Return to Level1Techs.com

Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

intel
mega_thread
bug

#1019

Skylake+ (Kabylake etc)
All have extra issues apparently

https://lkml.org/lkml/2018/1/22/166


#1020

A false sense of security is worse than no security at all.


#1021

Remember the Core 2 Duo/Quad?
That:


#1022

I struggle with Civ V and linux as it is.


#1023

No, enlighten me?


#1024

Even mainstream media is beginning to smell the blood in the water.

Somehow…the average person has little or no idea about these new threats.


#1025

Bugs. Bugs everywhere.

Intel managed to sweep most of them under the rug. But kernel devs where furious. And most of them where never fixed to this day even.


#1026

Summary of fix by Intel and why Linus is calling it bullshit.

http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html

Big simplification: Proper way to fix an hardware bug like this, is that newer cpu gets protected by default, and they answer they are when queried.

So you can ask the CPU “what’s your status on bug X” and the cpu answers “i’m good, you don’t need to do anything” (newer fixed chips), or “i know about it but was already built, and need microcode update/special behavior to protect myself” (current chips with microcode update), “no answer / I’m not good” (old chips without update).

So new stuff is protected, and you add more protection (and slowdowns, and special stuff) for older chips that don’t know how to deal with it.

What Intel is trying to do here, is to go the other way: the chips, even the new ones, will stay vulnerable by default, and when queried they say “I have a fix but I don’t use it, you can enable it by asking !” and the kernel is supposed to enable it.

It’s terrible for a lot of reasons, like “boot an older os and it’s vulnerable since it doesn’t know to call this”, “additional code to enable this feature has to run for all of eternity for new chips now, instead of having to run for older chips and being phased out over time”, etc …

The reason why Intel does that seems obvious: by default the chip does not lose speed since the fix is not enabled, and so instead of “intel chips lose 30% speed over night because of a flaw” it becomes “intel adds a special security mode that protects you even more for critical applications, at the cost of some speed”. Purely marketing speech and decision at the cost of proper engineering decisions, and they need and try to get OSes like Linux to play along. That’s what he means by “[it] shows intel had no intention of fixing those flaws”.

Additionally there seems to be a second issue in that the quality and behavior of the patches they submitted are trying to hide this deceptively simple but technically terrible behavior by making it look/sound obtuse and complicated.

In other words, intel is using its presence and weight to try and push a shitty solution, but one that is better for them marketing wise. Linus is flabbergasted to be treated like an idiot or a obedient drone that should apply such obvious abusive patches.

Further details from a HN poster that seems reasonable:

He’s complaining about their “fix” being terrible, but isn’t fully against using it the end since as you said, that’s all there is going to be to have the chips work properly. The reason he refuses those current patches and directly call it a lie/deception is because of what my last two paragraphs related; if you read his message (where the link points to) it’s about half way: Intel tries to disguise it by doing it in a convoluted way. Basically they try to avoid making it obvious when looking at the code, because they don’t want a “if (intel_chip) enable_fix_because_default_is_broken_on_intel();” and instead pushes something that looks like the kernel needs to do lots of complex stuff [aka, “it’s complex, and a fix-on-chip is not enough the kernel needs protection anyway !”, and that means a terrible patch with lots of garbage and filler code.

Intel’s intention is clear in that they specifically pushes this in the same patchset as the “tell the chip to be secure”, trying to mush the two things together to make it looks like it’s all the same thing, whereas in reality it should be two patchset: one to enable the security mode, and bad for intel marketing wise. And a second one to add those “fixes” to the kernel, that would be refused because terrible and in part unecessary since retpoline already protects it. What Linus is saying is “sure I need the first change, but since you’re intent on pushing them together I’m refusing them, because the second one is pure garbage, and you mix them together to hide the first”.


#1027

Never a boring read with him :slight_smile:

You seem to have bought into the cool-aid. Please add a healthy dose
of critical thinking. Because this isn’t the kind of cool-aid that
makes for a fun trip with pretty pictures. This is the kind that melts
your brain.


#1028

I keep thinking of the “cripple code”. I think the OS’s should force the performance hitting patch on all intel devices regardless. That is what they are trying dodge from what I gather.


#1029

cool… So just like their financial practices, their security practices are just as shitty?

:frowning:

While that makes sense for Windows and OSX, enabled by default but configurable is the proper way to handle it on Linux because of the whole “freedom to run your system how you choose” thing.


#1030

but then it goes against a even bigger tenant of making a system as secure as possible. Lets just ignore this big hole in fence. Maybe it will block itself up as your cows wander off :slight_smile:


#1031

I guess you missed the part where I said “enabled by default”

ufw has closed port 22 by default. I can open it though.


#1032

Yes…associated it to windows. Threw me.


#1033

I could have worded it differently. I meant, force it on Windows and OSX because those platforms don’t allow configuration or user choice by design, but allow Linux users to turn it off if they want, but it should probably spam dmesg with By using this configuration option, you're being a massively vulnerable FUCKWIT or something of the sort.


#1034

https://www.phoronix.com/scan.php?page=news_item&px=PowerPC-Mem-Protection-Keys

https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=aa8a5e0062ac940f7659394f4817c948dc8c0667

I’m stuck on hunting stuff down for this again…


#1035

What does Apple have to do with Meltdown?


#1036

They designed the CPUs in their phones, in which case Meltdown is a non-issue. Idk about Spectre.

Apple keeps everything closed source as much as they can and their walled gardens as tightly as they can, they are paying the price for that.


#1037

“Somehow…the average person has little or no idea about these new threats.”

Not surprised. Security and especially privacy is not considered important anymore as much as it should be by most. Certainly not enough to tell oh say, Microsoft that “hey, spying on me through your OS is a bad idea” or Google better yet with Android like why does my calculator program need to know where I live? Nobody cares, and there’s your problem.

They use to talk about these things more often and more urgently back in the day that much I can remember. Then again, there were probably a lot of flaws in design back then.


#1038

Some call Linus toxic and hard to deal with.
But it’s borne out of situations like this where I’m glad Linus (and a few other kernel devs) stick to their principles.

Also a friendly hint: :wink:

You can blockquote text like this.

By using the
> Markup