servers and VM software needs updates (most probably) - VM and Microprocessor bug fixes incoming.. (important to VM) -news

QuantumHelos
QuantumHelos
Joined: 5 Nov 17
Posts: 190
Credit: 64239858
RAC: 0
Topic 212420

VM and Microprocessor bug fixes incoming..
Hopefully microcode quickly also.

Creating a better virtualization header that is:
More efficient at isolating the contained OS with attributes in the OS's to contain secured data?
We find answers to improve efficiency and protect against VM>VM data transfer or to use this for a creative purpose!

We need answers! and science. : Microcode update

"Thank you for googles firm responses to the bug, faith in google is high..
The micro code be updated to flush & or contain the the speculative data in a data-cycle secure storage,
Within the framework of cache and ram/virtual-ram?
Cycle efficiency would be at most two cycles and a flush Xor bit data overlay"

Google systems have been updated for Meltdown bug https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
Attack mitigation - https://support.google.com/faqs/answer/7622138#android

"Microsoft issued an emergency update today,
Amazon said it protected AWS customers running Amazon's tailored Linux version and will roll out the MSFT patch,
for other customers to day"

We need answers! and science. : Microcode : update

(c)RS

http://esa-space.blogspot.rs

about the Specter & Meltdown bugs :

https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-worst-cpu-bugs-ever-found-affect-computers-intel-processors-security-flaw

http://www.tomshardware.com/news/meltdown-spectre-exploits-intel-amd-arm-nvidia,36219.html

https://www.helpnetsecurity.com/2018/01/04/meltdown-spectre/

Gaming performance:
https://www.techspot.com/article/1554-meltdown-flaw-cpu-performance-windows/

mikey
mikey
Joined: 22 Jan 05
Posts: 12704
Credit: 1839107974
RAC: 3599

A guy at PrimeGrid just did

A guy at PrimeGrid just did before and after tests on his gaming laptop with an SSD and found no significant changes that were outside normal testing variables. So hopefully we crunchers won't notice a difference but as we go forward and systems get updated more and more data will come in and we will know for sure what the effect is.

DanNeely
DanNeely
Joined: 4 Sep 05
Posts: 1364
Credit: 3562358667
RAC: 0

I wouldn't expect to see any

I wouldn't expect to see any significant crunching impact from this.  Our apps are sitting around happily doing pure math; it's software that makes very heavy use of OS resources (ie disk/network IO) that will be at risk for non-trivial slow downs.

archae86
archae86
Joined: 6 Dec 05
Posts: 3157
Credit: 7230108177
RAC: 1156248

I judge the need for the

I judge the need for the fixes and the adverse performance impact of the fixes to be far less on a typical participant system than on the project servers.  

Less need because these exploits generally require an offending bit of code somehow to get installed on the victim system, and the main risk is of export of data at a very low rate.  

Less impact because the sort of activity we do in our crunching (which for many of us probably consumes the very great majority of system resources) is probably not the sort which gets slowed down much by the fixes.

I think it at least possible that for some BOINC projects which run their server resources near the raw edge of capability failure (SETI, at least at times) that these fixes might easily push them over an edge--which they would need then to claw back.  But they have practice in doing that.

QuantumHelos
QuantumHelos
Joined: 5 Nov 17
Posts: 190
Credit: 64239858
RAC: 0

yes virtualization on server

yes virtualization on server and security code, but boinc servers ave been hacked before!

****

Amd's concern for security lead them to make cache work differently right from the start; Where as Intel chose to pre-fetch kernel & secure data on the presumption that this could rarely be used.(this was published in the past we read about it.) RS

https://semiaccurate.com/2017/06/22/amds-epyc-major-advance-security/

https://www.anandtech.com/show/11591/amd-launches-ryzen-pro-cpus-enhanced-security-longer-warranty-better-quality

as we can see amd has a security focus & did also in 2005 when pre-fetch method came up for debate.

 

Robert
Robert
Joined: 5 Nov 05
Posts: 47
Credit: 323518014
RAC: 21565

Here are some actual CPU

Here are some actual CPU results before and after for the patch KB4056892 on Windows 10 Fall Creators Update for a Intel i7-7700K running the current Gamma-ray pulsar search #5 v1.08.  I averaged a small set of results before and after.

Before = 10,476 seconds / work unit

After = 10,521 seconds / work unit.

Given the small subset I see no differences in the runtimes before and after.

QuantumHelos
QuantumHelos
Joined: 5 Nov 17
Posts: 190
Credit: 64239858
RAC: 0

"Details of a problem have

"Details of a problem have been gradually emerging, People with AMD Athlon-powered computers say that following the installation of the patch, it is impossible to boot into Windows leaving a full re-installation as the only option -- although some users report that even this does not fix the problem. "

(possibly related to the antivirus program incompatibility)(some AV's possibly! we need a list preferably now.)

https://betanews.com/2018/01/08/microsoft-meltdown-spectre-patch-bricks-amd-pcs/

QuantumHelos
QuantumHelos
Joined: 5 Nov 17
Posts: 190
Credit: 64239858
RAC: 0

Athlon PC patch is being re

Athlon PC patch is being re engineered so that it works on windows 10 - not related to newer AMD chips:

https://www.theverge.com/2018/1/9/16867068/microsoft-meltdown-spectre-security-updates-amd-pcs-issues

QuantumHelos
QuantumHelos
Joined: 5 Nov 17
Posts: 190
Credit: 64239858
RAC: 0

On the GPU front we can see

On the GPU front we can see that since cache pre-fetch is the issue that all classes of GPU/CPU & other processor class with cache may well face issues.

https://insidehpc.com/2018/01/nvidia-races-patch-gpu-drivers-spectre-meltdown/

https://nvidia.custhelp.com/app/answers/detail/a_id/4611

RS

QuantumHelos
QuantumHelos
Joined: 5 Nov 17
Posts: 190
Credit: 64239858
RAC: 0

On the front of the kernel

On the front of the kernel patch 4.4.0-108 (Ubuntu) bricking some older Athlon models apparently ...
4.4.0-109 is the fixed version; Further information would be useful but is currently too hush hush for full disclosure. - google 4.4.0-109 for more information.

https://usn.ubuntu.com/usn/usn-3522-4/
https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-causing-boot-issues-for-ubuntu-16-04-computers/

QuantumHelos
QuantumHelos
Joined: 5 Nov 17
Posts: 190
Credit: 64239858
RAC: 0

"The micro code be updated to

"The micro code be updated to flush & or contain the the speculative data in a data-cycle secure storage,
Within the framework of cache and ram/virtual-ram?
Cycle efficiency would be at most two cycles and a flush Xor bit data overlay,

Bit Masking before and after pre-fetch presents & also uses data - this method would be fast! (c)Rupert S"

"Obviously in light of buffer exploitation we would suggest that buffers after password entry are cleared, This is not the whole solution because the spy program could be resident..

Buffer exploitation is a common practice in viruses and this type of attack is nothing new..
There is no doubt that buffers are a victim of flooding and exploitation; Over and over!
After all buffer exploitation is a logical consequence of their use on a computer or hardware.

Randomizing buffer allocation, Location and encryption algorithm is the most logical choice on hardware, However! how much effort must be made to protect buffers when an attack on them is predicable and logical? A lot we say.

(c)Rupert S"

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.