More Intel bad news
ABSTRACT
In this paper, we analyze the hardware-based Meltdown mitigations in recent Intel microarchitectures, revealing that illegally accessed data is only zeroed out. Hence, while non-present loads stall the CPU, illegal loads are still executed. We present EchoLoad, a novel technique to distinguish load stalls from transiently executed loads. EchoLoad allows detecting physically-backed addresses from unprivileged applications, breaking KASLR in 40 µs on the newest Meltdown- and MDS-resistant Cascade Lake microarchitecture. As EchoLoad only relies on memory loads, it runs in highly-restricted environments, e.g., SGX or JavaScript, making it the first JavaScriptbased KASLR break. Based on EchoLoad, we demonstrate the first proof-of-concept Meltdown attack from JavaScript on systems that are still broadly not patched against Meltdown, i.e., 32-bit x86 OSs.
We propose FLARE, a generic mitigation against known microarchitectural KASLR breaks with negligible overhead. By mapping unused kernel addresses to a reserved page and mirroring neighboring permission bits, we make used and unused kernel memory indistinguishable, i.e., a uniform behavior across the entire kernel address space, mitigating the root cause behind microarchitectural KASLR breaks. With incomplete hardware mitigations, we propose to deploy FLARE even on recent CPUs.
Source: http://cc0x1f.net/publications/kaslr.pdf
tl;dr Intel's hardware Meltdown mitigations don't work. Here's an even worse vulnerability we found in discovering that.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
Comments
This becoming a drinking game at this point. Pretty sure some DC techs are already doing this......
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
It truly is becoming an arms race. I wonder if/when AMD will be hit with these sorts of exploits.
Cheap dedis are my drug, and I'm too far gone to turn back.
Wonder how Intel will defend xeon market share. AMD doesn't seem to have any of these, and entire DCs will only have AMD processors soon.
Just my take. Thoughts?
I wonder about it too. However, I do think that the cascade of issues at Intel points to a much more deep-seated issue of sloppy engineering for pursuit of profit. It reminds me of the Boeing Max engineering mindset too.
Vulnerabilities are always going to exist, but you shouldn't see stuff on this scale if you have a more engineering-focused instead of a profit-focused culture. AMD isn't completely secure, but the rate of vulnerability discovery is pretty low, and given the extent to which researchers are having a field day with Intel, I wouldn't imagine it is too difficult to pick on AMD as well. I doubt that researchers only focus on Intel and give AMD a free pass. It seems like a more likely explanation that AMD wasn't under that much pressure to make bucketloads of money and gave more attention to engineering.
That, however, could change if AMD lets its formula for success get to its head.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
Intel cannot defend at all. The issues they have can only be resolved by a complete architecture redesign. Anything new they produce that is built upon existing architecture seems doomed to fail; they patch and the patch is undone after a while. The latest paper I posted is the clearest indicator that Intel's existing architecture is inherently flawed, but they don't have an alternative.
I remember the days when AMD was the underdog, but as far as I remember, they sucked mainly because of poor performance/power ratio, but I didn't remember anything about security issues. I mean if you mostly have sucky performance and a large power draw, well, it is still tolerable if the price is right. I am not sure about whether people would even want to pay for a dirt cheap Intel with all these security issues (which also has a performance penalty when the half-baked mitigation measures are applied).
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
That’s Epyc.
Clouvider Limited - VPS in 11 datacenters - Intel Xeon/AMD Epyc with NVMe and 10G uplink! | Dedicated Servers
They will so long as AMD will ignore the market for smaller CPUs - E3/E equivalent, but once they release for that segment - all bets are off.
Clouvider Limited - VPS in 11 datacenters - Intel Xeon/AMD Epyc with NVMe and 10G uplink! | Dedicated Servers
@poisson your contribution to the community is recognized and appreciated.
As far as Intel goes: never underestimate the power of marketing and contracts. Though, if both Intel and AMD continue in the way they have been for the past few years, the tables might just turn.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Ryzen-style DC SKUs with support of the big board manufacturers = unstoppable.
🦍🍌
Either this or the big manufacturers should start making Ryzen/Threadripper boards and servers.
I am so annoyed I am lost for words.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Contracts (and preferential pricing if I am reading you right) probably won't help much if the end-users are going "no Intel because we don't want to be hacked".
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
It needs someone like SM to make a stand which given that that have not done so up to this point suggests that they never will until it actually hurts their bottom line.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
I can’t wait. Fingers crossed it happens, and soon.
Clouvider Limited - VPS in 11 datacenters - Intel Xeon/AMD Epyc with NVMe and 10G uplink! | Dedicated Servers
I spent the morning looking for a suitable cooling solution for 1U 105W AM4 socket. I failed badly. I suppose that is the problem and fix requires them to likely make a CPU that has lower TDP, yet keeps the same benefits in the core count and clock, so presumably not quite easy, and hence they focused on the bigger market where they compete with Xeon Scalable Bronze+ / E5s and where there is more money.
Clouvider Limited - VPS in 11 datacenters - Intel Xeon/AMD Epyc with NVMe and 10G uplink! | Dedicated Servers
Yep that's fair enough, it may simply be that I need to start my AMD journey in the USA where power and space in general is cheaper, waiting on a quote from IOflood.
It pisses me off to do it but I will need another Intel box with you (no offence, just annoyed with using intel) in March by the look of it anyway and when we get a clear timescale for solus.io I will just suck it up and get some monster EPYC's with you for that.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
EPYC is nice, but it's a hard sell vs Ryzen to a VPS customer who really only wants the raw processor speed of the Ryzen and doesn't care that although the EPYC has a lower clock it's got a LOT of those cores.
Tldr Ryzen sells like hotcakes
Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.
Yeah I was considering that, I would probably need to offer dedicated cores or a ridiculous burst, like 8 core burst.
Either way though for the monster servers I am considering (128 threads, half or full 1 TB of RAM) they will likely significantly out perform the E5's anyway which also have a lower clock speed and still sell well.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Who with?
Clouvider on solus.io
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
I've always been a fan of your 4 cores burstable plans even back when you did Xen.
It was something that made me sit up and take notice of your offers.
My Leaseweb 4GB KVM comes with 4xE5 cores, and I like how I can speed up almost any software build with -j4, (assuming the IO subsystem will be top-notch as well).
The Ryzen plans could be segmented for those who truly NEED fast single-threaded performance for their use-case.
the end is nigh
inb4 too big to fail(really?)
Yep, we already start to migrate all our hosts to new AMD CPUs - 2 times ago, Spectre, Meltdown enought.
Not more now.
Sure - just would take time. And for Intel to keep messing up, with AMD remaining solid.
Average user is clueless (otherwise BlueHost would have gone bust, to name one, not CPU related), while big companies have contracts, and benefits that are almost like "legal bribery" - so everyone is happy (with users paying for it, of course). At least that's my view.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
All of this negligible overhead is starting to cost me around 30% of my threading with kernel time.
My pronouns are like/subscribe.