Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Intel Security

Another Day, Another Intel CPU Security Hole: Lazy State (zdnet.com) 110

Steven J. Vaughan-Nichols, writing for ZDNet: The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system. Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "it allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

This vulnerability exists because modern CPUs include many registers (internal memory) that represent the state of each running application. Saving and restoring this state when switching from one application to another takes time. As a performance optimization, this may be done "lazily" (i.e., when needed) and that is where the problem hides. This vulnerability exploits "lazy state restore" by allowing an attacker to obtain information about the activity of other applications, including encryption operations.
Further reading: Twitter thread by security researcher Colin Percival, BleepingComputer, and HotHardware.
This discussion has been archived. No new comments can be posted.

Another Day, Another Intel CPU Security Hole: Lazy State

Comments Filter:
  • by jwhyche ( 6192 ) on Thursday June 14, 2018 @11:12AM (#56783846) Homepage

    This just keeps getting better and better. "Hey, I got a ideal! I'm going to switch to intel for this build." I thought to myself. I wasn't even smoking any good weed when I did that, or bad weed. Nope, my dumbassery was my own fault.

    • by Anonymous Coward

      Intel architecture appears to be riddled with this kind of stuff. AMD will be my next machine. Thank flying-spaghetti-monster that Ryzen is decent.

    • Re:Awesome... (Score:5, Interesting)

      by Anonymous Coward on Thursday June 14, 2018 @11:32AM (#56784002)

      This was posted to a blog in 2015:

      As someone who worked in an Intel Validation group for SOCs until mid-2014, I can tell you, yes, you will see more CPU bugs from Intel than you have in the past.

      Why?

      In late in 2013 there were meetings with all the validation groups. Head honcho in charge of Validation says something to the effect of: "We need to move faster. Validation is taking much longer than it does for our competition. We need to do whatever we can to reduce those times... we can't live forever in the shadow of the 90's FDIV bug, we need to move on. Our competition is moving much faster than we are." (I'm paraphrasing. )

      Many of us were aghast that someone highly placed would suggest we needed to cut corners in validation. That wasn't explicitly said, of course, but that was the implicit message.

    • This just keeps getting better and better. "Hey, I got a ideal! I'm going to switch to intel for this build." I thought to myself. I wasn't even smoking any good weed when I did that, or bad weed. Nope, my dumbassery was my own fault.

      I thought AMD and ARM cpus were also susceptible to exploits. Is that wrong?

      • by jwhyche ( 6192 ) on Thursday June 14, 2018 @12:18PM (#56784300) Homepage

        I thought AMD and ARM cpus were also susceptible to exploits. Is that wrong?

        No, you are not wrong. I would go so far as to say that a modern CPU is probably one of the most complex machines on the planet. There are bound to be bugs and exploits in all of them. I'm just suffering from a case of buyers regret I believe.

        • No, you are not wrong. I would go so far as to say that a modern CPU is probably one of the most complex machines on the planet. There are bound to be bugs and exploits in all of them. I'm just suffering from a case of buyers regret I believe.

          I've been looking to build two new machines - one for music production and another for gaming. Do I have to worry about this crap? I was going to start ordering parts when all this started coming out. You think I should just wait?

          • No, you are not wrong. I would go so far as to say that a modern CPU is probably one of the most complex machines on the planet. There are bound to be bugs and exploits in all of them. I'm just suffering from a case of buyers regret I believe.

            I've been looking to build two new machines - one for music production and another for gaming. Do I have to worry about this crap? I was going to start ordering parts when all this started coming out. You think I should just wait?

            My understanding is that Meltdown and Spectre require access to the physical device. I don't know if this is the same for the new exploit. Some parts of the exploits can be mitigated by OS, firmware, and BIOS updates, but it requires a CPU redesign to truly solve the issue. In my mind, any exploit that requires physical access is less of a concern than exploits that can be leveraged through malware. The reason is that once someone has physical access to your system I figure that you're screwed anyway.

            • Comment removed based on user account deletion
            • by Ramze ( 640788 )

              As others have stated, it doesn't technically require a user to choose to run something. A simple web page with javascript can do it without even prompting you.

              Still, Meltdown was the worst because it actually ran code that didn't have the user rights to run. AMD checked permissions before running anything; Intel ran everything and checked AFTER -- leaving data in the cache for other processes to find that it shouldn't have.

              But, the fixes for Meltdown and various Spectre variants should also make it much

          • by jwhyche ( 6192 )

            Do I have to worry about this crap? I was going to start ordering parts when all this started coming out. You think I should just wait?

            Honestly, I think that would depend on your needs, vs how you feel about the current crop of Intel and AMD chips. Despite all my griping about it I'm more than satisfied by the performance of my i7-6700K. Both in gaming and more mundane tasks.

            If you are not comfortable with Intel by all means look at what AMD has to offer, I'm thinking of the R-2700 processor here vs the i7-8700K. The R-2700 is priced competitively with the i7-8700K and yet beats it in virtually every multi-threaded test I've seen t

            • I'm heavy into Second Life

              I respect you for being willing to admit that publicly.

            • by Anonymous Coward

              Once Intel releases a CPU without all these crappy vulnerabilities, BE ASSURED it will be at a premium. They'll call it a feature. "Now without Meltdown / Spectre vulnerabilities, only 5x the cost of the previous generation!"

              If Intel doesn't artificially bump up the price, the demand will surely outpace supply.

      • Re:Awesome... (Score:5, Informative)

        by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday June 14, 2018 @12:33PM (#56784422) Homepage Journal

        I thought AMD and ARM cpus were also susceptible to exploits. Is that wrong?

        You're not wrong, but AMD processors are [so far] susceptible to less exploits related to speculative execution, and the scope of vulnerability is also less than in the case of the Intel processors in the cases where they are vulnerable.

        The bit in the brackets there is the potential rub, but [so far] I'm feeling fairly smug about using AMD processors in my builds for years and years now. I thought being able to upgrade piecemeal for so long due to AMD's user-and-OEM-friendly practice of supporting CPU sockets for long periods was great, and the price difference fantastic, but the apparent fact that they care more about security than Intel might just be the best part.

      • by DrYak ( 748999 ) on Thursday June 14, 2018 @12:35PM (#56784444) Homepage

        I thought AMD and ARM cpus were also susceptible to exploits. Is that wrong?

        Indeed lots of different CPU manufacturer could be producing CPUs susceptible to spectre vulnerabilities.

        But not all CPU are created equal.

        There are some key differences :
          - not all CPUs actually do speculative execution. only a couple of ARM core actually do [arm.com]. The huge remaining amount doesn't and thus can't in any way be subjected to Spectre class vulnerabilities.

        (Even some of Intel's own core, like some older Atom, or like Xeon Phi GPGPUs don't do speculative execution)

        Intel has a different safety vs optimization threshold than most of others:

          - with most other CPU manufacturer, Spectre vulnerabilities boil down to "access memory region to which the process should already have had read access anyway" (see v1 and v4), thus it could be already addressed by safe practice (v1: don't put 3rd-provided JIT code and crucial information in the same process. e.g.: a browser's JIT engine running webpage's scripts and the password manager should not be in the same process) (v4: always clean up your stack before bailing out if it could contain cricital data, or better keep all the critical data in some specific mapped pages), etc.

          - Intel tends to push performance first to the detriment of anything else : some security test coming in too late.

        AMD and most ARM won't speculate past memory protection. If a memory region is blocked from access for the process (generally : kernel memory), AMD will check the memory protection and never attempt to access the restricted region to begin with. Whereas Intel CPUs will speculatively access the restricted region and only do the check much latter, by which point the usual Spectre's cache loading side-channel leakage could have happened.
        (There are few select ARM which are susceptible to Spectre v3a. Basically the same concept, but regarding system-reserved register - this being RISC architecture, with tons of registers)

        AMD and ARM will honor non-maskable interrupt. In today's vulnerability Intel tries to speculatively execute the point past which the system should contect switch the FPU registers (which includes stuff like SSE and AVX registers. i.e.: an attacker could be speculatively peeking into what another process did with these - SIMD operations with SSE/AVX are used in encryption/decryption, so an attacker could occasionnally spot what other process are decrypting/encrypting and whith which keys)

        So you end up with vulnerabilities v3 and today's which are Intel exclusive.

        Also Intel tends to be a tiny bit more aggressive and/or jumping through some shortcut and/or having way deeper pipeline and longer speculations, in order to shave a few cycles off :
        end results :
        v2 (Indirect Branch prediction) is currently successfully exploitable on Intel. Though in theory some AMD CPU could do speculative indirect branching, there are no current usable exploits in the wild.
        v1 actually works on Intel CPU without even activating the JIT - the speculation is so deep that an bytecode interpreter could speculatively access stuff
        v4 works much easier on Intel (deeper pipeline higher chance to manage to read something that wasn't erased from memory yet)
        etc.

        TL;DR: due to technical choices prioritizing performance, Intel CPU tend to be even more vulnerable.

      • by AmiMoJo ( 196126 )

        The problems with AMD parts are much less severe. The fixes don't cripple your performance.

        I'm so glad I got Intel to buy me an AMD.

      • by sjames ( 1099 )

        In part.

        AMD and ARM have some similar flaws but they are harder to exploit and the performance costs of preventing exploitation are smaller.

        Intel has more flaws and they are much more exploitable. Intel have put considerable effort into sewing confusion on that point, doing their best to leave the false impression that all CPUs are equally problematic.

        • Intel has more flaws and they are much more exploitable. Intel have put considerable effort into sewing confusion on that point, doing their best to leave the false impression that all CPUs are equally problematic.

          So, you think I should probably wait before building two new Intel-based systems?

          I've been burned using AMD cpus on music production and gaming platforms before. I'm not prepared to go back to try them again, yet.

          • by sjames ( 1099 )

            I would strongly consider waiting. The performance you see now may drop considerably once all the patches (microcode, OS, and user applications) are in.

            It is probably worth your time to research the latest generation AMD, especially if the software you will be using is multi-threaded. Historically, Intel has had better single thread performance, but AMD has provided more bang for the buck if you use all of the cores. The latest generation looks like it beats Intel single threaded as well, especially once th

            • It is probably worth your time to research the latest generation AMD, especially if the software you will be using is multi-threaded. Historically, Intel has had better single thread performance, but AMD has provided more bang for the buck if you use all of the cores.

              OK. So maybe I'll try one of the fast Ryzen processors for the music production machine and hold off and use Intel for the gaming machine.

              Thanks, sjames.

  • by QuietLagoon ( 813062 ) on Thursday June 14, 2018 @11:15AM (#56783862)
    Yet the linked article says

    ...For some operating systems, the fix is already in. Red Hat Enterprise Linux (RHEL) 7 automatically defaults to (safe) "eager" floating point restore on all recent x86-64 microprocessors (approximately 2012 and later) implementing the "XSAVEOPT" extension. Therefore, most RHEL 7 users won't need to take any corrective action.

    Other operating systems believed to be safe are any Linux version using the 2016's Linux 4.9 or newer kernel. The Linux kernel developers are patching older kernels. Most versions of Windows, including Server 2016 and Windows 10. are believed to be safe. If you're still using Windows Server 2008, however, you will need a patch. The latest editions of OpenBSD and DragonflyBSD are immune, and there's a fix available for FreeBSD. ...

  • Go AMD (Score:5, Interesting)

    by zippo01 ( 688802 ) on Thursday June 14, 2018 @11:17AM (#56783876)
    AMD should be dumping money right now. Making all this as public as possible and pushing its own CPU's Go AMD go!
    • Re:Go AMD (Score:4, Informative)

      by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday June 14, 2018 @12:29PM (#56784398) Homepage Journal

      AMD should be dumping money right now. Making all this as public as possible

      AMD has made their own security-related errors. While they appear to be less numerous (and less serious) than those of Intel, that could be because we simply haven't figured out where they screwed up yet. The fact that we keep getting news of new Intel vulnerabilities and not AMD ones when surely many, many people are scrutinizing products from both companies does suggest that Intel processors have more holes than AMD ones, but it doesn't prove anything.

      Historically, both companies tout their advantages, and feel free to make public statements about ways they feel they have been wronged legally, but they don't trash-talk the competition for making mistakes. This is in fact more common than not in business; you'll see the same thing at work in the auto industry. Their talking heads fairly consistently shy away from kicking other players when they're down.

      AMD is wise to focus on their successes, and to not even mention Intel's failures. CPUs are complicated products, and they are capable of making their own mistakes.

      • by zippo01 ( 688802 )
        Who said it had to be "AMD" doing the bashing? They could also be talking up their own products. I wouldn't worry about my flaws, only point out the other persons larger more visible ones. I will worry about my stuff later.
  • by davidwr ( 791652 ) on Thursday June 14, 2018 @11:18AM (#56783886) Homepage Journal

    For some types of chips and applications, perhaps having real security means not being able to do fancy optimizations that degrade security.

    I wonder how well typical PC operating systems would work if they were re-compiled to not take advantage of optimizations and run on a completely-de-optimized architecture-compatible CPU with buses, memory, chipsets, etc. that were similarly "de-optimized" and had other things in them like less-tightly-packed circuits to prevent certain side-channel attacks (e.g. rowhammer).

    • by Anonymous Coward

      You mean ENIAC?

    • by Anonymous Coward

      Speculation is a big part of performance in modern superscalar architecture... but it comes with an inerrant risk of side-channel attacks which is difficult to completely eliminate the possibility of. If you were to remove it all, we are talking at least one order of magnitude performance reduction... even then you have all the potential side-channel attacks left of things without speculation like simply _having_ caches, and physical attributes of memory like rowhammer. The good news is it's really not nece

    • I wonder how well typical PC operating systems would work {...}

      Well lots of smartphones and nearly all single-board computers (including the Pi) use ARM core that don't do any speculative execution.
      (Only very few high-performance smartphones use ARM with speculative exec and thus potentially spectre-vulnerable)

      They are still not that bad at common browsing tasks.

      • by Misagon ( 1135 )

        Most current "flagship" phones use multicore CPUs in big.LITTLE configuration.
        In most of these the "big" part are cores with speculative execution, which are activated when there is a need for more power. Most exploits in the class that Spectre is in need to first prime the cache and speculator through code in long-running loops (and especially on ARM), which means that they would always be promoted to run on the "big" cores anyway.

        I wrote "most phones" above, because some SoC:s, like Snapdragon 835 and 845

    • "Fixing" these will go on forever, probably, because there are all kinds of side channels enabled by the fact that modern CPUs use many different optimizations. They aren't the simple machines they look like from the software side. Disabling all of those optimizations would have a significant impact on performance.

      Modern processors switch between various modes a million times per second. One way to get the best of both security and performance would be to have a security mode, in which all caches and such a

  • TFA includes a claim that the fix for this hole will actually improve performance. I don't see how that's possible - the problem is caused by a feature that improves performance, and the fix, as I understand it, is simply to not use that feature. Is there something I'm missing?

    • by Anonymous Coward

      No, you aren't missing a thing. Most optimizations that improve performance while not using lazy state saving should improve performance while using lazy state saving.

      Either that or the lazy state saving implementation was seriously borked in the first place.

  • They're listing lazily to the left. Boy, this guy knows some maneuvers.

  • VW plays fast and loose with diesel emissions to gain performance, and is fined billions. Intel plays fast and loose with speculative execution to gain performance, and...nothing.

    While Intel hasn't broken any regulations (AFAIK), they have sold defective goods, likely deliberately. It's time for them to at least reimburse all customers for the damages.

  • No wonder intel is so much faster... they skipped all the fking checks. I've now got $100m of virtualised hardware which can be hacked.

    Nice..

  • TFA says "What a horrible year in security for Intel".

    It was mostly horrible for Intel's customers.

    • It was mostly horrible for Intel's customers.

      Looks like they got what they deserved. They supported Intel through their anticompetitive assaults on AMD, and now they reap what they've sown.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...