DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3rd January 2018
shep shep is offline
Rc.conf Instructor
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,129
Default Intel CPU Design Flaw

First seen on FreeBSD forums:
Quote:
'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign
Other OSes will need an update, performance hits loom

http://www.theregister.co.uk/2018/01...u_design_flaw/

Last edited by shep; 3rd January 2018 at 12:43 AM. Reason: Correct title
Reply With Quote
  #2   (View Single Post)  
Old 3rd January 2018
Prevet Prevet is offline
Fdisk Soldier
 
Join Date: Oct 2017
Posts: 68
Default

So what should we do? Not login anywhere important or not use our computers at all?

Last edited by Prevet; 3rd January 2018 at 05:47 AM.
Reply With Quote
  #3   (View Single Post)  
Old 3rd January 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

I hope Intel at least disclosed important details to OpenBSD Developers. Given that Linux patches are published, it is not effective to keep these kind of information hidden.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 3rd January 2018 at 11:36 AM.
Reply With Quote
  #4   (View Single Post)  
Old 3rd January 2018
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 801
Default

Wow, that's huge. Glad I don't have one of those CPUs.
Reply With Quote
  #5   (View Single Post)  
Old 3rd January 2018
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: France
Posts: 304
Default

Bis repetita : https://marc.info/?l=openbsd-misc&m=118296441702631
__________________
The secret of wisdom is not wisdom itself, it's the road that leads us there.
Reply With Quote
  #6   (View Single Post)  
Old 3rd January 2018
cynwulf's Avatar
cynwulf cynwulf is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 229
Default

That's precisely the mailing list thread which sprang to mind when I first read this.

I doubt it matters - consumer crap with planned obsolescence built in, will always sell by the bucketload. If AMD gain the upper hand as a result, they'll simply do the same - and on it goes. AMD are hardly spotless (PSP for example...).
Reply With Quote
  #7   (View Single Post)  
Old 3rd January 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

Quote:
Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
https://security.googleblog.com/2018...-you-need.html
https://meltdownattack.com/
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 3rd January 2018 at 11:10 PM. Reason: Added second link
Reply With Quote
  #8   (View Single Post)  
Old 6th January 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

List: openbsd-tech
Subject: Meltdown, aka "Dear Intel, you suck"
https://marc.info/?l=openbsd-tech&m=151521435721902&w=2
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #9   (View Single Post)  
Old 6th January 2018
gpatrick gpatrick is offline
Package Pilot
 
Join Date: Nov 2009
Posts: 219
Default

SPARC is not affected.
POWER 7/8/9 are affected but for Linux only. I don’t believe AIX is affected.
zSeries is affected but for Linux only. I don’t believe z/OS is affected.

Garbage architectures and garbage operating systems are affected. Go figure.
Reply With Quote
Old 6th January 2018
cynwulf's Avatar
cynwulf cynwulf is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 229
Default

Matt Dillon was talking about this kind of thing back in April.

http://lists.dragonflybsd.org/piperm...il/313292.html

Details of DragonFly's implementation of the mitigation: http://lists.dragonflybsd.org/piperm...ry/313758.html
Reply With Quote
Old 6th January 2018
fvgit's Avatar
fvgit fvgit is offline
Shell Scout
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("SGVyZSBiZSBkcmFnb25zC")'
Posts: 99
Default

Quote:
Originally Posted by gpatrick View Post
SPARC is not affected.
Are you sure about that? From what I've read at least the Fujitsu/HAL ones are. Granted, they may not be that relevant anymore...
Reply With Quote
Old 6th January 2018
gpatrick gpatrick is offline
Package Pilot
 
Join Date: Nov 2009
Posts: 219
Default

I stand corrected about AIX on POWER. IBM announced that AIX and i series patches will be released beginning February 12. But I’ve still not seen anything about z/OS. As far as I can find SPARC is unaffected.
Reply With Quote
Old 7th January 2018
fvgit's Avatar
fvgit fvgit is offline
Shell Scout
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("SGVyZSBiZSBkcmFnb25zC")'
Posts: 99
Default

In my very own mundane view of the world I'm wondering about my soekris box (cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 434 MHz

Probably affected, too, I suppose...

Regarding SPARC I've actually seen conflicting reports. Go figure. But at least some of them have the out-of-order execution feature.
Reply With Quote
Old 7th January 2018
Head_on_a_Stick's Avatar
Head_on_a_Stick Head_on_a_Stick is offline
Real Name: Matthew
Mostly Harmless
 
Join Date: Dec 2015
Location: London
Posts: 91
Default

Quote:
Originally Posted by fvgit View Post
Regarding SPARC I've actually seen conflicting reports. Go figure. But at least some of them have the out-of-order execution feature.
Theo de Raadt & Ted Uangst are talking about that:

https://marc.info/?l=openbsd-misc&m=151528446402030&w=2

They seem to think that SPARC is "safe" (mostly).

RISC-V are claiming immunity:

https://riscv.org/2018/01/more-secure-world-risc-v-isa/
__________________
Linux is for people who hate Windows. BSD is for people who love UNIX.
Reply With Quote
Old 7th January 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

Raspberry Pi are not sure, but they believe that Raspberry Pi hardware is not affected.

Quote:
Here you go:
We do not believe any generation of Raspberry Pi hardware
is susceptible to either the Spectre or Meltdown vulnerabilities.
https://twitter.com/EbenUpton/status/948999181309530116


Quote:
Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown
[..]
The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort.
https://www.raspberrypi.org/blog/why...e-or-meltdown/
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 7th January 2018 at 11:17 AM. Reason: extended second quote
Reply With Quote
Old 7th January 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

Explained in xkcd style:
https://xkcd.com/1938/
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 8th January 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

Handling of CPU bugs disclosure 'incredibly bad': OpenBSD's de Raadt
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 8th January 2018
fvgit's Avatar
fvgit fvgit is offline
Shell Scout
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("SGVyZSBiZSBkcmFnb25zC")'
Posts: 99
Default

Someone posted this link in a comment on undeadly:

https://wiki.ubuntu.com/SecurityTeam...treAndMeltdown

Looks like the Ubuntu-Team was notified on November 9th 2017 of the issue.
Reply With Quote
Old 9th January 2018
e1-531g e1-531g is offline
VPN Cryptographer
 
Join Date: Mar 2014
Posts: 447
Default

https://mobile.twitter.com/qrs/statu...62488348446721
Quote:
Speculative execution considered harmful in 1995: "Prefetching may fetch otherwise inaccesible instructions in Virtual 8086 mode."
https://pdfs.semanticscholar.org/220...aaf7756857.pdf

https://twitter.com/carlitoscapote/s...548224/photo/1
Quote:
"This analysis is being performed under the auspices of the National Security Agency's Trusted Evaluation Program (TPEP)".
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 10th January 2018
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 141
Default

Theo de Raadt said,
Quote:
It is a scandal, and I want repaired processors for free. I don't care if they are 30% slower, as long as they work to spec. Intel has been exceedingly clever to mix Meltdown (speculative loads) with a separate issue (Spectre). This is pulling the wool over the public's eyes.
Linus Torvalds was not happy with Intel either,

Quote:
I think somebody inside of Intel needs to really take a long hard look at their CPU's, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit forever and ever, and never fixing anything"?
The inventor of Linux is furious at Intel
__________________
When you see a good move, look for a better one.
--Lasker

Last edited by comet--berkeley; 10th January 2018 at 07:04 PM. Reason: grammar
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD Porting Workshop January 3, 2018 ibara OpenBSD Packages and Ports 26 8th March 2018 07:43 PM
Russia Wants to Launch Backup DNS System by August 1, 2018 e1-531g News 2 1st December 2017 10:47 AM
Home LAN design help. silex OpenBSD General 0 15th December 2012 09:40 AM
Hardware Intel finds flaw in Sandy Bridge chipset J65nko News 5 2nd February 2011 11:58 AM
HTTP cookies, or how not to design protocols J65nko News 2 31st October 2010 07:39 AM


All times are GMT. The time now is 07:17 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick