have fixed the problem with Spectre. I'm a bit less confident that Intel won't be patching theirs for a while.

    In the meantime, I expect we'll be serenaded by the distant screams of frustration as computers periodically reboot themselves for no apparent reason for some time to come...

    KMorgan Smack-Fu Master, in training FEB 7, 2018 6:42 PM

    Just a point, the biggest concern I've seen among users has been corruption, especially in data work loads: Three days later Intel acknowledged in its quarterly earnings report that the glitchy firmware can also cause “data loss or corruption.” This disclosure prompted Microsoft to take the unusual step of releasing an emergency Windows update designed to disable Intel's fix for one of the two Spectre variants.
     
    Vasudev likes this.
  6. Support.2@XOTIC PC

    Support.2@XOTIC PC Company Representative

    Reputations:
    478
    Messages:
    3,117
    Likes Received:
    3,471
    Trophy Points:
    331

    Wow, what a mess. I thought they would be able to lock that down with the next update, looks like it will have to wait more.
     
    Vasudev and hmscott like this.
  7. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    5,001
    Messages:
    17,582
    Likes Received:
    21,599
    Trophy Points:
    931
    VMware sticks finger in Meltdown/Spectre dike for virtual appliances
    Proper patches under way, but for now - to your command lines, vAdmins!
    By Simon Sharwood, APAC Editor 9 Feb 2018 at 03:58

    "VMware has advised on how to mitigate the Meltdown and Spectre chip design flaws in several of its products.

    The workarounds cover vCloud Usage Meter, Identity Manager (vIDM), vCenter Server, vSphere Data Protection, vSphere Integrated Containers and vRealize Automation (vRA). And they're important because VMware now ships several of its products as appliances: vCenter, for example, is no longer allowed to run in a Windows VM.

    The knowledge base articles for all the products state that Meltdown and Spectre can create problems for virtual appliances, explain that the mitigation tactics will stop attacks but must be considered "a temporary solution only and permanent fixes will be released as soon as they are available."

    Several of the workarounds, listed here, require logging on as a privileged user and then type a couple of commands. Others require more effort. So crack open your command lines, vAdmins: there's work to do.

    And in case you are super-keen on VMware and or wonder about whatDell plans to do with it , consider its SEC filings and those of the Dell Technologies tracking stock that's tied to Virtzilla.

    Both record that colossal investment management outfit Blackrock Inc has recently increased its holdings in both stocks above the five per cent level that makes public disclosure compulsory. That kind of buy is sometimes a signal that an investor wants its opinions to be given greater weight.

    So once you finish your workarounds, grab some popcorn."
     
    Last edited: Feb 11, 2018
    Vasudev likes this.
  8. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    3,431
    Messages:
    5,850
    Likes Received:
    4,623
    Trophy Points:
    431
    I think the Skylake Spectre-fixed microcodes are just identical to the previously pulled release, at least according to this Intel documentation. If you notice there are 3 *** (stars) next to the microcode for Skylake in the following document (https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf) - the 3 stars indicate that it was the previously released microcode and that the stability issues were initially incorrectly linked to the microcode - so initial fixed microcode is stable on Skylake, which can be inferred by that document. 0xC2 is the fixed microcode. That's probably why Skylake are the first to receive stable microcodes sent to the OEM's for incorporation into future BIOS releases, which has been in the news that you linked, because it's just identical to the previous release that had been pulled (no extra work required on part of Intel).
     
    Last edited: Feb 11, 2018
    hmscott and Vasudev like this.
  9. Papusan

    Papusan JOKEBOOKS = That sucks! Dont wast your $ on FILTHY

    Reputations:
    15,733
    Messages:
    19,929
    Likes Received:
    31,287
    Trophy Points:
    931
    Get Windows Update locked down in preparation for this month’s problems-Computerworld.com

    If February turns out half as bad as January, you’ll thank your lucky stars if you take a few minutes now and make sure Windows Update is turned off. Temporarily, of course.

    Security luminary Brian Krebs has already reported that we’re in for a potful of patches for February’s Patch Tuesday. His list of ten critical patches due out tomorrow should give you pause.


    If you find a security “expert” who tells you to turn on Automatic Updates after all the hassles we had last month, send ‘em to the AskWoody Lounge and we’ll knock 'em upside the head. Those who don't know history are destined to repeat it:vbbiggrin:
     
  10. NeonSun

    NeonSun Notebook Enthusiast

    Reputations:
    5
    Messages:
    11
    Likes Received:
    12
    Trophy Points:
    6
    Regardless, it doesnt sound good for Intel
     
    hmscott and Vasudev like this.
Loading...

Share This Page