Omega Owners Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Please play nicely.  No one wants to listen/read a keyboard warriors rants....

Pages: [1] 2  All   Go Down

Author Topic: Meltdown and Spectre bugs  (Read 3157 times)

0 Members and 1 Guest are viewing this topic.

STEMO

  • Guest
Meltdown and Spectre bugs
« on: 05 January 2018, 12:34:51 »

Is anyone on here knowledgeable enough to explain in, more or less, layman’s terms what the dangers of these are? I’ve read the technicalities and, obviously, they are way over my head.
Will a patch be enough to fix something as deep in the OS as this is? If, as is being advised by some of the more manic commentators, we may have to bin our hardware and buy new, surely the stuff on the shelves will suffer from the same problems?
An idiots guide would be much appreciated.
Logged

Kevin Wood

  • Global Moderator
  • *****
  • Offline Offline
  • Gender: Male
  • Alton, Hampshire
  • Posts: 36268
    • Jaguar XE 25t, Westfield
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #1 on: 05 January 2018, 13:46:56 »

The issues will be worked around in software and will probably amount to some optimisations being turned off on the affected CPUs.

This will cause a performance hit, but probably not enough to really bother the average home user.
Logged
Tech2 services currently available. See TheBoy's price list: http://theboy.omegaowners.com/

LC0112G

  • Omega Baron
  • *****
  • Offline Offline
  • 0
  • Posts: 2439
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #2 on: 05 January 2018, 14:01:15 »

Sounds to me that there are only 2 solutions...

1) Disable speculative execution - not even sure that's possible on modern processors. However it'll have a massive impact on modern CPU performance

2) Modify the OS exception handlers in the kernel so that they flush/invalidate the entire CPU cache if/when a protection fault occurs. This will have a much smaller effect on performance, but kernel mods are pretty deep in the core of most OS's and rushing to fix this bug may inadvertently break things and expose yet more issues. It's also a problem for no longer supported OS's - Microsoft aren't gonna fix what is in reality an Intel/ARM/AMD silicon bug for Win 95/XP/2000/NT and lots of commercial/industrial systems still use these.
Logged

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 105841
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #3 on: 05 January 2018, 14:23:13 »

For normal users, it *SHOULD* be a non-issue, as long was you run as a limited user, and only run certified stuff. As far as I can make out, after looking at this (admittedly from a Unix angle), is it looks like you need to be a priviledged user to exploit.


But too many have egos bigger than their talent, and run with Administrator access.  These people are at greater risk, but need adding to the cull list anyway ;D


Meltdown patches for Win10 are already out, pre Win10 are still in the works. Spectre probably will likely never get fixed properly.  Apple have released iOS patches for supported iPhones/iPads. Android users will have to check with their handset manaufacturers if they are vulnerable - again, non rooted Android devices are naturally more secure, rooted devices need to get their owners on the cull list.

These patches are being hyped to cause performance issues, but most of us will not notice them.


So, for most of us, usual rules apply - ensure you regularly update your PC via Windows Update. In all cases, but especially if pre Win10, be cautious of anything you are running/installing on your machine, and only run absolutely necessary browser plugins.
Logged
Grumpy old man

LC0112G

  • Omega Baron
  • *****
  • Offline Offline
  • 0
  • Posts: 2439
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #4 on: 05 January 2018, 15:17:24 »

For normal users, it *SHOULD* be a non-issue, as long was you run as a limited user, and only run certified stuff. As far as I can make out, after looking at this (admittedly from a Unix angle), is it looks like you need to be a priviledged user to exploit.

I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.

The issue is that the privileged instructions don't complete in one clock cycle, and don't complete the address validation before they actually read the value from memory - they take many cycles to evaluate the address, then evaluate if that address is in the users privilege level address space, before finally launching into the exception handler if a fault (protection violation) has occurred. In the mean time other parts of the CPU have continued (speculatively) and actually read the value from the privileged address and then updated the CPU's cache. The CPU won't actually return the value to the rogue program, and will do normal protection handling, but the cache has been updated and this has knock on effects. It means that if the same instruction is repeated a second time the CPU can read from the cache (one cycle) and not spend time going to memory (many cycles). Even though the instruction faults again and value isn't returned, the users program can detect a variation in the amount of time it takes for control to be returned. From that you can work out the value that is stored in the protected location.

Logged

STEMO

  • Guest
Re: Meltdown and Spectre bugs
« Reply #5 on: 05 January 2018, 15:35:09 »

Thanks Kevin and Jaime. LCO112G......you can just eff off  ;D  ;D  ;D
Logged

Andy H

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Male
  • Auckland
  • Posts: 5498
    • Mazda MPV
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #6 on: 05 January 2018, 16:19:43 »

This is apparently a quote from the Register’s report on this issue (but I haven't managed to find the original article).

Quote
“The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka oppsWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.”

PS the word filter rather blunts the impact of the original (but all the letters are there so you can work it out for yourselves...)
« Last Edit: 05 January 2018, 16:24:07 by Andy H »
Logged
"Deja Moo - The feeling that you've heard this bull somewhere before."

Kevin Wood

  • Global Moderator
  • *****
  • Offline Offline
  • Gender: Male
  • Alton, Hampshire
  • Posts: 36268
    • Jaguar XE 25t, Westfield
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #7 on: 05 January 2018, 16:37:28 »

This is apparently a quote from the Register’s report on this issue (but I haven't managed to find the original article).

Quote
“The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka oppsWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.”

PS the word filter rather blunts the impact of the original (but all the letters are there so you can work it out for yourselves...)

Probably this article but it's been re-written a bit since I read it the other day. ::)

http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

KPTI sounds like back to the old-school way of traversing privilege levels which will presumably disable speculative execution between spaces and cause quite slow context switches instead.

Probably not a huge issue except in servers where your machine is doing mostly I/O. I suspect it will be quite a big performance hit there, though.

I'm relieved I didn't pull the trigger on that big PC upgrade when I was in Novatech pre-christmas buying Mrs. KW's present. ;D
Logged
Tech2 services currently available. See TheBoy's price list: http://theboy.omegaowners.com/

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 105841
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #8 on: 05 January 2018, 17:00:37 »

I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.
Java (as opposed to javascript). This runs within the security domain of the user executing it. Which should be a limited user if the user has any sense.  If you are running a JVM from about the last 4yrs, any attempt to run unsigned code will completely fail or prompt you that you are being a bit lax (if you've lowered its security AND added that specific site to the trusted list in Java Panel)


I'd add further, Java (along with Flash, and any toolbars and search helpers) should absolutely, categorically be disabled (ideally uninstalled) in your browsers unless you absolutely, completely need them.  The browsers are now generally hard to exploit, but the plugins are universally weak.



As to other posters comments from The Register, just remember they are, and always will be, anti Intel and anti MS.  So, yeah, its a monumental cock-up, not just the Meltdown (Intel and some ARM (misreported by The Register)), but Spectre which impacts AMD as well, meaning all PC users are potentially vulnerable.
Logged
Grumpy old man

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 105841
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #9 on: 05 January 2018, 17:04:51 »

I'm relieved I didn't pull the trigger on that big PC upgrade when I was in Novatech pre-christmas buying Mrs. KW's present. ;D
Its going to be at least 2 years before a viable hardware fix is in place, as it looks like only bits can be done at the microcode level, and the software fixes are going to hurt servers far more than desktops, where most users won't notice them.

Not sure I'd use it to put off buying new PC hardware, if I needed it.  But then all my PC stuff is quite old, and its unlikely old trusty, my beloved laptop, is affected at all ;D
Logged
Grumpy old man

ronnyd

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Male
  • Bury St Edmunds Suffolk
  • Posts: 8592
    • Vectra 1.8 SRI Silver
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #10 on: 05 January 2018, 17:46:52 »

 ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? Lost after the first paragraph. :-[ :-[ ;D
Logged

Migv6 le Frog Fan

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • Webs End.
  • Posts: 11734
  • Nicole's Papa
    • 3.2 Elite. Boxster. C1.
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #11 on: 05 January 2018, 18:53:18 »

I was lost half way through the first sentence. I really do wish I had some clue to what they are talking about.  :-[ ;D
Logged
Women are like an AR35. lovely things, but nobody really understands how they work.

ronnyd

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Male
  • Bury St Edmunds Suffolk
  • Posts: 8592
    • Vectra 1.8 SRI Silver
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #12 on: 05 January 2018, 19:19:15 »

I was lost half way through the first sentence. I really do wish I had some clue to what they are talking about.  :-[ ;D
I didn,t like to admit that early, but yes. ;D
Logged

Kevin Wood

  • Global Moderator
  • *****
  • Offline Offline
  • Gender: Male
  • Alton, Hampshire
  • Posts: 36268
    • Jaguar XE 25t, Westfield
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #13 on: 05 January 2018, 23:20:25 »


Not sure I'd use it to put off buying new PC hardware, if I needed it.  But then all my PC stuff is quite old, and its unlikely old trusty, my beloved laptop, is affected at all ;D

As opposed to "wanted", being the key. ;) I'm in no rush.

Does make me wonder if we're now making CPUs so complex that it's getting impossible to avoid such things, though. :-\
Logged
Tech2 services currently available. See TheBoy's price list: http://theboy.omegaowners.com/

Rods2

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Male
  • Sandhurst Berkshire
  • Posts: 7604
    • 1999 3.0 Elite Estate
    • View Profile
Re: Meltdown and Spectre bugs
« Reply #14 on: 06 January 2018, 03:03:04 »


Not sure I'd use it to put off buying new PC hardware, if I needed it.  But then all my PC stuff is quite old, and its unlikely old trusty, my beloved laptop, is affected at all ;D

As opposed to "wanted", being the key. ;) I'm in no rush.

Does make me wonder if we're now making CPUs so complex that it's getting impossible to avoid such things, though. :-\

Complex single and multi-cycle instructions with their exception handling, cache and main memory read and write speeds, multi-thread, multi-core processors, pre-processing branch prediction and speculative execution to keep the multi-step processor execution queue as full as possible at all times where queue stalls and branch queue dumps are to be avoided as big performance hit costs, along with all the combinations & permutations of these make really horrible logic races inevitable, where you are looking to maximise processor performance. I won't mention hardware interrupts on top of this along with DMA, slow I/O cycles and administration v user rights etc, etc. IMO Meltdown looks the easier to fix. Spectre looks a total bar-steward without potentially big realtime performance penalties. :o :o :o

I guess the CPU designers at Intel, ARM and AMD will all be burning plenty of midnight oil on these and using plenty of supercomputer processor simulation time. ::) ::) ::)
« Last Edit: 06 January 2018, 03:14:33 by Rods2 »
Logged
US Fracking and Saudi Arabia defending its market share = The good news of an oil glut, lower and lower prices for us and squeaky bum time for Putin!
Pages: [1] 2  All   Go Up
 

Page created in 0.028 seconds with 18 queries.