# Eight new Spectre Variant Vulnerabilities for Intel Discovered - four of them critical.



## bryn1u (May 3, 2018)

Im wondering if using VM as a security isolation isn't being only stereotype 

https://www.guru3d.com/news-story/e...r-intel-discovered-four-of-them-critical.html


----------



## Deleted member 30996 (May 4, 2018)

"Intel classifies four of the Specter NG vulnerabilities as "high-risk"; which in Intel language is translated as: super dangerous. The danger of the other four is rated as medium. According to c't/Heise, Specter-NG risks and attack scenarios are similar to those of Specter - with one exception. C't calls the Intel vulnerabilities and their procs a Swiss Cheese due to the many security holes."

I always referred to Windows98 as the Swiss Cheese of Operating Systems, half in joke. What an honor to have earned that title, Intel.


----------



## fernandel (May 5, 2018)

And another link:
https://www.heise.de/ct/artikel/Exc...U-flaws-revealed-several-serious-4040648.html


----------



## _martin (May 5, 2018)

I'm not even surprised any more. What I do like to know is how many of them NSA knew about and (ab)used them. Not to mention ones we don't know about yet.


----------



## Phishfry (May 5, 2018)

I am really surprised that my PineView Atoms are not affected. So all my D525's are fine.
Cedarview Atoms N2800, D2550 are all OK too.

the CPUs that don't do speculative execution and hence are not vulnerable to any of the 3 variants are:

> +       { X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_CEDARVIEW,   X86_FEATURE_ANY },
> +       { X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_CLOVERVIEW,  X86_FEATURE_ANY },
> +       { X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_LINCROFT,    X86_FEATURE_ANY },
> +       { X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_PENWELL,     X86_FEATURE_ANY },
> +       { X86_VENDOR_INTEL,     6, INTEL_FAM6_ATOM_PINEVIEW,    X86_FEATURE_ANY },

So we will see how the Atom holds up to the new batch of 8 variants..
If I were really worried about these exploits I would be switching my pfSense box to an Atom. I have not. Still APU2.

This does seem to be the textbook case for keeping old hardware around.


----------



## ralphbsz (May 6, 2018)

Phishfry said:


> If I were really worried about these exploits...
> 
> This does seem to be the textbook case for keeping old hardware around.


Here how to build a secure packet filter: Connect the incoming ethernet line to a card punch.  Then have a series of staffers review the cards, and if they pass inspection, put them back into a card reader and transmit them.

Side benefit: You can use the chaff for parades.

P.S. Seriously, do NOT do this.  Card punch staff is very small, and has sharp corners.  It is very hard to clean up.  If you dump it on people, it can easily get into the eyes, and cause very annoying injuries.  It is utterly unsuitable for parades.


----------



## Phishfry (May 6, 2018)

I did notice that the best Atom there benchmarked at ~680 compared to ~6800 for the Sandy Bridge E3-1260L Xeon I just got.

But for Gen.1 IOT Atom devices I think this is good news. Especially considering they are BGA chips.
I had no idea that the N270 only has a 2W TDP. That was really an embedded Arm squasher move.
x86 Compatibility with just enough juice.

Where would Intel be now if the Windows phone took off. Alot of those Atoms were never made in large numbers.
So Arm won that leg of the race.


----------



## Phishfry (May 6, 2018)

ralphbsz
Not too long ago the Navy retired all their sextants.
Who needs the stars to navigate, we got us a fancy GPS satellite system. Best anti-jamming capability money can buy.
Guess what. GPS is just radiowaves. The stars will always be there.
Now the Navy is scrambling to teach their young ensigns to navigate with sextants again.
Good thing they donated many to military museums. They needed them back...


----------



## drhowarddrfine (May 6, 2018)

_martin said:


> What I do like to know is how many of them NSA knew about and (ab)used them. Not to mention ones we don't know about yet.


The same ones China, Russia  and North Korea knew about and abused, among others. After all, some wafer fabrication is done in China.


----------



## Crivens (May 6, 2018)

Looks like intel cpus/stock/security is reminding of a beached whale, in summer, giving off ominous noises. You all got umbrellas and ponchos with you, fellow spectators?

It can be hoped that a cambrian explosion of architectures is around the corner. Now we only need to take the right turn.


----------



## Phishfry (May 6, 2018)

At what point do we call "Speculative Execution" an utter failure.
This has affected Intel, AMD and Arm designs.
Maybe the CPU architecture design teachers at college got it wrong?
Long live Atom!


----------



## Crivens (May 6, 2018)

We call it like that when there one thread running you do and can not trust. Otherwise it is fine.


----------



## ralphbsz (May 6, 2018)

The problem isn't speculative execution per se.  The problem is speculative execution without doing permission checking.  I understand why the chip designers did it that way (because otherwise the permission checking engine becomes the bottleneck), and in theory it looked like this wouldn't hurt, because speculative execution by design can't have visible effect.  The problem is that it has effects that can be measured by performance, and that's where all these problems are coming from.  In effect, chip designers will have to learn new skills.  But speculative execution is here to stay; given the physical limits on clock frequencies, parallelism (of which speculative execution is one variant) is necessary.

The same problem of "information leakage due to observing the performance effects of operations that you are not allowed to see" happens in many other realms.  The traditional joke about it is that the best way to measure the level of international tension is to watch how many pizzas are delivered late at night to the Pentagon.  Similar things happen in computers with disks (whose performance depends crucially on the workload, and on workload parallelism): By measuring the performance of its own IOs, a process can make inferences about what IO other processes are doing.


----------



## rigoletto@ (May 6, 2018)

ralphbsz

Can you tell anything (I do not know you if you are aware about) why the Cavium ThunderX(1) apparently is not affected by any of those issues? The ThunderX2 is by Spectre (IDK what one or if two). In the same way some other ARM chips, IIRC one of ther models of Pi version.


----------



## ralphbsz (May 6, 2018)

I do not know.  The Thunder very likely does speculative execution; it is a high-end CPU with high core count and high parallelism, intended for big network servers (they are trying to compete with Xeon server-class chips) and also being used in supercomputers.  That pretty much means it has to do speculative execution.  It could be that (by luck or skill) they designed it so speculative execution honors all protection information, or that it is side-effect free on its effects on the cache.  Since the architecture has been around for several years (I remember thinking that my then-employer should be testing ARM-based high-end servers about 3-4 years ago), it can not have been cleaned up as a reaction to Spectre and Meltdown.

As far as I know, the Thunder has little to do with the SoC that are used in the Pi.  Many low-end CPUs do deliberately not do speculative execution, since it is power inefficient: You do all these operations (and pay with power and heat for them), which will then be thrown away.  For embedded and low-power operation, that is undesirable, and one prefers the low performance.  The Thunder is optimized for the opposite end of the spectrum, where maximum performance is more important than efficiency.


----------



## Crivens (May 6, 2018)

One person having had a hand in the Thunder is, most likely, Sophie Wilson. To assume chance here can be a bit far fetched. 

I do assume the Thunder has a small number of extra cache lines to buffer the memory traffic from speculation and which happen to be committed or dropped depending on the commit state of the instruction tied to it. This also shortens critical path length. So gunning for the critical path length might have avoided the trouble. How thumb may have impacted the internal design - no idea, but I have a feeling that the way I am thinking of might have impacts here, too.


----------



## _martin (May 7, 2018)

drhowarddrfine said:


> The same ones China, Russia  and North Korea knew about and abused, among others. After all, some wafer fabrication is done in China.


Correct, it's a global problem.


----------



## rigoletto@ (May 8, 2018)

Broadcom's Arm server chip lives – as Cavium's two-socket ThunderX2

Based on this article the ThunderX2 is based on a old Broadcom ARM project.


----------

