Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Intel Security

Intel Replaces its Buggy Fix for Skylake PCs (zdnet.com) 57

Intel has released new microcode to address the stability and reboot issues on systems after installing its initial mitigations for Variant 2 of the Meltdown and Spectre attacks. From a report: The stability issues caused by Intel's microcode updates resulted in Lenovo, HP, and Dell halting their deployment of BIOS updates last month as Intel worked to resolve the problems. Intel initially said unexpected reboots were only seen on Broadwell and Haswell chips, but later admitted newer Skylake architecture chips were also affected. Microsoft also said it had also seen Intel's updates cause data loss or corruption in some cases.

Intel Replaces its Buggy Fix for Skylake PCs

Comments Filter:
  • by Chris Katko ( 2923353 ) on Thursday February 08, 2018 @11:54AM (#56089807)

    ...Intel releases a fix to fix the fix that fixed what it was supposed to fix, but broke more stuff.

    Is that right?

  • by JoeyRox ( 2711699 ) on Thursday February 08, 2018 @11:57AM (#56089815)
    It seems to me the best way for Intel to pevent Meltdown exploits is by disabling Intel's TSX functionality (which I believe microcode can do), along with OS logic to terminate processes which generate an excessive number of protection exceptions for the same portion of code. The TSX change will force an exploit to throw exceptions for the indirect-memory access loop that probes for data values, and the OS change will then identify processes incurring these repeated exceptions inside a single block of code and then terminating it.
    • by amorsen ( 7485 )

      So you do 500 tests before you spawn a new process...

      Even if this pseudo-fix actually worked, it would only fix Meltdown and not Spectre.

      • So you do 500 tests before you spawn a new process...

        Which the OS could alert the user to as well. It doesn't have to be confined to the number of exceptions for a single process.

        Even if this pseudo-fix actually worked, it would only fix Meltdown and not Spectre.

        It's only meant to address Meltdown, and without the performance penalty of moving the kernel out of the user process's address table.
    • by cfalcon ( 779563 ) on Thursday February 08, 2018 @05:02PM (#56091765)

      > is by disabling Intel's TSX functionality

      fucking AGAIN? Really????

      > (which I believe microcode can do)

      Yes, it can definitely disable TSX functionality. Like when TSX launched with Haswell, but it was fucked up, so they disabled it with microcode.
      Or when they fixed the Haswell problem and launched it with Broadwell, but it was fucked up, so they disabled with microcode.
      Skylake, of course, fixed the Broadewell problem...

      But now you're saying that TSX is the issue again? And that it needs to be disabled AGAIN? How many fucking chip generations do we have to go through before transactional fucking memory doesn't get patched out because OOPS it crashes the box or OOPS it gives double-super-ultra-root to enemy spies?

      Are you SURE that TSX is the issue? I didn't see anything in the article about TSX being the problem, but I'm not really read up on this.

      • Are you SURE that TSX is the issue? I didn't see anything in the article about TSX being the problem, but I'm not really read up on this.

        TSX is what allows a Meltdown exploit to do its indirect probing of kernel space without generating exceptions the OS can detect. This allows it to execute much faster, and also avoid detection if the OS added the type of logic I suggested in my post.
    • by Agripa ( 139780 )

      It seems to me the best way for Intel to pevent Meltdown exploits is by disabling Intel's TSX functionality (which I believe microcode can do), along with OS logic to terminate processes which generate an excessive number of protection exceptions for the same portion of code. The TSX change will force an exploit to throw exceptions for the indirect-memory access loop that probes for data values, and the OS change will then identify processes incurring these repeated exceptions inside a single block of code and then terminating it.

      Since the protection exceptions only happen in the speculated code which is never retired, they are not protection exceptions and the OS knows nothing about them.

      • Since the protection exceptions only happen in the speculated code which is never retired, they are not protection exceptions and the OS knows nothing about them.

        That's incorrect. The exceptions occur, at least in the current working examples of the exploit. The Meltdown paper speculates about a possible technique of avoiding the exception by having the kernel-memory access logic within a conditional block that only gets executed speculatively by a trained branch-prediction path but I haven't seen any s
  • I am now fully protected. Right?
    • by Anonymous Coward

      er no, likely after this many cock ups the "fix" is anything but

      Wait a few months, patch, things SHOULD be okay...

      Who am I kidding, that is wonderland wishful thinking and I might as well live in reality.

      Intel will keep putting out shoddy shit until we all just stop talking about it and think its good enough, however based on this performance they haven't been doing anything very good for many many years.

      If there were more competition in the market, we would see crappy shops like intel start to get squeezed

    • by Opportunist ( 166417 ) on Thursday February 08, 2018 @12:24PM (#56090011)

      Well, at least your computer is now fixed the same way our dog is.

  • Intel urges customers not to install its newest fix for Skylake PCs because it too is buggy.
  • by FudRucker ( 866063 ) on Thursday February 08, 2018 @03:50PM (#56091355)
    find out if you can grind down a couple of pins on the CPU and the feature that became a vulnerable bug is just taken permanently out of the picture without ever needing a firmware/software fix

You're using a keyboard! How quaint!

Working...