Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: STEMO on 05 January 2018, 12:34:51
-
Is anyone on here knowledgeable enough to explain in, more or less, layman’s terms what the dangers of these are? I’ve read the technicalities and, obviously, they are way over my head.
Will a patch be enough to fix something as deep in the OS as this is? If, as is being advised by some of the more manic commentators, we may have to bin our hardware and buy new, surely the stuff on the shelves will suffer from the same problems?
An idiots guide would be much appreciated.
-
The issues will be worked around in software and will probably amount to some optimisations being turned off on the affected CPUs.
This will cause a performance hit, but probably not enough to really bother the average home user.
-
Sounds to me that there are only 2 solutions...
1) Disable speculative execution - not even sure that's possible on modern processors. However it'll have a massive impact on modern CPU performance
2) Modify the OS exception handlers in the kernel so that they flush/invalidate the entire CPU cache if/when a protection fault occurs. This will have a much smaller effect on performance, but kernel mods are pretty deep in the core of most OS's and rushing to fix this bug may inadvertently break things and expose yet more issues. It's also a problem for no longer supported OS's - Microsoft aren't gonna fix what is in reality an Intel/ARM/AMD silicon bug for Win 95/XP/2000/NT and lots of commercial/industrial systems still use these.
-
For normal users, it *SHOULD* be a non-issue, as long was you run as a limited user, and only run certified stuff. As far as I can make out, after looking at this (admittedly from a Unix angle), is it looks like you need to be a priviledged user to exploit.
But too many have egos bigger than their talent, and run with Administrator access. These people are at greater risk, but need adding to the cull list anyway ;D
Meltdown patches for Win10 are already out, pre Win10 are still in the works. Spectre probably will likely never get fixed properly. Apple have released iOS patches for supported iPhones/iPads. Android users will have to check with their handset manaufacturers if they are vulnerable - again, non rooted Android devices are naturally more secure, rooted devices need to get their owners on the cull list.
These patches are being hyped to cause performance issues, but most of us will not notice them.
So, for most of us, usual rules apply - ensure you regularly update your PC via Windows Update. In all cases, but especially if pre Win10, be cautious of anything you are running/installing on your machine, and only run absolutely necessary browser plugins.
-
For normal users, it *SHOULD* be a non-issue, as long was you run as a limited user, and only run certified stuff. As far as I can make out, after looking at this (admittedly from a Unix angle), is it looks like you need to be a priviledged user to exploit.
I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.
The issue is that the privileged instructions don't complete in one clock cycle, and don't complete the address validation before they actually read the value from memory - they take many cycles to evaluate the address, then evaluate if that address is in the users privilege level address space, before finally launching into the exception handler if a fault (protection violation) has occurred. In the mean time other parts of the CPU have continued (speculatively) and actually read the value from the privileged address and then updated the CPU's cache. The CPU won't actually return the value to the rogue program, and will do normal protection handling, but the cache has been updated and this has knock on effects. It means that if the same instruction is repeated a second time the CPU can read from the cache (one cycle) and not spend time going to memory (many cycles). Even though the instruction faults again and value isn't returned, the users program can detect a variation in the amount of time it takes for control to be returned. From that you can work out the value that is stored in the protected location.
-
Thanks Kevin and Jaime. LCO112G......you can just eff off ;D ;D ;D
-
This is apparently a quote from the Register’s report on this issue (but I haven't managed to find the original article).
“The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka oppsWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.”
PS the word filter rather blunts the impact of the original (but all the letters are there so you can work it out for yourselves...)
-
This is apparently a quote from the Register’s report on this issue (but I haven't managed to find the original article).
“The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka oppsWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.”
PS the word filter rather blunts the impact of the original (but all the letters are there so you can work it out for yourselves...)
Probably this article but it's been re-written a bit since I read it the other day. ::)
http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ (http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/)
KPTI sounds like back to the old-school way of traversing privilege levels which will presumably disable speculative execution between spaces and cause quite slow context switches instead.
Probably not a huge issue except in servers where your machine is doing mostly I/O. I suspect it will be quite a big performance hit there, though.
I'm relieved I didn't pull the trigger on that big PC upgrade when I was in Novatech pre-christmas buying Mrs. KW's present. ;D
-
I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.
Java (as opposed to javascript). This runs within the security domain of the user executing it. Which should be a limited user if the user has any sense. If you are running a JVM from about the last 4yrs, any attempt to run unsigned code will completely fail or prompt you that you are being a bit lax (if you've lowered its security AND added that specific site to the trusted list in Java Panel)
I'd add further, Java (along with Flash, and any toolbars and search helpers) should absolutely, categorically be disabled (ideally uninstalled) in your browsers unless you absolutely, completely need them. The browsers are now generally hard to exploit, but the plugins are universally weak.
As to other posters comments from The Register, just remember they are, and always will be, anti Intel and anti MS. So, yeah, its a monumental cock-up, not just the Meltdown (Intel and some ARM (misreported by The Register)), but Spectre which impacts AMD as well, meaning all PC users are potentially vulnerable.
-
I'm relieved I didn't pull the trigger on that big PC upgrade when I was in Novatech pre-christmas buying Mrs. KW's present. ;D
Its going to be at least 2 years before a viable hardware fix is in place, as it looks like only bits can be done at the microcode level, and the software fixes are going to hurt servers far more than desktops, where most users won't notice them.
Not sure I'd use it to put off buying new PC hardware, if I needed it. But then all my PC stuff is quite old, and its unlikely old trusty, my beloved laptop, is affected at all ;D
-
??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? ??? Lost after the first paragraph. :-[ :-[ ;D
-
I was lost half way through the first sentence. I really do wish I had some clue to what they are talking about. :-[ ;D
-
I was lost half way through the first sentence. I really do wish I had some clue to what they are talking about. :-[ ;D
I didn,t like to admit that early, but yes. ;D
-
Not sure I'd use it to put off buying new PC hardware, if I needed it. But then all my PC stuff is quite old, and its unlikely old trusty, my beloved laptop, is affected at all ;D
As opposed to "wanted", being the key. ;) I'm in no rush.
Does make me wonder if we're now making CPUs so complex that it's getting impossible to avoid such things, though. :-\
-
Not sure I'd use it to put off buying new PC hardware, if I needed it. But then all my PC stuff is quite old, and its unlikely old trusty, my beloved laptop, is affected at all ;D
As opposed to "wanted", being the key. ;) I'm in no rush.
Does make me wonder if we're now making CPUs so complex that it's getting impossible to avoid such things, though. :-\
Complex single and multi-cycle instructions with their exception handling, cache and main memory read and write speeds, multi-thread, multi-core processors, pre-processing branch prediction and speculative execution to keep the multi-step processor execution queue as full as possible at all times where queue stalls and branch queue dumps are to be avoided as big performance hit costs, along with all the combinations & permutations of these make really horrible logic races inevitable, where you are looking to maximise processor performance. I won't mention hardware interrupts on top of this along with DMA, slow I/O cycles and administration v user rights etc, etc. IMO Meltdown looks the easier to fix. Spectre looks a total bar-steward without potentially big realtime performance penalties. :o :o :o
I guess the CPU designers at Intel, ARM and AMD will all be burning plenty of midnight oil on these and using plenty of supercomputer processor simulation time. ::) ::) ::)
-
As opposed to "wanted", being the key. ;) I'm in no rush.
Yeah, I'm pretty much the same. I think, for general purpose use, if you bought a reasonable quality, reasonably specced PC back in the days of Vista - much like my trusty old laptop (Core2 duo) and my only very recently retired desktop (Core2 quad) - and done basic tuning and upgrades (probably just memory and an SSD), they are still plenty "good enough" for general use today.
I only replaced the desktop (with an old offcast from my Bro's business, where I saved a couple of Dell Vostro i5's from the skip 2 or 3 yrs ago) just before Christmas because a mate asked if I had a spare PC, as his had died, and I remembered I had these 2 sat in the garage, so gave him one, which gave me the reminder/enthusiasm to replace mine.
Apart from the extra RAM (8Gb - the old PC maxed out at 4Gb), I can't say I've noticed the difference, and I only use that extra RAM for CAD type stuff
-
I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.
Java (as opposed to javascript).
Nope, he was right with javascript ;) https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript
Even running as a normal user won't protect you from all the variants - everything needs patching; and by everything, I mean everything.
-
My notebook, suddenly decided to do a BIG update this morning, the type with a blue screen, so you have to wait for the update to finish after it rebooted itself....I wonder if that was patches for the bugs :-\ :-\
-
My notebook, suddenly decided to do a BIG update this morning, the type with a blue screen, so you have to wait for the update to finish after it rebooted itself....I wonder if that was patches for the bugs :-\ :-\
MS currently rolling out Win10 patches, Insiders have been patched for a month.
However, I suspect your big one was 1709, rather than this.
-
I don't think that's correct - at least not under Windows. The exploit has been demonstrated using Java script, so unless by certified stuff you mean no web access it looks impossible to protect against.
Java (as opposed to javascript).
Nope, he was right with javascript ;) https://www.react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript
Even running as a normal user won't protect you from all the variants - everything needs patching; and by everything, I mean everything.
Hmmm, reason I'm slightly suspicious about javascript is every browser vendor uses their own javascript implementation, so the underlying code that's run on the CPU - the machine code in old skool parlance - will be different. This and the fact by its nature its difficult to get it to do anything beyond simple. Maybe a different set of exploits per browser (and maybe even browser version) could work.
On the upside, if it is exploitable by javascript, that is pretty easy to fix* in the browser, due to the isolation techniques already present in them.
*In the scale of things
But there will be other dodgy applications and downloads and so on, so this is going to be patching and patching for a fair time yet, as your rightly say.
I've been concentrating more at servers, Linux in particular, and even from enterprise vendors, hard information is quite scare. I think they were/are geared up for release next week, when the disclosure was planned, but Intel bit on some media baiting.
-
Fact remains, whilst it allows reading of kernel space memory, the read rate is slow, and viability of finding something usefully juicy isn't that great.
Needs fixing, and is serious, but the hype is encroaching beyond that IMHO.