Jump to content

All your Intel are belong to us...

Rick Nightingale
 Share
You are about to reply to a thread that has been inactive for 2324 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Rick Nightingale

Rick Nightingale

Posted
Posted (edited)

I wonder how much impact this will have on SL's servers?

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Briefly, a serious exploit has been found in all Intel x86-64 series CPUs since the Pentium. It's unfixable in microcode and needs an OS fix to work around the vulnerability. Potentially average 30% performance hit, worse on applications which make lots of system calls. Like virtualisation!

I wonder if Intel will even survive this.

Edited by Rick Daylight
  • Thanks 2
Link to comment
Share on other sites
Callum Meriman

Callum Meriman

Posted
Posted (edited)
52 minutes ago, Rick Daylight said:

I wonder how much impact this will have on SL's servers?

 

It's going to have the most impact on systems where there is a lot of IO, databases and the like. The texture CDN might see an effect, but that is scalable so the Lab will just throw more money at the provider, or the provider wear the cost. 

Servers with high network loads /might/ be affected - the exact nature of this is still under embargo, so a lot of conjecture and uncertainty.

Our gaming systems, not really affected, although cache might get tied up, we don't know yet.

It affects the Intel chips, and also ARM64, as used in your phone.

Linux at least, will have a switch that will disable this. This switch was put in to disable the patch for AMD, but can be run on Intel too. Again, early days.

This sidechannel attack is unllikely to be able to be run on a dedicated simulator server as people wouldn't be able to execute arbitary code on it. So, using the switch /may/ not cause an issue (who knows)

Servers on the Cloud - like Sansar - are likely *very* vulnerable. But the nature of the cloud is you just increase the speed you purchase to make up for the lost performance.

 

It's all up in the air, but this will hit Intel's bottom line hard, and as the CEO dumped a whole bunch of shares in November I bet there is an Inside Trading investigation.

Edited by Callum Meriman
  • Like 3
  • Thanks 1
Link to comment
Share on other sites
Rick Nightingale

Rick Nightingale

Posted
  • Author
Posted
8 minutes ago, Callum Meriman said:

It's all up in the air, but this will hit Intel's bottom line hard, and as the CEO dumped a whole bunch of shares in November I bet there is an Inside Trading investigation.

Exactly what I thought too. I wouldn't be surprised to see some very big lawsuits from the big IT players against Intel for this, to offset the additional costs of that additional speed they will need to allocate.

I feel fortunate that I'm no longer in the IT game right now. Too many virtual server farms with my name on them, lol.

Link to comment
Share on other sites
Callum Meriman

Callum Meriman

Posted
Posted (edited)

It's normal for CPUs to have bugs, and normally these can be fixed in microcode patches, like the 1997 F00F bug, or the 2017 Hyperthreading bug.


The last big one was the FDIV bug in 1994, they recalled the affected 10 models. It cost them $475 Million 1994 dollars.

Quote

'Bad companies are destroyed by crises;
good companies survive them;
great companies are improved by them'

- Andy Grove, co-founder of Intel

 

It might be that a major recall is done for this bug too, this time it's 10 years of processors to recall, in 1994 it was just 10 models.

It's certainly time for popcorn as this unfolds over the next week.

Edited by Callum Meriman
Link to comment
Share on other sites
Callum Meriman

Callum Meriman

Posted
Posted (edited)

As the embargo is still on it's not known if those are the CVEs or not. 

Edit, there is also the KALSR blackhat paper from August 2017.

 

Edit 2 : also this patch ikml.iu.edu/hypermail/linux/kernel/1712.3/00675.html

 

Edit 3 : Just noticed this "doesn't affect AMD" patch is accepted into the kernel/git/tip/tip.git tree

Edited by Callum Meriman
correcting embargo, Ansariel lists the CVEs
Link to comment
Share on other sites
Callum Meriman

Callum Meriman

Posted
Posted

It seems the embargo lifted at 17:00ET.

The attacks have been named Meltdown and Spectre. https://meltdownattack.com has papers for each.


Meltdown is mitigated by the previously named as KAISER patchs, now PTI.

 

Quote
Meltdown, a novel software-based side-channel attack exploiting out-of-order execution on modern processors to read arbitrary kernel and physical-memory locations from an unprivileged userspace program. Without requiring any software vulnerability and independent of the operating system, Meltdown enables an adversary to read sensitive data of otherprocesses or virtual machines in the cloud with up to 503 KB/s, affecting millions of devices. We showed that the countermeasure KAISER [8], originally proposed toprotect from side-channel attacks against KASLR, inadvertently impedes Meltdown as well. We stress that KAISER needs to be deployed on every operating system as a short-term workaround, until Meltdown is fixedin hardware, to prevent large-scale exploitation of Meltdown

 

 

 

  • Thanks 1
Link to comment
Share on other sites
Callum Meriman

Callum Meriman

Posted
Posted (edited)

After reading the papers, Meltdown (all your intel belongs) is mitigated by KAISER. As it's mitigated, meh. People using cloud servers can throw more money at the problem, and home users are unlikely to see it.

Spectre is more of a worry. Unlike Meltdown it also affects AMD (Including Ryzen) and ARM in addition to Intel. KAISER doesn't protect against Spectre.

 

Edited by Callum Meriman
  • Thanks 2
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 2324 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...