Computer Help forum

Tip

Major Flaw in Intel Chips. Fix Will Slow Them Down

http://www.foxnews.com/tech/2018/01/03/intel-chips-have-major-design-flaw-and-fix-means-slower-pcs.html

"Over the next few weeks there's a very good chance your PC or laptop is going to take a significant performance hit. The worst case scenario being it will get 30 percent slower. Worse than that is the fact you can do nothing about it as the slow down is a side effect of fixing a major design flaw in Intel processors.

If your computer uses an Intel processor produced in the last decade, then it probably contains the design flaw. I can't tell you exactly what the flaw is yet because Intel is keeping the details under lock and key until operating system patches have been released. Those patches will have to be made for Linux, Windows, and macOS" (more in article)
Discussion is locked
You are posting a reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Major Flaw in Intel Chips. Fix Will Slow Them Down
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
sure glad I use AMD processors exclusively

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

"If you are running an AMD processor, you're fine. AMD confirmed its processors are not vulnerable.
Linux kernel patches are already available, with Microsoft expected to role out the Windows patch for the next Patch Tuesday happening next week."
Collapse -
Hello Spectre.

In reply to: sure glad I use AMD processors exclusively

We have a message for AMD users too.


Anyhow, Intel, AMD and ARM chips which account for most computers today. Ouch.

Collapse -
AMD

In reply to: Hello Spectre.

"Back on 26 December is when Tom Lendacky of AMD posted a patch to confirm this PTI problem shouldn't affect the company's processors -- at least with what information is currently known. Lendacky wrote, "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."

https://www.phoronix.com/scan.php?page=news_item&px=x86-PTI-EPYC-Linux-4.15-Test
Collapse -
What about without the patch?

In reply to: AMD

I'm sure you know of Linux servers that just run and run but the owners are loathe to patch.

So is the patch needed to block this?

Collapse -
Maybe this answers the question

In reply to: What about without the patch?

the fixes are different between the Intel processors. Some need one fix, others need 2 fixes applied.

https://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/

2 pages there.

" Intel and AMD CPUs, and selected Arm cores, are vulnerable to Spectre Variant 1 attacks. Intel and said Arm cores are vulnerable to Spectre Variant 2. Only Intel CPUs and one Arm core – the yet-to-ship Cortex-A75 – are vulnerable to Meltdown. Oh, and Apple's Arm-compatible CPUs are affected by Meltdown and Spectre, too,

to protect yourself from Spectre Variant 1 attacks, you need to rebuild your applications with countermeasures. These defense mechanisms are not generally available yet. To protect yourself from Spectre Variant 2 attacks, you have to use a kernel with countermeasures, and if you're on a Skylake or newer core, a microcode update, too. That microcode is yet to ship. "


Basically, a crapshoot with various sources putting out "fixes" for kernels, processor microcodes, browser adjustments, and little is definite yet.

Collapse -
more

In reply to: Maybe this answers the question

"The other vulnerability, Spectre, meanwhile, has been demonstrated on Intel Ivy Bridge, Haswell and Skylake processors, AMD Ryzen CPUs, and several ARM-based Samsung and Qualcomm system-on-chips used for mobile phones."
Collapse -
My guess is this;

In reply to: What about without the patch?

More servers will switch to motherboards that run with AMD processors, since they are at risk mostly if someone is running in root or superuser mode, but the Intel chips are at risk of limited user accounts being able to allow access to protected user space. Most Linux users always run in a limited user mode, which means those on AMD currently are safer than those on Intel, until adequate fixes are out and applied. AMD processors it seems have a strong wall between limited user accounts and what runs in root or protected mode, for both windows and linux. The problem for windows is many if not most of their users tend to run in Admin mode all the time.

I hope I'm wrong, but I get the feeling it could become like Adobe Flash, where constant new fixes must be applied as new threats emerge.

Collapse -
AMD vs Intel

In reply to: Hello Spectre.

There's a simple command that can be added "nopti" to GRUB boot line on AMD machines that will keep the processor from being slowed down by a newer "patched" Linux kernel aimed at Intel CPU's.

Other pertinent links in that post. This is going to hit the gamers the hardest.
https://www.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/

"There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).

People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (https://twitter.com/grsecurity/status/947147105684123649) and people with Intel, Amazon and Google emails are CC'd.

According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (https://lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and as severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation"."

Collapse -
what they are, Spectre and Meltdown

In reply to: Hello Spectre.

https://spectreattack.com/

Some in depth links there for anyone interested in getting into the deeper part of this.

Meltdown

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.


Spectre

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.
Collapse -
one more

In reply to: what they are, Spectre and Meltdown

. `

Collapse -
I couldn't resist having fun with their LOGO.

In reply to: Hello Spectre.

Collapse -
Linux to the Rescue. First as always.

In reply to: sure glad I use AMD processors exclusively

https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti

The x86 PTI patches are mainline for this past weekend's release of Linux 4.15-rc6......Newer Intel CPUs with PCID should also help in ensuring less of a performance impact......These x86 PTI patches are being back-ported to all supported Linux kernel series right now.......I ran tests on a Core i7 8700K "Coffee Lake" system as well as an older Core i7 6800K "Broadwell E" system, the newer system on Ubuntu 16.04.3 LTS and the older on Ubuntu 17.10.....More extensive benchmarks are coming up soon.

Collapse -
Re: first as always

In reply to: Linux to the Rescue. First as always.

Microsoft is pushing a (required) Windows update very hard, so I expect it to be active world-wide soon.

For Linux it not only depends on how active and fast the maintenance team of a certain distro is, but - if I understood your recent posts correctly - also on the individual user periodically reviewing all available updates manually and deciding it they have to be done or not one by one. My guess: it takes half a year before half of the Linux desktop users is updated. Late as always.

Post was last edited on January 5, 2018 5:53 AM PST

Collapse -
LOL, every the critic. Also Firefox users must update to 57.

In reply to: Re: first as always

Love it. Yes, but many like me checked for update yesterday. Today I learned since kernel updates are usually not done so often and the fix is there, you probably are correct that many linux users may not do the update in timely fashion. But, it's available, first, if they want it.

Collapse -
That update is aimed at Intel processors

In reply to: Re: first as always

Unfortunately, it's breaking systems running AMD processors, so should be avoided by windows users on AMD. The AMD processors are only susceptible to one variant of Spectre, and not Meltdown at all. I'm not sure if that applies to the AMD Ryzen. Remember, Microsoft and Intel are often referred to as "wintel", so of course Microsoft's efforts are aimed most strongly at the Intel chips vulnerability.

Some talk around forums that the Microsoft patch is deliberately crippling AMD computers, so more will go buy new w10 computers. That makes little sense to me, since many of the new computers would also have AMD chips in them, so sounds like foolish conspiracy stuff.

Collapse -
Another article from our former sister site, ZDNET

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

http://www.zdnet.com/article/security-flaws-affect-every-intel-chip-since-1995-arm-processors-vulnerable/

whistling past the graveyard?

" Microsoft released patches for Windows, outside its usual Patch Tuesday update schedule -- Windows Insiders on the fast-ring already received the patches in November. Apple reportedly patched the flaw in macOS 10.13.2. A spokesperson did not respond to a request for comment. And, patches for Linux systems are also available.

Many cloud services running Intel-powered servers are also affected, prompting Amazon, Microsoft, and Google to patch their cloud services and schedule downtime to prevent would-be attackers from reading other processes on the same shared cloud server.

Microsoft and Amazon have announced scheduled downtime of their cloud services in the coming days.

Google, whose Project Zero team was credited with finding the vulnerability, said in a blog post that, "as we learned of this new class of attack, our security and product development teams mobilized to defend Google's systems and our users' data." "
(more in article)
Collapse -
Here come the class action lawsuits against Intel

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

https://www.theguardian.com/technology/2018/jan/05/intel-class-action-lawsuits-meltdown-spectre-bugs-computer


Samuel Gibbs
Last modified on Fri 5 Jan ‘18 17.00 EST


"Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week.

The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported yet. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995.

Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel’s delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it “can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment”.
Collapse -
WARNING; Microsoft's current patch is breaking systems

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

http://news.softpedia.com/news/windows-10-cumulative-update-kb4056892-meltdown-spectre-fix-fails-to-install-519238.shtml

If you have an AMD processor, avoid the patch!

"Microsoft rolled out Windows 10 cumulative update KB4056892 yesterday as an emergency patch for systems running the Fall Creators Update in an attempt to fix the Meltdown and Spectre bugs affecting Intel, AMD, and ARM processors manufactured in the last two decades.

But as it turns out, instead of fixing the two security vulnerabilities on some computers, the cumulative update actually breaks them down, with several users complaining that their systems were rendered useless after attempting to install KB4056892.

Our readers pointed me to three different Microsoft Community threads (1, 2, 3) where users reported cumulative update KB4056892 issues, and in every case the problem appears to be exactly the same: AMD systems end up with a boot error before trying a rollback and failing with error 0x800f0845."



more in article


Here's a performance benchmark on an i7 Intel processor with the current patch applied. Hit can be 20% on windows 10 and for most general use seems about 9-12% in speed reduction. Nice graphic chart makes it easy.

https://www.reddit.com/r/pcmasterrace/comments/7obokl/performance_impact_of_windows_patch_and_bios/
Collapse -
Notice "Prefetch" which is built into windows

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

It's these "prefetch" in windows I believe that are used by the processors, for them to "prefetch" the most often and most recent data to internal processor memory storage.

https://fedoramagazine.org/kpti-new-kernel-feature-mitigate-meltdown/

"The meltdown exploit demonstrated that having the kernel mapping available in userspace can be risky. Modern processors prefetch data from all mappings to run as fast as possible. What data gets prefetched depends on the CPU implementation. When a running userspace program accesses a kernel mapping, it will take a fault and typically crash the program. The CPU however, may prefetch kernel data without causing any change to the running program. Prefetching is not usually a security risk because there are still permission checks on the addresses so userpace programs cannot access kernel data. What the meltdown researchers discovered was it was possible to measure how long data accesses took on prefetched data to gain information about the system. This is what’s referred to as a side-channel attack. The KPTI patches reworked how page tables are set up so that the kernel is no longer mapped in userspace. This means that userspace cannot prefetch any kernel data and thus the exploit is mitigated."

Collapse -
Bleeping Computer, a MUST read page

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

Goes over EVERYTHING! Great page to get a handle on all this and what it means.

https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/

For those on Linux using Intel CPU, the fix is any new kernel with these patches in it.

CVE-2017-5753, and CVE-2017-5754

For Android there's three of them.

CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754

For Windows, ONLY use on Intel CPU based computers, because AMD computers which get this "update" may see problems caused by it.

"On January 3rd 2018, Microsoft released emergency out-of-band updates for Windows 7 SP1, Windows 8.1, Windows 10, and various Windows Server versions. Though these updates help to mitigate the Spectre and Meltdown speculative execution side-channel vulnerabilities, but to be fully protected you will also need to install the latest firmware & bios updates for your computer."

Regarding a clash between Windows update and some antivirus programs, see this article.
https://support.microsoft.com/en-us/help/4072699/important-january-3-2018-windows-security-updates-and-antivirus-softwa

'Q1: Why are some anti-virus solutions incompatible with the January 3, 2018, security updates?

A1: During testing, we discovered that some third-party applications have been making unsupported calls into Windows kernel memory that cause stop errors (also known as bluescreen errors) to occur.

Microsoft has assembled the following resources to help potentially impacted customers:'
(see article for more)

Remember AMD users, you have very little at this time to worry about, other than taking on fixes aimed at Intel CPU's and having them create a problem for you. So, avoid the fixes being given for Intel CPU's.
For those on Linux, AMD users should be safe when updating to newest kernel with fixes, coming about Jan 9 for Ubuntu based distros.

Collapse -
AMD processor + Linux = Winning Combination

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

Collapse -
SSD's face 40% slowdown due to MeltDown fix for Intel CPU's

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

That could drive many SSD back close to HDD speed values.

https://www.hardocp.com/news/2018/01/07/benchmarks_meltdown_spectre_updates_suggest_big_slow_down_for_ssds

"Sunday January 07, 2018
Benchmarks of Meltdown and Spectre Updates Suggest Big Slow Down for SSDs

TechSpot has published four pages of insight on how the OS and motherboard patches for Meltdown and Spectre could affect your desktop system. While the primary concern for many is CPU performance, the hits to SSDs are also noteworthy: results show up to 40% degradation for processes such as sequential read and write."

Collapse -
From what I've been reading, avoid BIOS updates for now

In reply to: SSD's face 40% slowdown due to MeltDown fix for Intel CPU's

The ASUS Bios update seems to give the most significant slowdown in performance. The Microsoft updates available as of today do not seem to slow computers down that much, and in some odd cases even seem to give a very small boost in speed.

The biggest impast is to SSD speed and even that may be due to BIOS update rather than the windows update.

https://www.techspot.com/article/1556-meltdown-and-spectre-cpu-performance-windows/page3.html

Remember, those most at risk are using Intel CPU's, and AMD CPU's seem only affected by a single variant of Spectre, which the windows update should protect against sufficiently, other than the newer Ryzen AMD processors which may be affected by both Spectre variants known today.

Linux systems have newer kernels, some not available till tomorrow, which uses a KPTI (Kernel Page Table Isolation) fix, and of course continuing development for improvement on it. Also the KPTI will be backported to other LTS (long term service) Linux distro kernel versions.

Collapse -
Slow down

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

Just installed the patch from msft.

Ran a benchmark.

Nothing jumps at me as being different.

I5 750
W7 sp1

Collapse -
what type of benchmark?

In reply to: Slow down

a hard disk benchmark? I don't expect that to change. Benchmarks based on various programs ARE showing slowdowns, some about 3% and some on SSD's high as 40%. There are differing benchmarks, and the ones that are of concern are those that test programs performances.

Collapse -
Benchmark

In reply to: what type of benchmark?

Collapse -
Ubuntu 17.04 will not get a fix. Upgrade instead.

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

Collapse -
Videos of Meltdown in Action on Intel CPU's

In reply to: Major Flaw in Intel Chips. Fix Will Slow Them Down

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

REVIEW

Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.