SoylentNews

Major Hardware Bug Quietly Being Patched in the Open

posted by Fnord666 on Tuesday January 02 2018, @02:29AM   
from the starting-off-the-new-year-right dept.

LoRdTAW writes:

Spotted over on HN:

The mysterious case of the Linux Page Table Isolation patches (archive)

tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.

Turns out 2018 might be more interesting than first thought. So grab some popcorn and keep those systems patched!

---

Original Submission

• Re:Not a major bug -- it's not even a bug. Re:Not a major bug -- it's not even a bug. (Score: 2) by arcz on Tuesday January 02 2018, @08:45AM (10 children)

  by arcz (4501) on Tuesday January 02 2018, @08:45AM (#616664) Journal

  maybe. but whether it is a hardware bug or software bug depends on what the guarantees the hardware provides is. if the hardware provides documented branch prediction, it's a software issue, not a hardware one, that you didn't use a method not vulnerable to side-channel attacks. It's not enough to show the existence of a side-channel attack to show there is a hardware bug, you must show that the hardware was designed to prevent that attack.

  Parent

  Starting Score:	1		point
  Karma-Bonus Modifier		+1
  Total Score:		2

• Re:Not a major bug -- it's not even a bug. Re:Not a major bug -- it's not even a bug. (Score: 3, Insightful) by Dr Spin on Tuesday January 02 2018, @10:01AM (8 children)

  by Dr Spin (5239) on Tuesday January 02 2018, @10:01AM (#616673)

  "Its not a bug, its a feature" is not a defence. If a plane falls out of the sky because it is Thursday, whether or not the manufacturer told you their planes are not reliable on Thursdays, it is not an adequate defence - even if they claim that they tested it in February, and it often works on Thursdays in February.

  If the hardware shows Rowhammer vulnerability: it is faulty, and should be returned to the manufacturer no software work arounds.

  --
  Warning: Opening your mouth may invalidate your brain!

  Parent

  • Re:Not a major bug -- it's not even a bug. Re:Not a major bug -- it's not even a bug. (Score: 2) by Wootery on Tuesday January 02 2018, @11:25AM (5 children)

    by Wootery (2341) on Tuesday January 02 2018, @11:25AM (#616684)

    it is faulty, and should be returned to the manufacturer no software work arounds.

    Way to ignore the way imperfections scale in computer systems.

    An imperfection in the design of a shovel, causes some percentage of your customers to (rightly) ask for a refund when their shovel breaks.

    CPUs are not like shovels. Your position appears to be that unless the CPU is perfect, all customers are entitled to a refund. This is clearly absurd.

    Want a screw that will never rust or fail unexpectedly? You can get those, they're called medical-grade, and they cost vastly more than ordinary screws. Want a monitor with a guarantee of zero dead pixels or stuck pixels? The same thing applies.

    You seem to want to hold consumer CPUs to the medical grade standard, without trading off against performance or cost. That just isn't realistic. If you regulate consumer-grade CPUs the way you regulate medical equipment, you kill the consumer CPU industry overnight. Formally-verified CPUs can indeed be made... at incredible expense.

    Parent

    • Re:Not a major bug -- it's not even a bug. Re:Not a major bug -- it's not even a bug. (Score: 2) by Wootery on Tuesday January 02 2018, @11:28AM (2 children)

      by Wootery (2341) on Tuesday January 02 2018, @11:28AM (#616686)

      Oops, forgive the double reply: my example at the end there doesn't hold, as formal verification doesn't tend to help with side-channel issues like this. Real-world CPU perfection is even harder than that!

      Parent

      • Re:Not a major bug -- it's not even a bug. Re:Not a major bug -- it's not even a bug. (Score: 2) by arcz on Wednesday January 03 2018, @05:11AM (1 child)

        by arcz (4501) on Wednesday January 03 2018, @05:11AM (#617067) Journal

        Side channel attacks are hard as fuck to mitigate. But in most cases, this is a result of using security by obscurity, a bad idea. Certain things (cryptographic keys, passwords, etc.) need to be protected against side channel attacks, but 99% of stuff doesn't. Preventing side-channel attacks other than network side channel attacks is very costly and not a worthwhile pursuit. That being said, it might be useful to prevent side channel attacks that can be exploited via code. Knowing which pages are mapped however, doesn't qualify as a security issue imo.

        Parent

        • Re:Not a major bug -- it's not even a bug. (Score: 1, Informative) by Anonymous Coward on Wednesday January 03 2018, @04:06PM

          by Anonymous Coward on Wednesday January 03 2018, @04:06PM (#617186)

          Preventing side-channel attacks other than network side channel attacks

          This is the specific issue we're discussing...

          Prefetch instructions on Intel CPUs ignore privilege levels and access permissions. Thus, it is possible to prefetch execute-only pages, as well as inaccessible kernel memory. When running the procedure over the whole address space, we now also obtain information on all kernel pages. Note that even a process with root privileges could not obtain this information without loading a kernel module on modern operating systems. [gruss.cc]

          It seems they actually discovered a bug not in the x86 prefetch instructions (which could be fixed with microcode) but in Intel's speculative execution.

          As to side-channel attacks, you should at least read up on anc [vusec.net] if not all 10 of the papers in the guys PHD thesis - "Software-based Microarchitectural Attacks". [gruss.cc]

          Parent

    • Re:Not a major bug -- it's not even a bug. Re:Not a major bug -- it's not even a bug. (Score: 2) by arcz on Wednesday January 03 2018, @05:05AM (1 child)

      by arcz (4501) on Wednesday January 03 2018, @05:05AM (#617066) Journal

      They have this. They call em server CPUs. They're expensive as fuck (10 times or more for the equivalent speed usually).

      Parent

      • Re:Not a major bug -- it's not even a bug. (Score: 2) by Wootery on Wednesday January 03 2018, @10:23AM

        by Wootery (2341) on Wednesday January 03 2018, @10:23AM (#617118)

        That pricepoint still doesn't justify an expectation of flawless perfection, and they aren't being sold as critical-systems CPUs.

        If you want a CPU appropriate for critical systems, there's a market for them. Most CPUs don't qualify, as they make different tradeoffs.

        Parent

  • Re:Not a major bug -- it's not even a bug. Re:Not a major bug -- it's not even a bug. (Score: 2) by maxwell demon on Tuesday January 02 2018, @10:20PM (1 child)

    by maxwell demon (1608) on Tuesday January 02 2018, @10:20PM (#616926) Journal

    OK, Company A produces wooden pedestrian bridges, advertised and sold as pedestrian bridges. Company B builds railroads and uses one of Company A's wooden pedestrian bridges as railroad bridge. The moment the first train drives over that bridge, it crashes down. Is it now Company A's fault that the bridge didn't withstand the weight of the train?

    --
    The Tao of math: The numbers you can count are not the real numbers.

    Parent

    • Re:Not a major bug -- it's not even a bug. (Score: 0) by Anonymous Coward on Wednesday January 03 2018, @05:02PM

      by Anonymous Coward on Wednesday January 03 2018, @05:02PM (#617214)

      No, it's Obama's fault.

      Parent

• Re:Not a major bug -- it's not even a bug. (Score: 1, Informative) by Anonymous Coward on Tuesday January 02 2018, @10:06AM

  by Anonymous Coward on Tuesday January 02 2018, @10:06AM (#616675)

  to show there is a hardware bug, you must show that the hardware was designed to prevent that attack.

  Pedantic. A design error [securityfocus.com] is commonly called a bug, for these KAISER patches to exclude AMD [lkml.org] must mean there's something much more serious here...

  The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

  Parent