“Kernel Memory Leaking” Intel Processor Design Flaw Forces Linux, Windows Redesign
A pretty serious-sounding security hole has been found in recent Intel CPUs, which will require performance-sapping workarounds in both Linux and Windows to fix <http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/>. The details are not public yet, but AMD, in its announcement that its products are not affected, would seem to have divulged some important clues.
On Wed, Jan 03, 2018 at 09:38:25AM +1300, Lawrence D'Oliveiro wrote:
A pretty serious-sounding security hole has been found in recent Intel CPUs, which will require performance-sapping workarounds in both Linux and Windows to fix <http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/>. The details are not public yet, but AMD, in its announcement that its products are not affected, would seem to have divulged some important clues.
Now announced as Meltdown and Spectre. Meltdown affects Intel only but Spectre potentially affects all superscalar CPUs and has been verified on Intel, AMD and ARM. See https://spectreattack.com/ Cheers Michael.
On Wed, Jan 03, 2018 at 09:38:25AM +1300, Lawrence D'Oliveiro wrote:
A pretty serious-sounding security hole has been found in recent Intel CPUs, which will require performance-sapping workarounds in both Linux and Windows to fix <http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/>. The details are not public yet, but AMD, in its announcement that its products are not affected, would seem to have divulged some important clues.
Now announced as Meltdown and Spectre. Meltdown affects Intel only but Spectre potentially affects all superscalar CPUs and has been verified on Intel, AMD and ARM. See
Some more news bits: - Google Says Almost All CPUs Since 1995 Vulnerable To 'Meltdown' And 'Spectre' Flaws https://tech.slashdot.org/story/18/01/04/0524234 - By Next Week, Intel Expects To Issue Updates To More Than 90% of Processor Products Introduced Within Past Five Years https://it.slashdot.org/story/18/01/04/1839246 - Microsoft Issues Rare Out-of-Band Emergency Windows Update For Processor Security Bugs https://tech.slashdot.org/story/18/01/04/0536204 - Intel Memory Access Design Flaw Partially Addressed by Apple in macOS 10.13.2 [Unconfirmed] https://apple.slashdot.org/story/18/01/04/0540214 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
On Thu, 4 Jan 2018 12:07:21 +1300, Michael Cree wrote:
Now announced as Meltdown and Spectre.
Nice response <http://www.theregister.co.uk/2018/01/05/spectre_flaws_explained/> to this bit of doublespeak from Intel: "These new exploits leverage data about the proper operation of processing techniques common to modern computing platforms, potentially compromising security even though a system is operating exactly as it is designed to," the company said. Thus, we're asked to believe that Intel and its peers are racing to fix products that are in perfect working order and functioning as designed, even as the security researchers who developed these attacks contend hardware will need to be redesigned to cover all bases. The report also mentions that Intel boss Brian Krzanich sold off much of his shares in the company earlier last year, after the company had become aware of the flaw. (Yup, there’s the potential for criminal charges from that...) The story made the TV news on both local channels today (even after TV1’s bulletin was delayed by that fire alarm), as well as Al-Jazeera. Looks like the repercussions may not be over yet...
On 05/01/2018 20:29, Lawrence D'Oliveiro wrote:
Looks like the repercussions may not be over yet... _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
Let me illustrate here one such repercussion: *Computers can lie - same way as humans can* Why? I presume you have read by now that Spectre and Meltdown to succeed rely on speculative execution of commands, a feature introduced into computing to increase overall program execution speed. Speculative execution, in turn, enables side-channel attacks, e.g. a timing attack <https://en.wikipedia.org/wiki/Side-channel_attack>. If you add to this soup what in mathematical logic is known as the Decidability Theorem <https://en.wikipedia.org/wiki/Decidability_%28logic%29>, to quote "Logical systems <https://en.wikipedia.org/wiki/Formal_system> such as propositional logic <https://en.wikipedia.org/wiki/Propositional_calculus> are decidable if membership in their set of logically valid <https://en.wikipedia.org/wiki/Validity> formulas (or theorems) can be effectively determined" you have the facts to construct lies that can be upheld in court (I think so, as I am unable to construct a counter-proof, and I would love to hear what a lawyer has to say). You will find more to the (mathematics) side of what I state here when you google for "decidability theorem". Have a look e.g. at Trakhtenbrot's theorem. The rub is that in order to exclude membership from a set that set has to be finite. If the set is made infinite by allowing recursion, membership can no longer be ascertained, as proven by e.g. Gödel's incompleteness theorems. Now consider this in reverse, and try to construct the set from statements that have been made. That is what a side-channel attack does, re-construct e.g. a password from the time it takes the operating system to dance around the memory location that contains the password. And in the same way a witness can present a lie to court, a journalist to his audience, a politician to her electorate: fail to make a statement that, if made, would have resulted in a different action. Think of George Bush starting the Gulf War, just because his security establishment presumed Saddam Hussein possessed Weapons of Mass Destruction, or, closer to home, think of the Teina Pora case. The defense is always "I didn't (know that, do that, say that)". The human who made the statement did not lie - the lie took effect only because his/her audience interpreted the absence of knowledge as a fact to the contrary, i.e. the audience constructed the set in such a way that it did contain what it actually did not - speculative data processing took place, leading to an interpretation of facts that was decidably false. It became a lie. Such is the link between Mathematical Logic and human behaviour - understand the human mind as a computer capable of speculative processing. Only we call it INITIATIVE, and suppress the ugly word 'speculative'. Wolf
On Sat, Jan 06, 2018 at 11:21:14AM +1300, Lawrence D'Oliveiro wrote:
On Sat, 6 Jan 2018 10:50:55 +1300, Wolf wrote:
The rub is that in order to exclude membership from a set that set has to be finite.
Which is a fallacy.
Indeed, it is. A counterexample would help to see that. The set of integers is an infinite set. We note that there is an ordering operator on the integers, that is, we can establish unambigously whether any integer is bigger or smaller than any other integer, thus we can arrange the members of the infinite set of integers such that all integers listed to the right of a chosen integer in the set are larger than the chosen integer and all integers listed to the left of the chosen integer are smaller than the chosen integer. We can repeat that by choosing every integer in the set in turn, and it establishes a unique list (i.e. sorting) of the integers. Now consider the rational number 3/2. We can see that is is not a member of the set of integers because it is bigger by the ordering operator than the integer 1 thus 3/2 should land to the right of 1 and it is smaller than the integer 2 thus it should land to the left of 2, but the unique sorting of the integers established that there are no elements in the set of integers that land both to the right of 1 and to the left of 2, thus 3/2 cannot be a member of the set of integers. We have therefore excluded membership of 3/2 from the infinite set of integers, and we have been able to do that even though the set of integers is not finite. Cheers Michael.
On 06/01/2018 13:38, Michael Cree wrote:
On Sat, Jan 06, 2018 at 11:21:14AM +1300, Lawrence D'Oliveiro wrote:
On Sat, 6 Jan 2018 10:50:55 +1300, Wolf wrote:
The rub is that in order to exclude membership from a set that set has to be finite. Which is a fallacy. Indeed, it is. A counterexample would help to see that. The set of integers is an infinite set. We note that there is an ordering operator on the integers, that is, we can establish unambigously whether any integer is bigger or smaller than any other integer, thus we can arrange the members of the infinite set of integers such that all integers listed to the right of a chosen integer in the set are larger than the chosen integer and all integers listed to the left of the chosen integer are smaller than the chosen integer. We can repeat that by choosing every integer in the set in turn, and it establishes a unique list (i.e. sorting) of the integers.
Now consider the rational number 3/2. We can see that is is not a member of the set of integers because it is bigger by the ordering operator than the integer 1 thus 3/2 should land to the right of 1 and it is smaller than the integer 2 thus it should land to the left of 2, but the unique sorting of the integers established that there are no elements in the set of integers that land both to the right of 1 and to the left of 2, thus 3/2 cannot be a member of the set of integers.
We have therefore excluded membership of 3/2 from the infinite set of integers, and we have been able to do that even though the set of integers is not finite.
Sorry, Michael, you have not, because of what you have hidden from your argument - data conversion rules if you restrict the argument to smallish numbers only (i.e. what the storage capabilities available to you allows you to work on), and no side-bands if all physical phenomena are included. The problem is that logic has been created at a time (about 800-400 BC, in the Greek speaking world, as a tool to win verbal arguments) not knowing that side-bands do exist. Physics, on the other hand, came about when Nicolaus Copernicus required that logical arguments also meet the realities of the real world (1543, in his book /De revolutionibus orbium coelestium). /The first inkling that side-bands do exist is due to Joseph Fourier, who published in 1822 (in "/Théorie analytique de la chaleur/") the first steps towards what is today known as Fourier Analysis. Since Fourier Analysis interprets a discontinuous function (i.e. a function describing the border of a discrete entity) as a superposition of continuous functions, any of these component functions constitutes a side-channel. Any of these side-channels can, of course, be isolated using an appropriate filter. And that physical entities are all discrete entities we can know, at the latest, when we apply General Relativity (for large entities) or Quantum Physics (for small entities). Now in detail to the fallacy of your argument. It was Joseph Fourier, again, who first disproved it, by showing that the dimension of the right hand side of an equation must be the same as the dimension on the left hand side. To give an example: Is 5 liter equal to 5 meter, or is it not? The answer is, as you know, that the question is undecidable, because you cannot compare apples with pears. Equally, when you compare 3/2 with 2, the comparison is undecidable if your comparison operator works on integers only. But if you expand the operator's capability by converting first the integer 2 into the rational number 2/1, expanding that to 4/2, you can indeed compare 3/2 with 2 and decide that 3/2 is less than 2. You can even expand your "proof" to include real numbers such as sqrt(2), by converting 2 into the real number 2.0, and comparing digit by digit. But you cannot expand your "proof" to a transcendental number like pi. How are you going to distinguish pi from a similar number that differs from pi only in its millionth digit when available storage forces you to abandon comparison after half a million digits? Infinite recursion depth is possible in the fictitious world of mathematics, but not in the real world. Your argument works because you have hidden from yourself some of the conditions that must be met before a comparison operator can be employed. Now reverse the argument, and convert 3/2 into an integer before applying the comparison. If the conversion is done by trunc(3/2), 3/2 becomes equal to 1. If round(3.2) is used, 3/2 becomes equal to 2. The result of the comparison becomes dependent upon the construction of the comparison operator. Or, consider this example: 1+1=2 Is that true? If you restrict yourself to the world of logic, it is. On the other hand, if you consider the numbers as measured quantities, then round(1.4)+round(1.4)=2, but round(1.4+1.4)=3 or, in general 1+1=1..3 if the numbers representing physical quantities are rounded to the nearest integer before/after addition takes place. That is where we differ. You restrict yourself to living in a one-dimensional world that can be divided into smaller and smaller quantities, ad infinitum, which is what logic does and where side bands cannot exist. I have been trained as a scientist and thus accept that all observed (and observable) quantities are of finite accuracy. You hide from yourself that the statement 1+1=2 is false in the real world (the world of Copernicus, which requires of logic that it matches observations in the real world, to the limit of measuring accuracy), by failing to consider the abstractions from reality that went into creating Logic, and the consequences this has when logic is applied to the real world. In other words, you have been lying to yourself. For me, 1 plus 1 is equal to any number between 1 and 3, because rounding, and its consequences, is part of my world. Intel, AMD and others are only now discovering that the reasoning they relied upon cannot be trusted. Since cumulative rounding errors can make any number grow out of bounds in a recursion, my original statement "The rub is that in order to exclude membership from a set that set has to be finite." still stands. Recursion is permissible in some situations, but not in all. The fallacy lies in ascribing trustworthiness to a system of reasoning (logic) that this system does not possess. Mathematicians have learned that, to their sorrow. So why not try to change the question? wolf
On Sun, 7 Jan 2018 14:06:08 +1300, Wolf wrote:
Sorry, Michael, you have not, because of what you have hidden from your argument - data conversion rules if you restrict the argument to smallish numbers only ...
There was no such restriction in his argument. Remember, you were the one who tried to make an argument based on infinite sets, he demonstrated the fallacy in that argument.
On 07/01/2018 14:50, Lawrence D'Oliveiro wrote:
On Sun, 7 Jan 2018 14:06:08 +1300, Wolf wrote:
Sorry, Michael, you have not, because of what you have hidden from your argument - data conversion rules if you restrict the argument to smallish numbers only ... There was no such restriction in his argument. Remember, you were the one who tried to make an argument based on infinite sets, he demonstrated the fallacy in that argument.
My original post contains just one mention each of the words finite" and "infinite". To quote: "The rub is that in order to exclude membership from a set that set has to be finite. If the set is made infinite by allowing recursion, membership can no longer be ascertained, as proven by e.g. Gödel's incompleteness theorems." If you lack the honesty to admit you made a mistake, shut up. If you do, admit to it. wolf
On Thu, 11 Jan 2018 09:53:58 +1300, Wolf wrote:
My original post contains just one mention each of the words finite" and "infinite". To quote:
"The rub is that in order to exclude membership from a set that set has to be finite."
Which is totally and utterly wrong, as Michael has so clearly shown.
If you lack the honesty to admit you made a mistake, shut up. If you do, admit to it.
Live up to your own words?
On Thu, 4 Jan 2018 12:07:21 +1300, Michael Cree wrote:
Now announced as Meltdown and Spectre.
A good overview of the scope of the vulnerabilities, and the various companies’ response to them, here <https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/>. The Meltdown vulnerability isn’t entirely Intel-specific: it also affects some high-end ARM chips. But that’s almost the easy one to deal with, compared to Spectre. Another point that struck me is that Web browser vendors are deliberately degrading the accuracy of the timers available to JavaScript, to try to prevent scripts from hostile websites taking advantage of these vulnerabilities.
On Thu, 4 Jan 2018 12:07:21 +1300, Michael Cree wrote:
Now announced as Meltdown and Spectre.
According to this update <http://www.theregister.co.uk/2018/01/09/meltdown_spectre_slowdown/>, if your Intel CPU has the PCID feature, the most recent Linux kernels can take advantage of this to mitigate somewhat the performance hit from working around the vulnerabilities. How do you tell? Look in /proc/cpuinfo for the “flags” line. This will typically be pretty long, e.g. on my main machine (Core i7): flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm cpuid_fault epb tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts You have to hunt through that lot for the word “pcid”. I find it is also present on my older backup Core i5 machine as well. The full list of flags is defined in the Kernel source here <https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/tree/arch/x86/include/asm/cpufeatures.h?id=refs/tags/v4.14>.
On Thu, 4 Jan 2018 12:07:21 +1300, Michael Cree wrote:
Now announced as Meltdown and Spectre.
Seem Intel is making progress on the problem with its previous microcode update for this issue causing excess reboots on Haswell and Broadwell processors <https://arstechnica.com/gadgets/2018/01/good-newsbad-news-in-quest-to-get-meltdown-and-spectre-patched/>: Intel says that it has reproduced the reboot issues and is working on identifying the root cause. It intends to ship a beta microcode to system builders next week.
participants (4)
-
Lawrence D'Oliveiro -
Michael Cree -
Peter Reutemann -
Wolf