Sign in to follow this  
Reddtoo

Big Intel Bug

Recommended Posts

Since WURM is a CPU intensive application this may be important:

 

Huge Intel CPU Bug Allegedly Causes Kernel Memory Vulnerability With Up To 30% Performance Hit In Windows And Linux 
If the reports are accurate, it appears that Intel might have a pretty severe chip-level security bug on its hands that cannot be simply swatted away with a microcode update. The bug affects all modern Intel processors dating back at least a decade. 
We should note that squashing the bug requires a patch at the OS level; and Linux patches have already been distributed. 

Microsoft is expected to address the bug in its monthly Patch Tuesday update. The circumstances surrounding the exploit are currently under embargo, but some details are starting to make their way to the public spotlight. 

There's one big problem, however. Fixing this vulnerability in software also comes with a big hit on performance. Additional overhead is introduced to maintain a barrier between memory address spaces, which can result in a performance handicap of 30 percent or more. However, recent Intel processors with PCID (Process-Context Identifiers) enabled could have the performance impact lessened somewhat. 

The hardware bug is apparently severe enough to make it ripe for exploitation, with some of the biggest targets being companies that use virtualized environments. 

"Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November," wrote the Python Sweetness blog on Monday. "In the worst case the software fix causes huge slowdowns in typical workloads. 

"There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine." 

In addition, apparently both Microsoft Azure and Amazon Web Services have scheduled maintenance that will take place over the next week, although there is no detailed explanation for the downtime. However, rampant speculation suggests that the maintenance could be to put the software fixes in place for this specific Intel CPU hardware bug. Literally, in some cases, it appears operating systems will need to be overhauled to deal with the issue. 

You may have noticed that we haven't mentioned AMD once in this article up to this point. Well, AMD processors aren't affected by the bug due to security protections that the company has in place. This also means that AMD processors shouldn't be affected by any performance hits. 

Further, AMD"s latest EPYC data center server chips and Ryzen Pro enterprise desktop CPUs have Secure Memory Encryption technology on board, for additional protection against just these sorts of threat vectors. 

Regardless, given that the patches are currently under embargo and that Intel is understandably staying tight-lipped, it may still be a few days before we are made privy to all pertinent details surrounding the bug and how damaging it will be to existing computing platforms. However, all of this is looking very real at this point. The Linux update detailing its patch has been posted here by Linus Torvalds himself. 

Update, 10:02 PM - 1/2/18 - Initial performance results on Linux platforms are beginning to surface now on the web. Early numbers are showing IO-intensive workloads are especially sensitive to the Kernel Page Table Isolation patch. 

Linux performance enthusiast site Phoronix has posted some early benchmark numbers, post-patch. Some results are coming in with a 17 - 18 percent degradation overall. 

Update, 10:56 PM - 1/2/18 - As it turns out, apparently the Linux patch that is being rolled out is for ALL x86 processors including AMD, and the Linux mainline kernel will treat AMD processors as insecure as well. As a result, AMD CPUs will feel a performance hit as well, though the bug only technically affects Intel CPUs and AMD recommends specifically not to enable the patch for Linux. How Microsoft specifically will address the issue with the Windows operating system remains unclear until the company's formal Patch Tuesday update is made known, hopefully soon.

Share this post


Link to post
Share on other sites

Honestly I think it will affect also Wurm, but if WO runs on dedicated servers (as I remember) this is in charge of our Server Admin choose to fix the bug or keep the vulnerability.

 

Of course is true, the fix will cause a drop of performance from 30% to 50% in some cases, all depends on usage of Shared Memory and Mapping.

Share this post


Link to post
Share on other sites

Fun fact: All Wurm Online servers run Intel CPUs too, so we could see some server side problems on Wurm Online. 

Edited by Sklo:D

Share this post


Link to post
Share on other sites
58 minutes ago, Finnn said:

 

That's Intel spinning like a top, Finnn.  The longer-known and less serious Specter issue affects other manufacturers.  Meltdown is Intel-specific.

 

Also, apologies for posting another thread in Server Bugs that was moved here.  I didn't see this one.  (And if it isn't exactly a bug, it certainly does affect servers.)

Share this post


Link to post
Share on other sites

Regarding the AMD vulnerabilities:

____________________________________

 

For its part, even though the Register piece seemed to absolve AMD of any issues, the company this afternoon decided to put out a statement on the matter.

AMD said through a spokesperson:

There is a lot of speculation today regarding a potential security issue related to modern microprocessors and speculative execution. As we typically do when a potential security issue is identified, AMD has been working across our ecosystem to evaluate and respond to the speculative execution attack identified by a security research team to ensure our users are protected.

To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD’s architecture, we believe there is a near zero risk to AMD processors at this time. We expect the security research to be published later today and will provide further updates at that time.

Update: Following Intel's press conference Wednesday evening, in which it discussed in some detail the various security threats to x86 processors, first uncovered by Alphabet's (GOOGL) Google's Project Zero, AMD issued a follow-up statement in email clarifying its position, noting there are some cases where an AMD chip could be affected.

 

 

AMD notes that the Google researchers actually found three different variants of what's being referred to as the "speculative execution vulnerability."

  • In the case of the first, "bounds check bypass," AMD said that it is "resolved by software / OS updates with negligible performance impact."
  • In the case of the second, "branch target injection," AMD said that "differences in AMD architecture mean there is a near zero risk," adding "vulnerability to Variant 2 has not been demonstrated on AMD processors to date."
  • In case three, "rogue data cache load," AMD said "zero AMD vulnerability or risk because of AMD architecture differences."

https://www.barrons.com/articles/amd-says-near-zero-risk-to-its-chips-1515016135

 

____________________________________

 

Other sources:

 

Understanding The Meltdown And Spectre Exploits: Intel, AMD, ARM, And Nvidia - Tom'sHardware

AMD Looks Poised To Gain At Intel's Expense - Forbes

Share this post


Link to post
Share on other sites

This "bug" has existed since 1995, and has never been exploited, as far as anyone knows.

Serious people testing the fix has seen almost no performance issues, and normal pc users won't experience any issues.

As for Wurm servers, I doubt there will be problems as well, as only heavy (as in continous small) I/O operations will affect performance.

 

Also, the worst bug, The Spectre exploit is much more nefarious and impacts Intel, AMD, and ARM.

So the thread title should be changed.

 

AMD is vulnerable to Variant 1, which is a Spectre exploit. As noted above, many contend that Spectre is not likely to see an effective patch any time soon, and some researchers claim the vulnerability exists in every modern processor architecture in existence. They also claim that fixing the issues could require a redesign of fundamental processor architectures

 

Tilde:

The world is not going under, 99% of users won't be affected at all.

 

 

Edited by Wulfgar
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this