Security at Intel headed up by HR?!
All they need to do now is add Marketing drones and Legal wonks to the mix, and they can keep selling insecure chips whilst the 1% in charge keep buying their yachts.
After spending last week insisting that the performance impact of fixing the Meltdown and Spectre CPU vulnerabilities "should not be significant," Intel on Tuesday tried to maintain that stance even as it acknowledged SYSmark tests assessing post-patch slowdowns ranging from two per cent to 14 per cent. Reiterating that …
Having the HR head lead the security charge? You can image how much confidence that inspires in any technical person. I'm guessing my AMD friends will be dancing with joy over that decision.
Seriously, Intel?! How much more screwed up can you make a decision like that? Security in hardware is a niche and very specialized field and you're appointing someone whose job is to parrot the politically correct opinion of the day to leading a highly technical division?! Between the stock sale and this decision, I question Krzanich's sanity.
So Intel's whitewashing of this is basically that it's not them it's the industry, and even if it is them then consumers won't notice because they've been pushing ever-more powerful processors at consumers for years to persuade them to upgrade, to the point where their PCs are vastly over-powered for their needs anyway.
Of course this argument won't wash for commercial use in servers which really do push the processors, so once they've ridden out the consumer backlash/class action suits I guess we can expect some quiet compensation plan for corporates.
You can have Security and Performance by switching to AMD. Meltdown has the huge impact on performance because the Kernel has to be inside a separate virtual machine. Its the saving the user process information to a stack, switching to the separate virtual machine to access the Kernel process the request put the information back on the stack and switching back to the user space.
AMD does not suffer from this issue only Spectre which can be fixed by a code recompile to include defensive measures.
Switch to AMD, the Meltdown performance hit disappears. If you are paying for cloud services, check your contracts to see if your cloud providers are liable for the cost of switching.
I suspect the patches that protect Intel users may inadvertently also throttle AMD users in many scenarios. Certainly if the patches come from Intel themselves, then it is likely they would not consider performance optimisation for non-Intel processors a useful goal.
" because the Kernel has to be inside a separate virtual machine."
Sorry, you didn't understand what "virtual memory" is. It has nothing to do with "virtual machines".
"Virtual memory" exists in Intel CPUs since the 80286 (although paging came only with the 80386). It basically means processes use only "virtual" memory addresses that the CPU translates into physical ones. This indirection simplifies memory and process management.
Calling into the kernel always implied switching stack, and saving the CPU state. The problem here was the kernel address spaces was mapped (through pagination) into *any* user process address space and protected by setting the "supervisor" bit for those pages. This to avoid to reload the "selectors" (indexes into tables with descriptors of address spaces) pointing to the actual address space, which does imply many side effects (full privilege checks, caches flush and reload, etc.) that impact performance. Just, that made probing it feasible with side channel attacks.
"which can be fixed by a code recompile to include defensive measures."
1) You need a new compiler
2) You need the code to recompile
3) You will still suffer performance issues because the recompiled code alters the way calls are made
Stop me if I'm saying something stupid, but it seems to me that it doesn't matter if some CPUs out there don't have that problem - Because the fix which is causing the slowdowns is henceforth integrated in the OSses (Windows, Linux, MacOS, whatever).
Meaning that from now on you'll use a slowed-down OS, no matter what CPU you're using and regardless if it has the flaw or not.
Also meaning that Intel won't ever bother releasing a new, improved Meltdown-free CPU series, because why would they? It would require a special version of the OS (and applications), which obviously won't ever happen.
Meltdown workaround is here to stay, and we'd better start getting used to lower performance and higher energy costs.
Stop! You're saying something stupid.
Sorry couldn't resist :-)
Although the fix is indeed baked into the OS, in Linux at least you can turn it off selectively.
See here - https://access.redhat.com/articles/3311301 for an example
> Although the fix is indeed baked into the OS, in Linux at least you can turn it off selectively.
Well, that sounds like a rather small consolation, quite a few computers don't run Linux. Thanks nevertheless. I'm on Linux, I'll check if this also works on my flavor.
Could those other people who just contented themselves with downvoting me be so kind to explain why they did it? Do they have a valid argument, or are they just annoyed with the situation?
Intel's downplaying of meaningful consequences from Meltdown and Spectre appears to have become unsustainable
In the nature of things like this most people will read the story while it is big in the headlines for a few days and then lose interest. Thus they will believe that this affects all CPU vendors, not just Intel. So the Intel misinformation campaign will have worked. Intel will not get castigated for misleading statements.
Main-stream media will prob continue to mis-report it as they don't have the interest to follow tech sites.
Upfront, open & honest is not what large corporations do, unfortunately.
Since this affects the majority of CPUs Intel has sold in the last 11 years, "8th Generation Core platforms" is an irrelevancy. You're stuck with Meltdown and SPECTRE until Intel finishes its redesign and rolls out a new series of chips. That's likely to take some time, so don't hold your breath while waiting.
Switching to ARM devices may well be the quicker solution.
" until Intel finishes its redesign and rolls out a new series of chips... "
Any chip-design guru out there knw what this would involve? Is it something that can have a small redesign (sort of "hardware patch") that can have them pumping out new (meltdown/spectre-proof) versions of existing chips within a few months? Or is it a fundamental redsign of the chip that would take, I presume, years rather than months?
I'm not a chip designer but even if it's a simple fix, you're still looking at months for the design to be checked and sent out to fabs and integrated into actual hardware.
Here's a good overview of the work that goes into designing a new x86 chip.
One interesting part is that a simulation of a full chip design, together with northbridge etc. runs at about 1Hz (yep, one Hertz, no mega- or giga-hertz here). So running a conventional desktop CPU for one second would take nine years of simulating.
There are a fair number of ways that Intel can fix the Meltdown issues cleanly since AMD already does that. (Yes, let's acknowledge that Intel chose the more risky architecture for speed reasons.) TLB isolation or mirroring, change the order of the execution, etc.
Spectre will be a touch harder to fix. Right now it's almost secure on AMD, while it's a gaping hole on Intel's processors. Again, there are fixes, but what ones will impact performance the least? That's probably a big unknown, even inside Intel.
As a practical estimate, look what it takes Intel to design a new processor. Their ping-pong strategy using 2 design groups should tell you that it takes probably 18 months to make each fairly large change in their processor, and this is likely to be a fairly large change in an area that's notoriously finicky (branch prediction is an art). As a rough estimate, I'd say that pushing either the Spectre or Meltdown fixes through the process is probably at least 6 man months worth of effort (new architecture required with performance optimizations, RTL implementation and checking, new P&R, lab validation, etc).
The timing couldn't be worse for Intel. They typically announce desktop processors in the fall. That means that they're probably in the testing and finalization stages of validating next fall's announcement now. Any attempt to put a fix in there will likely hit fall's announcement hard. You're talking designing a fix, implementing it, 2 months to turn around the design in the fab, and then testing the fix. Maybe it's doable, but there are going to be a lot of sleepless Intel engineers if they hope to keep the schedule. My personal bet is that they'll have to slip the schedule AND rob the engineers blind on overtime.
Can you please explain “[Spectre] right now is almost secure on AMD but a gaping hole on Intel”.
My reading of the Spectre paper is that this is *fundamental* to any speculative execution architecture that doesn’t rollback all chip microarchitecture state. Not only do I think there is zero difference between AMD and Intel and ARM, I can’t see how to fix it.
Perhaps, it is because you think that the cache is only microarchitecture state usable for data exfiltration. It is NOT, and the paper says so explicitly. The cache is only what they chose to use for their simple POC. Neither is Androids timer resolution remotely a defence against this bug class. Even if you stick with cache exfiltration, you don’t need timer information to extract cache state on the receiver side. It’s the easiest but by no means the only way to do it.
The problem is speculative execution, and it is both dire and very, very deep. It is categorically not a “patch this hardware bug” problem.
The only light in the tunnel is that the exploits are difficult and hand-tuned to each problem.
Why on earth would Intel want to release a CPU without Meltdown?
Not only would it render the whole stock worthless overnight, it would also be rather pointless since Microsoft won't be releasing a special version of Windows for the 1% of new fixed CPUs (not to mention AV makers and other software affected by the Meltdown fix). There is a 10+ years backlog of computers out there which won't just go away overnight, which means a "fixed" CPU will remain a tiny minority for many years, a small exception requiring special software.
We're just beginning to see how complicated applying the fix might be, now imagine there are those who should but haven't yet, those who should and have, those who don't need anymore but still have, and those who don't need and haven't anymore!... OS and software makers are sure to lose quite some hair on that.
IMHO it would make much more sense for Intel to somehow accelerate the fix than to fix the Meltdown problem. Speeding up the fix would mean speed improvement without any complicated/risky software changes.
"The timing couldn't be worse for Intel. They typically announce desktop processors in the fall. That means that they're probably in the testing and finalization stages of validating next fall's announcement now"
The flaws and exploits were only made public now, but they were discovered (and presumably disclosed to Intel) in the summer. So maybe their new lineup for next fall could already contain the fixes?
Meltdown is a CPU flaw and Intel should be paying for replacements or compensation for any server whose throughput can't be restored to pre-patch levels.
I know it's naive to expect Intel to do this willingly, but that just makes it more important for us to spread the message.
It shouldn't just be private compensation deals for their biggest customers.
That sounds like more of a problem than Meltdown. A lot of people will be upgrading their hardware to regain lost performance. They will be buying AMD.
Conspiracy Theory; this is a plot to boost AMD. They want AMD to beat Intel, which AMD has been doing in the last year.
They should try the SYSmark benchmarks inside a VM to see what the performance impact is there. That's what matters the most for enterprise customers, who have fewer and fewer bare metal servers these days. Basically only big databases, even fileservers are typically run out of VMs these days.
I thought that selling flawed products was a big No No as the powers that be could and often do make one replace the goods with no flawed products or a cash refund. In Oz we have a statuary body who is awlfully strict on retailers
I might be a bit of a simpleton, especially in terms of the technical aspects, but am I the only one who has a little sympathy with Intel et al? This is a design flaw that absolutely nobody in any organisation had spotted for over a decade yet everybody is now pointing the finger.
As flawed and imperfect a species we are, one of our major flaws in my opinion is that we HAVE to find someone to blame if something isn't totally perfect and without any flaw whatsoever.
Yes, we know these firms make megabucks from what they do, but we keep buying the stuff and creating the demand. Then it goes tits up and we all want compo. What happens if we all sue and they go under? Who replaces them to make the products we need? You see where this is going?
OK so we all take a performance hit, some more than others depending on the equipment owned but as somebody pointed out earlier most people have more power than they will ever need now anyway and probably won't notice any difference - I haven't noticed any difference at all so far on two patched Surface Pro 4 (i5 and i7) and an i7 Dell desktop in our office, all 6th gen. I haven't done the older machines yet but that appears to be an indication that we have more power then we need for most takes anyway. I suspect most people will get used to any difference in performance after a week or two, in fact most people probably won't even notice.
Servers are a different issue of course - is this going to be a double whammy, websites everywhere slowed down and then viewed on computers that themselves are also running slower?
Ultimately though I suspect that the only people who might gain anything from this are the litigation lawyers. We all get computers that are a little safer if a little slower and we move on, until the next big thing hits us anyway.
"... am I the only one who has a little sympathy with Intel et al?"
Possibly. Intel didn't invite sympathy when they blatantly lied in their press release to avoid taking responsibility for Meltdown.
They would be happy for people think their chips fall in some grey area between "perfect" and "flawed" but the documentation is very clear - they must prevent memory access via certain kinds of reference in certain conditions - and there is no grey area to hide in.
If you don't put the responsibility for Meltdown at Intel's door, you are expecting blameless organisations to take losses that they shouldn't have to, and setting a bad precedent for responsibility evasion that could lead to less reliable and less secure systems in the future.
If Intel started acting with integrity over this then I would probably start to feel sympathy for them.