back to article Intel’s Meltdown fix freaked out some Broadwells, Haswells

Intel has warned that the fix for its Meltdown and Spectre woes might have made PCs and servers less stable. Chipzilla has slipped out a statement to the effect that “we have received reports from a few customers of higher system reboots after applying firmware updates.” The problems have hit “Broadwell and Haswell CPUs for …

  1. Ken Hagan Gold badge

    " AMD on Thursday confirmed that it’s kit is vulnerable to Spectre."

    Is this news? You make it sound like a belated admission but the announcements last week made it perfectly clear that they'd failed to demonstrate Meltdown on AMD but managed Spectre.

  2. Dan 55 Silver badge

    Their first press release confirmed it was vulnerable to Spectre variant 1 using a non-standard Linux kernel configuration, Spectre variant 2 was highly unlikely due to different architecture and had not been demonstrated yet, and more information would be forthcoming. It's difficult to see what they did wrong, unlike Intel.

  3. TechnicalBen Silver badge

    Yeah, Intel has a special case.

    Everyone is susceptible to Spectre if they use branch prediction the same way as was commonly understood. As this has no special cases for security exploits on (IIRC) timing of computation exploits to guess the branch predicted bits/bytes.

    IIRC Spectre involves mainly a programs own data/memory (user/ring/process) set, where as Meltdown allows access to all possible data/memory (any user, any ring or VRM, any process).

  4. TonyJ Silver badge

    "...Intel’s said that if it needs to create a new fix, it will..."

    IF??

  5. Ben1892

    Yep, my Haswell-refresh 4790K has been trying to load the cumulative update since Tuesday with many fails and retries - good job I don't boot into Windows that often, I've just been curious as to real world performance hits

  6. TURB0T0NY

    My 4790K received the update on the 6th and I've not noticed any detrimental performance difference.

  7. James 47

    I've not noticed any slower c++ compile times ona Linux guest VM (Windows 10 Host) either on a a 4790K

  8. Anonymous Coward
    Anonymous Coward

    Remembering Snowden...

    Yup.....Meltdown and Spectre are both causing trouble.

    But how long before we hear about ALL THE OTHER ZERO DAY PROBLEMS which the NSA, GCHQ, the Russians, the Chinese, and all the other bad actors have squirreled away against the day that Meltdown and Spectre end up patched everywhere?

  9. Anonymous Coward
    Anonymous Coward

    Re: Horse, stable, bolted?

    They could have just pushed an update 2 months ago to put new code anywhere in preparation. The old adage of, once pwnd, always pwnd?

    It's new builds which will be the ones that exploits need to be looked out for. But besides, you trust your drive controllers, network controllers and memory controller chips, right?

  10. Anonymous Coward
    Anonymous Coward

    Re: Remembering Snowden...

    They're certainly not bad actors, that's a terrible assertion to make.

    They could all win Oscars for their ability to spew a load of crap with a straight face while simultaneously causing shitfests of problems for us mere citizens.

  11. DougS Silver badge

    Re: Remembering Snowden...

    Why in the world do you think Meltdown is something the NSA etc. would care about? It allows reading kernel data, big deal. Any admin/root level exploit will allow that - the only thing different about Meltdown is that it is a hardware bug so if an affected CPU was running a super-secure OS (such as a formally verified microkernel like the one Apple runs in its secure enclave[*]) you could still attack it.

    Just look at the list of CVEs for Windows and Linux that come out this year. All the admin level ones marked critical - of which no doubt there will be more than a few for each over the course of 2018 - are FAR worse than Meltdown, let alone Spectre, for those running Windows and Linux. If you exploit them you not only can read kernel memory, you can write it to your heart's content.

    [*] Meltdown wouldn't work against Apple's secure enclave because the CPU is in-order execution and thus not vulnerable.

  12. Roo
    Windows

    Re: Remembering Snowden...

    "Why in the world do you think Meltdown is something the NSA etc. would care about? It allows reading kernel data, big deal"

    I reckon the NSA should care.

    Meltdown can totally compromise the vast majority of desktop/server class Intel hardware out there, it's relatively awkward to fix, it has a very big exploitation window (22 years and counting if the P6 core really is vulnerable to it), it doesn't require much code to implement and it is relatively easy to hide from virus scanners. If they weren't interested they really should consider moving out of the spook biz.

    Not really sure why you bothered with the asterisk, Apple don't get a pass because they still shipped vulnerable hardware just like everyone else... :)

  13. Zippy's Sausage Factory

    Re: Remembering Snowden...

    On the other hand, given Spectre requires every app to be partially rewritten, NSA and GCHQ are going to have to recertify their entire catalogue of stuff to check it's no longer vulnerable to foreign intelligence services. I'm guessing that would worry them far more than the loss of that particular vulnerability from their toolkit.

  14. Cristi_Neagu

    Re: Remembering Snowden...

    These bugs are not intentional. Not only are these companies very depended on how confident users are with their products, but engineering such a flaw inside a processor is overkill.

    I'm not saying government agencies had no clue about these bugs. Maybe they knew. But they certainly didn't create them.

  15. Peter Gathercole Silver badge

    Re: Remembering Snowden... @Zippy

    Even if all of the authorized applications are re-written, you still have to accept that if executable malware can be dropped onto a system, this would still be able to exploit Spectre.

    The only way that you can be 100% sure that a system is not susceptible is by either having fixed hardware, OR by having absolute and total control of every piece of executable code on the system.

    Recompiling your authorized code is only a partial solution.

  16. anonymous boring coward Silver badge

    Rushing fixes out usually is a cure that's worse than the problem.

    Any decent engineer knows this, so I wonder what numpties are in charge at Intel/MS? (That's a rhetorical question, as I think we all know that a having a suit trumps knowing anything.)

  17. Colin 29

    I don't know why anyone's having to 'rush' out fixes, they've known about these issues since the middle of last year!

    Coincidentally, we've just been given 2 days warning to implement changes relating to new EU card charge rules coming into affect tomorrow. Those rules were apparently announced the middle of last year too.

  18. Brian Miller Silver badge

    It's also testing the fixes a while that's important. A fix gets implemented, runs under load for 24hrs, and gets approval. Unfortunately the problems arise on the customer machines running for 48hrs...

    Back in the day, I remember load testing Exchange server and finding bugs in NTFS. "How do you find so many bugs?" "Um, just using it a lot, nothing special."

  19. Blacklight

    Hmm.

    Since putting the latest MS patches on my (Sandy Bridge based) PC, I've had two unexplained crashes - which is annoying when working remotely as while the Intel RST on my machine recovers correctly, it doesn't then reboot, so just sits waiting for someone to reset it. Maybe time invest a remote power switch....

    Also quite annoying as my Sandy Bridge (i7 2700K) DOES support PCID, but not, apparently INVPCID...

    So, on a Sandy Bridge i7 2700K (released Oct 2011 I believe) running Win 10 Pro, the results of "Get-SpeculationControlSettings" are:

    Speculation control settings for CVE-2017-5715 [branch target injection]

    Hardware support for branch target injection mitigation is present: False

    Windows OS support for branch target injection mitigation is present: True

    Windows OS support for branch target injection mitigation is enabled: False

    Windows OS support for branch target injection mitigation is disabled by system policy: False

    Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

    Speculation control settings for CVE-2017-5754 [rogue data cache load]

    Hardware requires kernel VA shadowing: True

    Windows OS support for kernel VA shadow is present: True

    Windows OS support for kernel VA shadow is enabled: True

    Windows OS support for PCID performance optimization is enabled: False [not required for security]

    Suggested actions

    * Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.

    BTIHardwarePresent : False

    BTIWindowsSupportPresent : True

    BTIWindowsSupportEnabled : False

    BTIDisabledBySystemPolicy : False

    BTIDisabledByNoHardwareSupport : True

    KVAShadowRequired : True

    KVAShadowWindowsSupportPresent : True

    KVAShadowWindowsSupportEnabled : True

    KVAShadowPcidEnabled : False

  20. John Stirling

    Re: Hmm.

    Since putting the latest MS patches on my (Sandy Bridge based) PC, I've had two unexplained crashes...

    ...good news! They're not unexplained anymore...

  21. James 47

    Re: Hmm.

    Hmm, since AWS updated their machines we're seeing unexplained lzop crashes on the Ubuntu AMIs

  22. s2bu

    Re: Hmm.

    Say “Sandy Bridge” just ONE more time!

  23. Marco van de Voort

    Intel, while you are at it.

    Please implement PCID (without INVPCID) for Ivy bridge, so that we don't get a double digit slowdown on ivy bridge

  24. hollymcr

    Oracle has patched its Linux

    "... but has told us it has “No comment/statement on this as of now” "

    Didn't they have time to read RedHat's release notes?

  25. ecofeco Silver badge

    I'm sure it's just a coincidence

    Any casual connection between this latest round of SNAFU and the preceding layoffs last year are purely coincidental, I'm sure.

    BTW, I have this lovely bridge for sale, gently used.

  26. Solmyr ibn Wali Barad

    Re: I'm sure it's just a coincidence

    Sandy bridge or ivy bridge?

  27. Anonymous Coward
    Anonymous Coward

    Product Recall Time

    If Intel go bankrupt with a recall of every recent Haswell, Broadwell and Sandy Bridge CPU (fabbing new ones to replace) they could restore credibility and this would be a great plan because they have royally f*cked this whole situation from start to finish and deserve to melt into a gigantic pool of molten slag. If my 4790 shows any instability whatsoever I will join a class action lawsuit if there is one in the UK. If I can't find a class action, I may issue a small claims court claim for a few grand chuck out a whole load of press releases to be bloody annoying and potentially embarassing.

  28. Andre_dutra_protiviti

    K/W impact - How much??

    This patch will definitely impact $$$, the question is how much in %?

    I can't find an info or partial study about it.

    More CPU power causes, increases temperature which both causes increases in energy consumption and a large bill to pay.

  29. Cristi_Neagu

    "Intel has said that if it needs to create a new fix, it will."

    Intel, you need to create a new fix.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018