It is assumed that around 20% of the temporary and economic resources allocated to the creation of a new chip go to the design itself, while the rest, that is, a lot of time and money, goes to simulations, tests and tests carried out to verify that everything works properly. Well, it seems that some manufacturers have not done things quite right with their products, and that is the case of intelAs we will see, it is not the only one affected, but it already has a large number of problems with its chips, from the famous floating point problem, through other failures in its chipsets, to the vulnerability also detected in the Management Engine , and now this ...
All social networks and media have been flooded with news, some somewhat contradictory about this case that is going to give a lot to talk about and that I advise you to make a good bowl of popcorn to watch the soap opera, since this has only just begun. Therefore, so that users, especially those of Linux, do not get lost with so much information and know how to act and what do they adhere to, in addition to know whether or not they are affected, we are going to publish this article in LxA.
Table of Contents
What is Specter and Meltdown?
Probably the Rowhammer problem that we already saw is somewhat insignificant compared to the depth that this other problem is having. You have probably already heard the famous names that are causing panic, and those are Meltdown and Specter. These attacks that can seriously compromise our security take advantage of some features like out-of-order execution and speculative execution that are implemented in all contemporary processors to improve performance. We are going to explain what each one is in parts:
- Meltdown: it is so called because it basically melts the security limits between applications that are imposed by the hardware, although in the MITER information base it is known as CVE-2017-5754. It is the most serious of the problems that have been detected and specifically affects the Intel processors released in the last decade. Because of this vulnerability, an unprivileged process could access an area reserved in memory for the kernel, which is a serious security problem. For example, areas of the RAM memory could be dumped. Patches to address this vulnerability significantly degrade performance.
- Spectre: its name lies in how complicated it is to solve it, therefore as a spectrum it will follow us for quite some time. It appears in a couple of variants (CVE-2017-5753 and CVE-2017-5717), being potentially serious, since it can allow a process to "trick" the kernel into moving information from memory zones that that process controls, that is In other words, it breaks the barrier between applications. In this case, it does affect more microprocessors, but it can be fixed with simple software modifications and the loss of performance is practically nil ...
This is all about Meltdown and Specter explained in a simple way and without using very technical language so that everyone understands. Ultimately what we have seen is that Meltdown and Specter can access data stored in the memory of running programs and this with exploits and malicious code is a threat. Now, how can this affect me? Well, the answer is simple too, since they can allow modify data, filter passwords and confidential data, photos, emails, form data, etc.. Therefore it is a big security problem, probably one of the biggest in recent times.
Linus Torvalds has spoken
Linus Torvalds, the creator of NVIDIA Fuck you! Now it seems that he has given Intel a wake-up call for the huge mistake they have made. And in the discussion threads about the problem that have remained due to the Linux kernel being affected, the first words of the creator have not been made to wait:
Why is all this without configuration options? A competent CPU engineer would fix this by making sure that speculation doesn't pass through protection domains. […] I think INtel needs to take a look at their CPUs, and really admit that they have problems instead of writing a PR buzzword saying everything works as designed. (In reference to Intel's statements). ...and that really means that all those patches to mitigate the problem should be written with a "not all CPUs are garbage" in mind. (In reference to the patch being applied and affecting all x86-64 microprocessors including AMD despite not being affected with consequent loss of performance) Or is Intel basically saying 'we are committed to selling you shit forever and forever, never fixing anything '? […] Because if that's the case, maybe we should start looking more towards the ARM64 people's side (In reference to whether or not Intel is going to solve the problem or continue to sell problem products). Please speak to management. Because I really see exactly two possibilities:
- Intel never claims to fix anything.
- Or these solutions have a way of being disabled.
The declarations refer to the code of the applied patch seriously impairs performance CPU and affect all processors in this family, whether or not they are affected by the vulnerability. That is why AMD has indicated that they work to avoid that their microprocessors also have the loss of performance of the patch since they are not affected.
What processors does it affect?
This is the million dollar question, since not only affects Linux far from it, It is a chip problem and therefore affects both macOS, Windows, Android and even iOS, etc. Therefore it is not something specific, and now we are going to see which chips are affected by this design problem:
Microprocessors affected by Meltdown:
Practically all Intel microprocessors manufactured since 1995 Until now they are affected by this serious problem, since it takes advantage of the execution out of order for its use. That means laptops, desktops, servers, and supercomputers using these processors, and even some mobile devices with Atom chips, etc. The exceptions are the Intel Atoms that use an execution in order (those that came out before 2013, since the most modern Atoms do use OoOE) and also the Intel Itanium that no one will have one at home since they are intended for large machines.
|Intel Core 2||SI|
|Intel Core i3||SI|
|Intel Core i5||SI|
|Intel Core i7||SI|
|Intel Core i9||SI|
|Intel Atom||* Only those released after 2013|
|Intel Itanium||DO NOT|
*LAST MINUTE: ARM Cortex-A75 is also affected by Meltdown. At the moment only this model seems to be affected, but you already know that ARM licenses IP cores for other SoC designers and if they have a Cortex-A75 they will also be affected. But it does seem that the effect is minimal in this case ...
The AMD and ARM-based microprocessors (Qualcomm, Samsung, Apple, Mediatek, etc.) are not affected by this issue. If you have one of these chips you can breathe easy... This has caused Intel shares to be sold and they fall in the stock market in a resounding way at the same time that AMD's have increased. The reason is that AMD does not allow memory references of this type, including speculative references, therefore they are invulnerable to Meltdown.
Specter Affected Microprocessors:
In this case the number of affected devices and chips is expanded, since we also see how tablets, smartphones, desktops, laptops, servers, supercomputers, etc. are affected. In this case, the Intel chips are affected, all those ARM Cortex-A, and AMD's could also be affected.
|NVIDIA GPUs||NOT ***|
|ARM||* Only Cortex-A|
|AMD||** See following table|
* In the case of ARM, it affects a large number of SoCs that implement modified designs or ARM IP cores inside such as those of Qualcomm Snapdragon, Samsung Exynox, Apple A-Series, Mediatek, NVIDIA (I do not mean GPUs, but to ARM-based SoCs), etc.
*** Some media have confused the news, but the GPUs are not affected (see UPDATE (last minute)).
** Now we go to the case of AMD, on the official website of the CPU designer we can see a table that leads us to optimism and leaves us somewhat calmer:
|Variant||Title in Google Project Zero||Details|
|1||Bounds Check Bypass||Fixable with OS updates or patches with little performance impact.|
|2||Branch Target Injection||Differences in AMD microarchitectures make the risk of exploitation close to zero.|
|3||Rogue Data Cache Load||No risk to AMD processors due to their differences in microarchitectures.|
The differences in AMD's design avoid the problems caused by Meltdown, as these CPUs do not speculate user code loads directly into kernel memory. And the AMD ASID also blocks problems for guest VMs and root users on these.
Microprocessors NOT affected by Specter:
This list of microprocessors are free of vulnerabilities like Specter because their instruction channel is more rigorous and is done in order (they are not OoOE microarchitectures) or because they include characteristics that make them immunes. Some may seem very old, but others are quite modern as is the case with SPARC and the AMD Zen. So if you have a CPU that is in the following list you don't have to worry about anything:
- Transmeta Crusoe and Efficeon
- Power PC 603
- Old x86: Pentium I and clones, all old 8-bit and 16-bit chips, IDT WinChip, VIA C3, 386 and clones, 486 and clones
- 6500 and the like
- 68 k
- ARM Cortex-A7 MPCore (Raspberry Pi 2)
- ARM Cortex-A5
- ARM Cortex-A53 MPCore although it has a different execution than the previous ones and with bifurcation, it does not seem to be affected. Those of the Raspberry Pi 3 and some smartphones and tablets such as the Qualcomm Snapdragon 625 are included here ...
- Intel Atom prior to 2013, that is, those based on microarchitectures such as Diamondville, Silverthorne, Pineview, etc.-, since they do not use out-of-order execution.
- VIA C7 uses a basic branch prediction scheme but they are not affected.
- Intel Itanium (IA-64)
- IBM POWER6 has limited branch prediction so it appears to be invulnerable.
- Xeon Phi and GPGPUs
- SPARC T-Series
- AMD Zen: Ryzen and EPyC microprocessors have interesting functions to be able to interrupt or be invulnerable to Specter. That configuration of which I speak is SME / SEV (Secure Memory Encryption & Secure Encrypted Virtualization) that would avoid any memory recovery that could compromise the system and virtualization environments.
What is the solution?
Apply patches or update our system, whatever it is, and with The patches We will have a possible loss of performance that we will clarify what it is in the last point, but at least at the security level we will be somewhat more protected. Say that there are already patches against Meltdown for Linux, and other operating systems. The worst thing is in terms of Android devices, not all of them have OTA updates ...
You can see more information about it in these links:
- Linux Kernel Mailing List
- Red Hat
What is the performance loss?
We met with two possible solutions:
- By software: It involves implementing patches for the macOS, Linux, Windows, iOS and Android operating systems, but these unfortunately not only solve the security problem but will make our system slower due to the way in which they affect that execution out of order, the speculative execution or deleting the TLB of our CPU with quite notable losses of performance. Some spoke of up to 50% less performance in our CPU, other less negative predictions speak of between 5 and 30% of lost performance depending on the type of software we run. Some are trying to calm the alarm and allege that some video games that have been tested have only given a loss of 2% in performance in terms of FPS (only in the case of Linux, in Windows they have not been analyzed), already that in videogames the game rarely asks to jump into the kernel space, but what happens with other programs and with software whose code has many condition-dependent instructions…? Here the performance loss can be considerable. What is true is that some such as Intel and other websites have tried to calm users and say that the performance losses will not be appreciable for most home users and that it is a problem that will affect data centers, servers, and supercomputers… What forecasts do we believe in? The truth is that you have to remain calm and wait to see what happens.
- By hardware: It involves a review of current chips and a redesign of current microarchitectures so that this does not happen, which is time consuming, very expensive, and we cannot expect solutions soon. As for Intel to decide to replace the chips of all its affected customers, I think the clearest answer is: hahaha, wait seated. That would mean multimillion dollar losses for the company and I don't think it will happen.
The performance losses will not be noticed in all uses and all CPU models in the same way, obviously, so there will be models that are more affected than others. And it is a great bitch pay for a last generation chip and see that for one of these patches you cannot exploit its performance to 100%, but it is what there is when some do not do their job well.
Large data centers such as those of Amazon Web Service, Microsoft Azure and also Google Cloud Due to this problem, when using Intel microprocessors in their servers, performance losses are estimated at around 20% in these cases where SQL databases are handled. It is also true that others like Google say that the performance loss is negligible.
UPDATE (Last hour):
As the hours go by we learn new things about this case:
- One of them is the lawsuit against Intel that has not been made wait. Specifically, the chip giant has received three from the United States and possibly more will come. The courts of California, Indiana and Oregon have been the first to act on accusations as failure to reveal the existence of vulnerabilities in time, slow down their processors through updates and fail to protect the safety of users.
- Intel's shares are falling while AMD's are rebounding, and that has also revealed an action that would have gone unnoticed if this had not happened. And is that Intel CEO has sold almost half of his shares in a month just before the security breach was revealed. Brian Krzanich has disposed of his shares and this, although they say from the company that it has nothing to do with the news, could lead one to think that they supposedly already knew about the problem before and that is why they acted accordingly.
- Appear new architectures affected by the problemAlthough these are not so widespread, they are important in servers and supercomputers. We talk about IBM POWER8 (Little Endian and Big Endian), IBM System Z, IBM POWER9 (Little Endian) and we will see if we have to expand the list soon.
- El Linux kernel has been redesigned patched to prevent large data centers, servers, and large systems that depend on it from being severely affected. Specifically, the KPTI (Kernel Page Table Isolation) has been touched, which was previously known as KAISER or colloquially FUCKWIT (Forcefully Unmap Complete Kernel With Interrupt Trampolines), which better isolates the user space from the kernel space in memory by dividing the content in two paging tables separately. Splitting the table is constantly purging the TLB cache with the consequent increase in failures and the need for more clock cycles to search for data and instructions in memory, that is, it decreases performance considerably and depending on the system calls that a program makes, it will affect more or less, but at least avoid Meltdown being blown up. Some proactive defenses such as ASLR have been added and have been implemented in Linux 4.14.11 and other previous LTS versions: 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97.
- Estimates of performance losses more current ones speak of a 5% loss of performance according to what Linus Torvalds has commented, but he also says that in somewhat older CPUs that do not include PCID the impact would be much greater.
- At the moment security researchers they do not believe that these failures have been exploited to carry out attacks, at least important ones.
- Mozilla Firefox: There is not much to do, they have been in charge of updating their versions from 57 by modifying the performance.now () function and disabling the SharedArrayBuffer feature and working on other security measures.
- VPN extensions for Google Chrome: meanwhile you can activate protection mechanisms to isolate websites manually. For this you can access the address chrome: // flags / # enable-site-per-process and we enable the option marked in yellow that says Script Site Isolation. If you have Chrome on Android you can also access this option in chrome :/ / flags but it can lead to conflicts or loss of performance.
- The patches to fix the problems are causing others beyond performance. In Windows, for example, there are problems with some antivirus and they are generated blue screen shots from the conflict. So you need compatible antivirus ...
- Google works on an update which will be published today January 5, 2018 for Android, but it will only reach those phones that support OTA updates, the first will be the Pixel 2 and the rest will depend on the manufacturers of our terminal ...
- Apple It also prepares patches for iOS and macOS but they have not made any statements at the moment ... It seems that in macOS High Sierra 10.13.2 the problem has apparently been solved, but it seems that in version 10.13.3 there will be more news. We will see what they do with iOS for their iPhones and iPads.
- ARM It is also offering patches for its affected processors, and patches are now available for the Linux kernel as well as reminding us to use ARM Trusted Firmware for added security.
- Wine and virtualization software They are the types of software that could have the most performance losses in their execution due to the number of syscalls necessary for their execution.
- Not only computers are affected and mobile devices, also other devices such as connected cars, industrial systems that have SoCs based on the affected chips, home automation, certain IoT products, etc.
- NVIDIA has updated its drivers for their GeGorce, Quadro and NVS models because they could be affected by Specter in their controller, that's why they have rushed to update the drivers. But it does not affect the GPU itself ... it is a simple driver update to avoid exploits in vulnerable systems, as browsers, antivirus, and other software are also being updated. The news of the affected GPUs is false ...
- Expansion of affected architectures, You already know that Meltdown is only Intel's problem (both ARM and AMD have not been affected in the PoCs made satisfactorily), while Specter also affects:
|x86-64||Yes * See the table of Intel and AMD prior to which we also add the VIA microprocessors|
|POWER||POWER8 (Big Endian and Little Endian) and POWER9 (Little Endian)|
|SPARC||* Solaris uses address space separation in the kernel and SPARC is probably not affected ... but what about SPARC under other operating systems? Apparently they are invulnerable in any case.|
|RISC||If * RISC-V has been confirmed by the RISC Foundation as vulnerable|
|ARM||Yes * Not everyone is susceptible because Cortex-M is not vulnerable and neither is Cortex-A8 but other Cortex-A Series are|
|z / System||Si|
- Meanwhile Intel continues to launch models to the market affected without having fixed anything beyond the patches. Would you buy a microprocessor today that you know is affected? Not only are older models still being sold in stock, but also models launched now that have just left the factory like the Coffe Lake ...
- We will continue to expand the information and pending of the last hour, since it is likely that new security countermeasures will emerge and it is also possible that new variants will be released that may continue to generate problems ...
As I say the soap opera has only just begun, and I have a feeling that a lot of this news will be written that has become THE BIGGEST SECURITY FAILURE IN HISTORY:
Do not forget to leave your comments… If you have comments to add, doubts, or whatever.