Intel Replaces its Buggy Fix for Skylake PCs (zdnet.com) 57
Intel has released new microcode to address the stability and reboot issues on systems after installing its initial mitigations for Variant 2 of the Meltdown and Spectre attacks. From a report: The stability issues caused by Intel's microcode updates resulted in Lenovo, HP, and Dell halting their deployment of BIOS updates last month as Intel worked to resolve the problems. Intel initially said unexpected reboots were only seen on Broadwell and Haswell chips, but later admitted newer Skylake architecture chips were also affected. Microsoft also said it had also seen Intel's updates cause data loss or corruption in some cases.
Re: (Score:2)
At least with AMD you don't even need an chipset
What?
Re: (Score:1)
Re: (Score:2)
https://i.imgur.com/HvNWEuM.jp... [imgur.com]
So wait a minute... (Score:5, Funny)
...Intel releases a fix to fix the fix that fixed what it was supposed to fix, but broke more stuff.
Is that right?
Re:So wait a minute... (Score:5, Informative)
Sounds spot on.
Re: (Score:2)
Re: (Score:1)
...Intel releases a fix to fix the fix that fixed what it was supposed to fix, but broke more stuff.
Is that right?
Yes and no. You wording is ambiguous as to which of the fixes "broke more stuff". The previous fix broke more stuff. This latest fix does not (or at least not that we know of yet).
Re: (Score:2)
Yup, that's the gist of it.
Re: So wait a minute... (Score:2)
Re: (Score:2)
Doesn't fix the performance issues though.
Re: (Score:2)
https://xkcd.com/1739/ [xkcd.com]
Heard that one before!
Cure is worse than the disease (Score:5, Interesting)
Re: (Score:2)
Since Meltdown exploits require an enormous number of exceptions to walk all of kernel memory the threshold could be set high to avoid false-positives, maybe a thousand exceptions. After that the OS UI could pop up a warning, giving the user the option to either terminate and/or black-list the app. Or white-list it so that future exceptions would be allowed/ignored.
Re: (Score:2)
So you do 500 tests before you spawn a new process...
Even if this pseudo-fix actually worked, it would only fix Meltdown and not Spectre.
Re: (Score:2)
Which the OS could alert the user to as well. It doesn't have to be confined to the number of exceptions for a single process.
Even if this pseudo-fix actually worked, it would only fix Meltdown and not Spectre.
It's only meant to address Meltdown, and without the performance penalty of moving the kernel out of the user process's address table.
Re:Cure is worse than the disease (Score:4, Interesting)
> is by disabling Intel's TSX functionality
fucking AGAIN? Really????
> (which I believe microcode can do)
Yes, it can definitely disable TSX functionality. Like when TSX launched with Haswell, but it was fucked up, so they disabled it with microcode.
Or when they fixed the Haswell problem and launched it with Broadwell, but it was fucked up, so they disabled with microcode.
Skylake, of course, fixed the Broadewell problem...
But now you're saying that TSX is the issue again? And that it needs to be disabled AGAIN? How many fucking chip generations do we have to go through before transactional fucking memory doesn't get patched out because OOPS it crashes the box or OOPS it gives double-super-ultra-root to enemy spies?
Are you SURE that TSX is the issue? I didn't see anything in the article about TSX being the problem, but I'm not really read up on this.
Re: (Score:3)
TSX is what allows a Meltdown exploit to do its indirect probing of kernel space without generating exceptions the OS can detect. This allows it to execute much faster, and also avoid detection if the OS added the type of logic I suggested in my post.
Re: (Score:2)
It seems to me the best way for Intel to pevent Meltdown exploits is by disabling Intel's TSX functionality (which I believe microcode can do), along with OS logic to terminate processes which generate an excessive number of protection exceptions for the same portion of code. The TSX change will force an exploit to throw exceptions for the indirect-memory access loop that probes for data values, and the OS change will then identify processes incurring these repeated exceptions inside a single block of code and then terminating it.
Since the protection exceptions only happen in the speculated code which is never retired, they are not protection exceptions and the OS knows nothing about them.
Re: (Score:2)
That's incorrect. The exceptions occur, at least in the current working examples of the exploit. The Meltdown paper speculates about a possible technique of avoiding the exception by having the kernel-memory access logic within a conditional block that only gets executed speculatively by a trained branch-prediction path but I haven't seen any s
Thank you Intel (Score:2)
Re: (Score:1)
er no, likely after this many cock ups the "fix" is anything but
Wait a few months, patch, things SHOULD be okay...
Who am I kidding, that is wonderland wishful thinking and I might as well live in reality.
Intel will keep putting out shoddy shit until we all just stop talking about it and think its good enough, however based on this performance they haven't been doing anything very good for many many years.
If there were more competition in the market, we would see crappy shops like intel start to get squeezed
Re:Thank you Intel (Score:4, Funny)
Well, at least your computer is now fixed the same way our dog is.
Re:Thank you Intel (Score:5, Funny)
Well, at least your computer is now fixed the same way our dog is
Speaking of. Have you ever noticed the difference between getting a dog and a cat fixed. A dog will wake up, go to lick its balls, and think "hey something is missing." But once you get them to the park with a ball, all if forgiven.
Cats on the other, hand will sit across from you, staring at you going "where are they?"
I think this fix is going to be something like a cat. It will just haunt you and haunt you....
Re: (Score:2)
Found the cat.
Re: (Score:2, Informative)
TL;DR Browsers are just as vulnerab
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Spectre and Meldown essentially make existing vulnerabilities more dangerous. If you run into a javascript exploit -- any past or future javascript exploit that your web browser hasn't patched -- then this allows the exploit to potentially own your whole system instead of just the browser or just the browser's sandbox for that tab. If your browser has no javascript vulnerabilities then it's not in danger... but of course it's inevitable that there will be more javascript vulnerabilities discovered in the fu
Re: (Score:1)
AFAIU both were exploitable through java-script too. It's all about timing I suppose.
In the case of Chrome though I assume Google may have put in their retpoline solution and hence if you tried even on a non-patched hardware system I assume it will no longer work.
Re: (Score:2)
All major browsers have already been patched to prevent the JS variants.
Tomorrow's News... (Score:1)
Re: (Score:2)
Assuming you didn't uninstall the Intel microcode update package, it should get updated.
a hardware mod would be cool (Score:4, Funny)