• WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required as is 20 years of participation in forums (not all true). Come here to have fun, be ready to be teased and not take online life too seriously. We now measure and review equipment for free! Click here for details.

Intel Kernel Bug

DonH56

Major Contributor
Technical Expert
Forum Donor
Joined
Mar 15, 2016
Messages
4,532
Likes
7,228
Location
Monument, CO
#1
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

This one is big... Allows rogue code full kernel access, potentially giving hackers access to "everything" on your PC (like passwords etc.) It is in the HW and has been since ca. 2007. OS patches are out and/or coming but potentially with big performance hits.
 

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
29,173
Likes
81,006
Location
Seattle Area
#2
Yes I have been reading about it this morning. This is the break of the most sacred governance in history of modern computing and operating systems. That the core operating system (kernel)'s data is always private and no application can read it.

From the information, it seems like a really, really stupid bug. Modern CPUs perform what is called speculative execution. When they get to a branch in the code, the chase both conditions and pre-execute what is there. Then depending on which condition is true, they discard the code from the other branch. Problem here is that there is no check to see if either one of those paths are accessing privileged kernel code. They CPU (which is even more privileged than the operating system) appears to happily fetch that memory location. It is only after it gets to the target instruction that it check to see if the right privilege is there to allow that.

The fix is to have the kernel have its own page table (the thing that allows all of this virtual memory magic to work) which takes away the ability of the user program to see any memory belonging to the kernel. Problem with this is that the table needs to reload on every call to the operating system to perform a function. This can really slow down programs that are NOT compute-bound. Everyday stuff like typing in this browser cause tons of these "system calls" to fetch keyboard data, write them to files, send them on networks, display them, etc. So the impact will be largest on them.

Wonder if new CPUs with this fix are already here and if so, then Intel has known about this problem for a long time. If not, then the problem will continue for a while.

Per article, AMD says this is not a problem in their CPUs so they immediately gain a market advantage.
 
Last edited:

Cosmik

Major Contributor
Joined
Apr 24, 2016
Messages
3,075
Likes
2,033
Location
UK
#3
I'm glad you understand it, Amir!
Everyday stuff like typing in this browser cause tons of these "system calls" to fetch keyboard data, write them to files, send them on networks, display them, etc. So the impact will be largest on them.
Talk is of up to a 30% speed hit. Can we therefore say that this is also a correspondingly large energy consumption increase? Batteries run down quicker, huge server farms consume more power, Pacific islands submerge (if you believe that sort of thing).
 
OP
DonH56

DonH56

Major Contributor
Technical Expert
Forum Donor
Joined
Mar 15, 2016
Messages
4,532
Likes
7,228
Location
Monument, CO
Thread Starter #4
There have been articles about it since 2016, mostly buried or ignored, and a few gov't warnings to their customers about it. The problem affects (afflicts?) every core-based CPU from 2007 on.

AMD is rightly upset that some of the patches (e.g. Windows) are not CPU-specific so they will be impacted even though they don't have the bug. AMD is pushing back, natch. I suspect MS and others will roll out an initial "fire drill" patch now that the problem is (more) public and update later to make it CPU-specific. Intel is still withholding specifics, probably until major patches are released, to protect their customers (and all of us). Now we see if everybody actual installs the patch (don't want another Equifax fiasco!)

The speed hit depends upon the application. Gamers probably not affected, single users maybe for some things but probably not really noticeable. The big hits will be data centers and other enterprise servers. Things like typing take so long relative to CPU cycles that the hit is probably unnoticeable. Loading web pages and downloading files could take much longer.
 
Joined
Mar 17, 2016
Messages
13
Likes
8
Location
Richmond, BC, Canada
#5
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

This one is big... Allows rogue code full kernel access, potentially giving hackers access to "everything" on your PC (like passwords etc.) It is in the HW and has been since ca. 2007. OS patches are out and/or coming but potentially with big performance hits.

"At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers." ...love the acronym!
 

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
29,173
Likes
81,006
Location
Seattle Area
#8

Ronm1

Active Member
Joined
Mar 9, 2016
Messages
115
Likes
15
Location
NH
#9
PC's have always been IMHO a grade school level memory management of an exercise.
 

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
29,173
Likes
81,006
Location
Seattle Area
#10
Full copies of research papers that show this problem is out and agrees with early reports above: https://spectreattack.com/

The speculated execution leaves privileged data that has been read in CPU cache allowing that to be used as a communication channel to then read that information. Everything is documented in those papers so hackers can get going at it at any time. See the FAQ in the above link.

upload_2018-1-3_23-33-21.png


upload_2018-1-3_23-34-40.png


The throughput is about half a megabyte/second. So they can read the entire kernel in a matter of seconds.

On AMD and ARM, this is what they have to say:

upload_2018-1-3_23-38-1.png



AMD came out today and said that these attacks don't work on their processor. The above implies that with effort, it might.

upload_2018-1-3_23-39-11.png


And the group of people behind this effort:

upload_2018-1-3_23-39-53.png


Probably the most hated people inside Intel. :)
 

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
29,173
Likes
81,006
Location
Seattle Area
#15
Executives with lots of shares usually set up regular schedule of trades so that they can't be excused of insider trading. Strange that Intel CEO just set one up recently and post the news of discovery of this flaw:

The filing showed that the sales were part of a 10b5-1 plan, which was created on Oct. 30, just a month before Krzanich sold the shares. The 10b5-1 is a trading plan that company executives set up to sell stocks they own at a pre-determined time so that they are not accused of insider trading.​
 

svart-hvitt

Major Contributor
Joined
Aug 31, 2017
Messages
2,375
Likes
1,183
#16
There have been articles about it since 2016, mostly buried or ignored, and a few gov't warnings to their customers about it. The problem affects (afflicts?) every core-based CPU from 2007 on.

AMD is rightly upset that some of the patches (e.g. Windows) are not CPU-specific so they will be impacted even though they don't have the bug. AMD is pushing back, natch. I suspect MS and others will roll out an initial "fire drill" patch now that the problem is (more) public and update later to make it CPU-specific. Intel is still withholding specifics, probably until major patches are released, to protect their customers (and all of us). Now we see if everybody actual installs the patch (don't want another Equifax fiasco!)

The speed hit depends upon the application. Gamers probably not affected, single users maybe for some things but probably not really noticeable. The big hits will be data centers and other enterprise servers. Things like typing take so long relative to CPU cycles that the hit is probably unnoticeable. Loading web pages and downloading files could take much longer.
Interesting!

Do you have sources to back up your claim that this has been known since 2016?

And if outsiders knew about this in 2016, what about insiders, among whom there are engineers of extremely high competence. Did Intel take a calculated risk which the consumer has to pay for?
 
OP
DonH56

DonH56

Major Contributor
Technical Expert
Forum Donor
Joined
Mar 15, 2016
Messages
4,532
Likes
7,228
Location
Monument, CO
Thread Starter #17
I did a fairly intensive search a couple of days ago and found several sources from around 2016 and earlier. I did not bookmark them (was reading most of it over lunch at work), sorry. I have a vague memory of one site pulling a paper from much earlier, like around 2010, but again didn't keep the reference.
 

Frank Dernie

Major Contributor
Forum Donor
Joined
Mar 24, 2016
Messages
3,906
Likes
8,057
Location
Oxfordshire
#18
I feel slightly less paranoid today!
I disconnect from the internet when not using it and have never put anything important on a phone.
As a slightly early adopter (I was writing engineering software in Fortran in 1970) I am sceptical about anything and everything to do with software.
 

amirm

Founder/Admin
Staff Member
CFO (Chief Fun Officer)
Joined
Feb 13, 2016
Messages
29,173
Likes
81,006
Location
Seattle Area
#19
I woke up to a forced reboot of Windows with no notice whatsoever. I am assuming it was the Microsoft patch for this.

The bug is quite serious in that javascript running in the browser would also provide access to the kernel data. In other words, by just visiting a site you could expose yourself without downloading anything! And with the research papers providing the how-to-guide, this is going to be developed very quickly by the bad guys.

The people most upset about all of this are the OS vendors having to work through Christmas holidays to patch and get this fix out!
 
OP
DonH56

DonH56

Major Contributor
Technical Expert
Forum Donor
Joined
Mar 15, 2016
Messages
4,532
Likes
7,228
Location
Monument, CO
Thread Starter #20
I read but did not fully grasp the Java script issue! That is scary...
 

Similar threads

Top Bottom