Microsoft Pauses Rollout of Spectre and Meltdown Patches To AMD Systems (betanews.com) 100
Microsoft is suspending patches to guard against Meltdown and Spectre security threats for computers running AMD chipsets after complaints by AMD customers that the software updates froze their machines. From a report: The company is blaming AMD's failure to comply with "the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown." There's no word on when the patches will be fixed, but Microsoft says that it is working with AMD to address the problem.
Maybe they should test on real hardware (Score:5, Insightful)
It seems like MS could have some sort of lab with various configurations of relatively recent hardware where they can test updates they deem ready for production.
Re: (Score:2)
It seems like a company such as MS would benefit greatly from having a unique hardware configuration for each employee.
It might be a PITA for their deployment systems but then again, they're selling those too!
Re: (Score:2)
Speaking to users with multiple configs I'm surprised the insiders did not help catch this either
Re:Maybe they should test on real hardware (Score:5, Funny)
It seems like MS could have some sort of lab with various configurations of relatively recent hardware where they can test updates they deem ready for production.
They did. Today. Their beta testers found a bug and the rollout stopped. Just because their lab is the size of a planet doesn't change the fact that they are testing their high quality software releases.
Re: (Score:2)
I was under the impression KB4056892 was a finalized patch that was officially issued?
Re: (Score:2)
OIC, good one.
Re: (Score:1)
Or at least, the whooshing sound you were standing there making while insisting that something was funny.
Why Meldown? (Score:2, Insightful)
Re: (Score:3)
The only commercially available chips susceptible to Meltdown are Intel chips. Why is a Meltdown patch being pused to AMD systems? They aren't affected.
Incompetence.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
AFAIK, the patch is intended to also partially mitigate Spectre, which does affect AMD processors.
In any case, stop feeding that troll 110010001000.
Re: (Score:2)
Maintaining multiple kernels would confuse and potentially invalidate entire suites of compatibility tests. Picking and choosing which kernel to install at update is a risk, as would be testing other software for security, performance, and bugs with distinct runtime kernels running on distinct hardware. The list of issues grows the more you examine software validation for such a critical component as a kernel.
Re: (Score:2)
That's mostly how I understand it; it's just not practical yet to pick and choose. Better to cover all cases now and figure it out when we have time.
From my understanding, it's not even incompetence that brought this about in the first place. Lack of foresight more than anything else. No one imagined trying an exploit like these until recently. Unless they have, but have been keeping it quiet, much like the Allies kept the cracking of Enigma quiet...
Re: (Score:3)
From my understanding, it's not even incompetence that brought this about in the first place. Lack of foresight more than anything else. No one imagined trying an exploit like these until recently. Unless they have, but have been
keeping it quiet, much like the Allies kept the cracking of Enigma quiet...
People did more than imagine. They wrote research papers on this very topic over a decade ago about the very thing the spectre ghost is holding in its hand.
https://eprint.iacr.org/2006/2... [iacr.org]
Re: (Score:3)
> No one imagined trying an exploit like these until recently.
I'm afraid that this is not true. I'm following an intriguing discussion of similar side-channel attacks on Multics systems on GE hardware in roughly 1970. It's not a new problem. I've been trying to explain repeatedly to some colleagues while reviewing these attacks that doing "speculative compilation" is very appealing at first glance, but the work involved in doing it is not free. Security risks and maintenance of the resources are critical
Re: Why Meldown? (Score:3, Interesting)
On the Linux side, didn't Intel supply much of the Meltdown mitigation, pushing it on all CPUs? And then AMD had to add a patch to exempt their processors?
Wouldn't be surprised if Intel did a lot of the behind-the-scenes work for Microsoft here, and they just sort of accepted it without sufficient testing.
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Oh, wow. Really? Binary equivalent kernel for two different processors? Wow!
Re: (Score:1)
There doesn't have to be, and shouldn't be two different kernels. Intel and AMD both x86 or x86-64 compatible. You get into separate kernels when you are talking different architectures. a separate architecture is the differences between x86, x86-64, and ARM.
And it is why AMD pushed a fix into the Linux kernel to disable this fix on their processors. The exact same Linux kernel runs on both Intel and AMD CPUs. You dont get a different kernel till you try and run Linux on ARM or some other CPU architecture
Re: (Score:2)
It will be a binary equivalent kernel. Different drivers and HALs would get loaded. Actually last time I looked at Windows kernel mode they were moving to a single HAL for all x86 systems.
If you look at the Linux code it's shared between AMD and Intel though it does check whether CPU features are present, so different code paths run.
https://github.com/torvalds/li... [github.com]
Re: (Score:2)
With exception of some optimization why would there be two kernels for a group of binary compatible processors? AMD and Intel are binary compatible unless one goes into some dusty corners and some setup specific things.
Re: (Score:2)
AMD chips are, according to AMD, vulnerable to a bounds check bypass related to speculative execution. In the details, they say "Resolved by software / OS updates to be made available by system vendors and manufacturers."
They do NOT say they are immune to the branch target injection vulnerability either. The say the following which is much less reassuring: "Differences in AMD architecture mean there is a near zero risk of exploitation of this variant."
http://www.amd.com/en/corporat... [amd.com]
Re: (Score:2)
If you bothered to look more into AMD's statements, they have a much lower risk of exploitation because AMD encrypts everything in RAM with practically zero performance overhead. Even if exploited, you get encrypted data, which isn't the case with intel.
Re: (Score:2)
Do you have a source for that? The linked page is all I can find on it.
Re: (Score:2)
Source? AMD's own webpage where they talk about SEV and SME. Of course, this isn't new technology; we've had encrypted RAM for at least 15 years.
Re: (Score:2)
Encrypted ram protects you from physical attacks, i.e. cold boot or freeze the ram, power off, move the ram to another machine, and read the data out.
That wouldn't seem to apply here, as the CPU executing the instructions has the decryption key.
SEV would apply, and would keep a malicious hypervisor from reaching into a guest VMs memory space and digging around. That isn't what this class of vulnerabilities is though, and I don't see anything that indicates that SEV is used to separate kernel-mode and user-
Re:Why Meldown? (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Intel probably submitted the fix to Microsoft, and Microsoft's wonderful QA/QC team tested this (not likely) and got it ready for distribution.
If you think about it, wouldn't Intel want all CPUs to have a significant performance penalty and not just their chips?
Re: (Score:2)
Intel probably submitted the fix to Microsoft, and Microsoft's wonderful QA/QC team tested this (not likely) and got it ready for distribution.
If you think about it, wouldn't Intel want all CPUs to have a significant performance penalty and not just their chips?
It is not Intel's responsibility to not issue patches which break AMD's processors.
Re: (Score:2)
Re: (Score:3)
with linux it's just an boot flag to turn off the (Score:2)
with linux it's just an boot flag to turn off the slowdown
Re: (Score:2)
Yes, I'm not clear why MS can't just check the CPU ID and decide functionality based on that. There must be other oddities of X86/64 architecture between different processor families that require MS to turn features on or off, or even alter the nature of functionality.
Re: (Score:2)
an boot
First time I found a person who pronounces boot with a silent B! lol
pay for by intel the same one who pay to may 1p ep (Score:2)
pay for by intel the same one who pay to may 1p epyc board be MIA. as well killing ryzen pro boards with IPMI.
Re: pay for by intel the same one who pay to may 1 (Score:2)
Re: (Score:1)
Because MS keeps only one current version of Windows for x86, so if computers with AMD processors are to be kept current the patch will need to be applied.
Re: (Score:2)
Re: (Score:1)
Yes, I assume that like Linux Distros, the official kernel is not CPU specific.
I also assume this because I am running an Intel CPU on this computer, and my ntoskernl.exe comes from the folder "amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.850_none_013717dd1a7ed72f", I assume that if they kept different binaries, they wouldn't use AMD branding for the Intel binary, and just call it Intel x86-64 or some such.
Do you have any reason to think otherwise?
Re: (Score:2)
One reason for binary equivalency would be that if I buy a new motherboard or new computer, I should be able to take the hard drive from my old PC and drop it into my new one. Now that's not to say that there might not be driver diffs, but they would presumably be self-contained modules, loadable at boot time.
Re: (Score:2)
Wait, why wasn't this done? They knew about it 6 months ago. Were the engineers too busy? Were they on vacation? Missed their calls from Microsoft?
Comment removed (Score:5, Interesting)
Re: (Score:2)
"a bunch of garbage 945 chipsets with the "Vista Capable" fiasco"
It was even worse than that. It was the entry-level 915 which couldn't paint a postage stamp in alternating black & white stripes to save its life.
Re: (Score:2)
The GMA950 was pretty bad. As well the performance being abysmal (sucking up RAM bandwidth from the already-starved CPU), it would cause kernel panics on and iBook running OSX when an external monitor was connected. They were terrible GPUs.
Re: (Score:2)
Re: (Score:2)
Which is why Microsoft "forced" Intel to use AMD64 (renamed though) instead of their own emergency hack? There are other cases where MS forced Intel to behave.
Re: (Score:2)
Really what it comes down to, is that someone will be inconvenienced. Microsoft chose you, instead of themselves - they don't want to maintain two kernels for the same architecture and double all their QA test plans for basically forever.
So the question you should ask yourself, is why you chose Microsoft.
Re: (Score:3)
So the question you should ask yourself, is why you chose Microsoft.
Because all the games and most of the software I want to run is Windows only. An none of the games have linux counterparts.
Any other questions?
Re: (Score:2)
According to AMD, AMD is vulnerable to one variant of the attack, and possibly vulnerable to a second variant.
http://www.amd.com/en/corporat... [amd.com]
AMD? (Score:5, Interesting)
So, the problem is that AMD failed to comply with the documentation for the Intel bug? Perhaps "failed to comply" is just MS-speak for "failed to implement the bug"...
Re:AMD? (Score:5, Insightful)
No, it's really not clear. Maybe that is the implication that Microsoft wants people to draw, but they don't directly say who provided the documentation in question.
Re: (Score:2)
Re: (Score:1)
other then newest cpu's ...AMD cpus didn't change realy for 4+ years fx4300s-FX95XX not a huge secret to Microsoft ..AM3 motherboards and configs have to be known to them for 4+ years also ..Microsoft screwed up
Re: (Score:2)
if (CPUID == AMD) exit;
I think Anonymous Microsoft Engineer just revealed the bug.
Fuck off Microsoft, you're just trying to kill AMD (Score:1)
Wintel at work.
Collusion investigation of wintel in 3...2.......? (Score:3)
Amazing the company that does it right and is not vulnerable to "Meltdown" in the first place is being actively punished for that fact.