More Intel bad news

poissonpoisson OG
edited February 2020 in Technical

ABSTRACT
In this paper, we analyze the hardware-based Meltdown mitigations in recent Intel microarchitectures, revealing that illegally accessed data is only zeroed out. Hence, while non-present loads stall the CPU, illegal loads are still executed. We present EchoLoad, a novel technique to distinguish load stalls from transiently executed loads. EchoLoad allows detecting physically-backed addresses from unprivileged applications, breaking KASLR in 40 µs on the newest Meltdown- and MDS-resistant Cascade Lake microarchitecture. As EchoLoad only relies on memory loads, it runs in highly-restricted environments, e.g., SGX or JavaScript, making it the first JavaScriptbased KASLR break. Based on EchoLoad, we demonstrate the first proof-of-concept Meltdown attack from JavaScript on systems that are still broadly not patched against Meltdown, i.e., 32-bit x86 OSs.

We propose FLARE, a generic mitigation against known microarchitectural KASLR breaks with negligible overhead. By mapping unused kernel addresses to a reserved page and mirroring neighboring permission bits, we make used and unused kernel memory indistinguishable, i.e., a uniform behavior across the entire kernel address space, mitigating the root cause behind microarchitectural KASLR breaks. With incomplete hardware mitigations, we propose to deploy FLARE even on recent CPUs.

Source: http://cc0x1f.net/publications/kaslr.pdf

tl;dr Intel's hardware Meltdown mitigations don't work. Here's an even worse vulnerability we found in discovering that.

Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

Comments

  • This becoming a drinking game at this point. Pretty sure some DC techs are already doing this......

  • It truly is becoming an arms race. I wonder if/when AMD will be hit with these sorts of exploits.

    Cheap dedis are my drug, and I'm too far gone to turn back.

  • lentrolentro Hosting Provider

    Wonder how Intel will defend xeon market share. AMD doesn't seem to have any of these, and entire DCs will only have AMD processors soon.

    Just my take. Thoughts?

  • @CamoYoshi said:
    It truly is becoming an arms race. I wonder if/when AMD will be hit with these sorts of exploits.

    I wonder about it too. However, I do think that the cascade of issues at Intel points to a much more deep-seated issue of sloppy engineering for pursuit of profit. It reminds me of the Boeing Max engineering mindset too.

    Vulnerabilities are always going to exist, but you shouldn't see stuff on this scale if you have a more engineering-focused instead of a profit-focused culture. AMD isn't completely secure, but the rate of vulnerability discovery is pretty low, and given the extent to which researchers are having a field day with Intel, I wouldn't imagine it is too difficult to pick on AMD as well. I doubt that researchers only focus on Intel and give AMD a free pass. It seems like a more likely explanation that AMD wasn't under that much pressure to make bucketloads of money and gave more attention to engineering.

    That, however, could change if AMD lets its formula for success get to its head.

    Thanked by (2)CamoYoshi saibal

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • @lentro said:
    Wonder how Intel will defend xeon market share. AMD doesn't seem to have any of these, and entire DCs will only have AMD processors soon.

    Just my take. Thoughts?

    Intel cannot defend at all. The issues they have can only be resolved by a complete architecture redesign. Anything new they produce that is built upon existing architecture seems doomed to fail; they patch and the patch is undone after a while. The latest paper I posted is the clearest indicator that Intel's existing architecture is inherently flawed, but they don't have an alternative.

    I remember the days when AMD was the underdog, but as far as I remember, they sucked mainly because of poor performance/power ratio, but I didn't remember anything about security issues. I mean if you mostly have sucky performance and a large power draw, well, it is still tolerable if the price is right. I am not sure about whether people would even want to pay for a dirt cheap Intel with all these security issues (which also has a performance penalty when the half-baked mitigation measures are applied).

    Thanked by (1)bikegremlin

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • ClouviderClouvider Hosting ProviderOG

    @lentro said:
    Wonder how Intel will defend xeon market share. AMD doesn't seem to have any of these, and entire DCs will only have AMD processors soon.

    Just my take. Thoughts?

    They will so long as AMD will ignore the market for smaller CPUs - E3/E equivalent, but once they release for that segment - all bets are off.

    Thanked by (1)Harambe
  • bikegremlinbikegremlin ModeratorOGContent Writer

    @poisson your contribution to the community is recognized and appreciated. :)

    As far as Intel goes: never underestimate the power of marketing and contracts. Though, if both Intel and AMD continue in the way they have been for the past few years, the tables might just turn.

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • @Clouvider said:

    They will so long as AMD will ignore the market for smaller CPUs - E3/E equivalent, but once they release for that segment - all bets are off.

    Ryzen-style DC SKUs with support of the big board manufacturers = unstoppable.

    Thanked by (1)Clouvider

    🦍🍌

  • @Clouvider said:

    @lentro said:
    Wonder how Intel will defend xeon market share. AMD doesn't seem to have any of these, and entire DCs will only have AMD processors soon.

    Just my take. Thoughts?

    They will so long as AMD will ignore the market for smaller CPUs - E3/E equivalent, but once they release for that segment - all bets are off.

    Either this or the big manufacturers should start making Ryzen/Threadripper boards and servers.

  • InceptionHostingInceptionHosting Hosting ProviderOG

    I am so annoyed I am lost for words.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @bikegremlin said:
    @poisson your contribution to the community is recognized and appreciated. :)

    As far as Intel goes: never underestimate the power of marketing and contracts. Though, if both Intel and AMD continue in the way they have been for the past few years, the tables might just turn.

    Contracts (and preferential pricing if I am reading you right) probably won't help much if the end-users are going "no Intel because we don't want to be hacked".

    Thanked by (1)bikegremlin

    Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow

  • InceptionHostingInceptionHosting Hosting ProviderOG

    It needs someone like SM to make a stand which given that that have not done so up to this point suggests that they never will until it actually hurts their bottom line.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • ClouviderClouvider Hosting ProviderOG

    @Harambe said:

    @Clouvider said:

    They will so long as AMD will ignore the market for smaller CPUs - E3/E equivalent, but once they release for that segment - all bets are off.

    Ryzen-style DC SKUs with support of the big board manufacturers = unstoppable.

    I can’t wait. Fingers crossed it happens, and soon.

  • ClouviderClouvider Hosting ProviderOG

    @AnthonySmith said:
    It needs someone like SM to make a stand which given that that have not done so up to this point suggests that they never will until it actually hurts their bottom line.

    I spent the morning looking for a suitable cooling solution for 1U 105W AM4 socket. I failed badly. I suppose that is the problem and fix requires them to likely make a CPU that has lower TDP, yet keeps the same benefits in the core count and clock, so presumably not quite easy, and hence they focused on the bigger market where they compete with Xeon Scalable Bronze+ / E5s and where there is more money.

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @Clouvider said:

    @AnthonySmith said:
    It needs someone like SM to make a stand which given that that have not done so up to this point suggests that they never will until it actually hurts their bottom line.

    I spent the morning looking for a suitable cooling solution for 1U 105W AM4 socket. I failed badly. I suppose that is the problem and fix requires them to likely make a CPU that has lower TDP, yet keeps the same benefits in the core count and clock, so presumably not quite easy, and hence they focused on the bigger market where they compete with Xeon Scalable Bronze+ / E5s and where there is more money.

    Yep that's fair enough, it may simply be that I need to start my AMD journey in the USA where power and space in general is cheaper, waiting on a quote from IOflood.

    It pisses me off to do it but I will need another Intel box with you (no offence, just annoyed with using intel) in March by the look of it anyway and when we get a clear timescale for solus.io I will just suck it up and get some monster EPYC's with you for that.

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • EPYC is nice, but it's a hard sell vs Ryzen to a VPS customer who really only wants the raw processor speed of the Ryzen and doesn't care that although the EPYC has a lower clock it's got a LOT of those cores.

    Tldr Ryzen sells like hotcakes

    Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @dahartigan said:
    EPYC is nice, but it's a hard sell vs Ryzen to a VPS customer who really only wants the raw processor speed of the Ryzen and doesn't care that although the EPYC has a lower clock it's got a LOT of those cores.

    Tldr Ryzen sells like hotcakes

    Yeah I was considering that, I would probably need to offer dedicated cores or a ridiculous burst, like 8 core burst.

    Either way though for the monster servers I am considering (128 threads, half or full 1 TB of RAM) they will likely significantly out perform the E5's anyway which also have a lower clock speed and still sell well.

    Thanked by (2)dahartigan vimalware

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @AnthonySmith said: Either way though for the monster servers I am considering (128 threads, half or full 1 TB of RAM)

    Who with?

  • InceptionHostingInceptionHosting Hosting ProviderOG

    @Mr_Tom said:

    @AnthonySmith said: Either way though for the monster servers I am considering (128 threads, half or full 1 TB of RAM)

    Who with?

    Clouvider on solus.io

    Thanked by (2)Mr_Tom Clouvider

    https://inceptionhosting.com
    Please do not use the PM system here for Inception Hosting support issues.

  • @AnthonySmith said:
    offer dedicated cores or a ridiculous burst, like 8 core burst.

    I've always been a fan of your 4 cores burstable plans even back when you did Xen.
    It was something that made me sit up and take notice of your offers.

    My Leaseweb 4GB KVM comes with 4xE5 cores, and I like how I can speed up almost any software build with -j4, (assuming the IO subsystem will be top-notch as well).

    The Ryzen plans could be segmented for those who truly NEED fast single-threaded performance for their use-case.

  • the end is nigh

    inb4 too big to fail(really?)

  • vserversitevserversite Hosting ProviderOG

    Yep, we already start to migrate all our hosts to new AMD CPUs - 2 times ago, Spectre, Meltdown enought.
    Not more now.

  • bikegremlinbikegremlin ModeratorOGContent Writer

    @poisson said:

    @bikegremlin said:
    @poisson your contribution to the community is recognized and appreciated. :)

    As far as Intel goes: never underestimate the power of marketing and contracts. Though, if both Intel and AMD continue in the way they have been for the past few years, the tables might just turn.

    Contracts (and preferential pricing if I am reading you right) probably won't help much if the end-users are going "no Intel because we don't want to be hacked".

    Sure - just would take time. And for Intel to keep messing up, with AMD remaining solid.

    Average user is clueless (otherwise BlueHost would have gone bust, to name one, not CPU related), while big companies have contracts, and benefits that are almost like "legal bribery" - so everyone is happy (with users paying for it, of course). At least that's my view.

    Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
    BikeGremlin's web-hosting reviews

  • WSSWSS OGRetired

    All of this negligible overhead is starting to cost me around 30% of my threading with kernel time.

    My pronouns are like/subscribe.

Sign In or Register to comment.