Intel processor design flaw requiring ROS kernel mode change

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

Fraizeraust wrote: This hardware bug will also affect ReactOS, no doubt. The main question is, do we have an active kernel developer who can tackle this critical flaw for the better?
Alex ionescu is quoted on the register so I assume it is in the pipeline already?
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

https://googleprojectzero.blogspot.co.u ... -side.html

Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (called "Intel Haswell Xeon CPU" ...)
AMD FX(tm)-8320 Eight-Core Processor (called "AMD FX CPU" ...)
AMD PRO A8-9600 R7, 10 COMPUTE CORES 4C+6G (called "AMD PRO CPU" ...)
An ARM Cortex A57 core of a Google Nexus 5x phone [6] (called "ARM Cortex A57" ...)

These are the CPUs tested by Google team that announced the vulnerability but the exploit is not limited to these CPUs.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
User avatar
Adcock
Posts: 241
Joined: Thu Jul 07, 2016 5:37 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by Adcock »

dizt3mp3r wrote: FYI Latest news would imply that even dual core CPUs prior to 2007 would also be affected by the same weakness/potential exploit. This particular functionality has been used in Intel CPUs since 1995.
Thanks. That's not exactly the answer but if that is the thing then the answer matters less.

What is the meaning of FYI, PS, PPS, re?
Last edited by Adcock on Thu Jan 04, 2018 5:45 pm, edited 2 times in total.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

FYI - for your information
P.S. Post Script (latin) - an extra sentence not necessarily in context with the rest of the note, added to the end, abbreviated often to PS.
P.P.S Post-post script, abbreviated often to PPS.

Apologies for their usage, I automatically assume understanding as these are part of normal English usage but I do appreciate some of these things are arcane and not so easy to guess.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

FYI - Browser developers such as firefox are reducing the accuracy of timing functions as precise timing is required to exploit the Intel CPU side exploit flaw, reduction in timer accuracy means that drive-by web based exploits would be harder to carry out using javascript on the web. Other browser developers are considering a similar change as a temporary measure to help prevent any exploit in the wild.

This of course is only a temporary fix and does not mitigate all the other attack directions be it browser-based, app, driver or program.
Last edited by dizt3mp3r on Thu Jan 04, 2018 9:52 pm, edited 1 time in total.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

Fraizeraust wrote: This hardware bug will also affect ReactOS, no doubt. The main question is, do we have an active kernel developer who can tackle this critical flaw for the better?
Another reason why we should not currently be recommending 'using' ReactOS to anyone on real hardware until such a change is implemented - just a thought.

Whilst on the subject of installing ReactOS, I wonder what the implications are of running an insecure o/s that has an unpatched kernel as a virtual o/s on a host that has a vulnerable Intel cpu. I've heard that when this bug was discovered on Linux hypervisors the virtual o/s was able to access the host's kernel memory... That is frightening and it implies that ReactOS or any unpatched o/s is a potential trojan horse for an exploit. I don't mind being wrong on this, it is just a point of discussion that I feel needs to be opened...
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
val
Posts: 69
Joined: Fri Feb 10, 2017 5:22 am

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by val »

That is frightening and it implies that ReactOS or any unpatched o/s is a potential trojan horse for an exploit. I don't mind being wrong on this, it is just a point of discussion that I feel needs to be opened...
it's the same as with the OS vs. user process situation. because 1) the problem is in the wrong handling of speculatively executed instructions by CPU. it doesn't pay attention to the access violation in the way it should, letting an attacker to get the idea of what data has been read from places he/she shouldn't ba able to do. it equally applies to the Hypervisor/OS interface as to the OS/user process interface. and 2) virtualization never ever gave any additional security, it's a stupid pseudotechnology extensively abused for absolutely inappropriate goals. thanks to it, now patched and slown down Windows/linux (or VaporWare, Hyper-V, whatever-hyper-overhyped(TM)) host will be running patched and slown down linux/windows... of course the performance penalty will be *negligible*.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

It is frightening as many will not appreciate the potential for Trojan Horse Exploits.

Most would assume that running as a virtual o/s in a VM is a suitable sandbox that protects the host o/s from any exploit.

Intel have really screwed up.

PS. Look Val - we can talk! :)
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

Here is the statement from AMD: http://www.amd.com/en/corporate/speculative-execution

Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.

Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.

Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
middings
Posts: 1073
Joined: Tue May 07, 2013 9:18 pm
Location: California, USA

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by middings »

CERT Vulnerability Notes Database wrote:Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks

Original Release date: 03 Jan 2018 | Last revised: 04 Jan 2018

Overview

CPU hardware implementations are vulnerable to side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.
Before the revision, the recommended solution was to replace the CPU with an unaffected CPU. That probably sowed fear and panic throughout the IT and device industries.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

ARM's response

https://developer.arm.com/support/security-update

Bu@@er - my old iphone 4 has the exploit...
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
User avatar
dizt3mp3r
Posts: 1874
Joined: Mon Jun 14, 2010 5:54 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by dizt3mp3r »

This is the best summary I have found so far: https://www.theregister.co.uk/2018/01/0 ... erability/
Skillset: VMS,DOS,Windows Sysadmin from 1985, fault-tolerance, VaxCluster, Alpha,Sparc. DCL,QB,VBDOS- VB6,.NET, PHP,NODE.JS, Graphic Design, Project Manager, CMS, Quad Electronics. classic cars & m'bikes. Artist in water & oils. Historian.
oldman
Posts: 1179
Joined: Sun Dec 20, 2009 1:23 pm

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by oldman »

Please keep the Windows classic 9x/2000 look and feel.
The layman's guides - debugging - bug reporting - compiling - ISO remaster.
They may help you with a problem, so do have a look at them.
User avatar
Fraizeraust
Posts: 234
Joined: Thu Jan 05, 2017 11:46 am
Location: Italy
Contact:

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by Fraizeraust »

Here are the results by Speculation-Control module.
[ external image ]
It turns out the update by Microsoft Windows doesn't do anything to mitigate the Meltdown and Spectre bug. Looks like I need to update both the firmware and the BIOS as well however I'm scared that it will brick my Toshiba Satellite C660 rendering it un-bootable... :(

Anybody else knows how can I update the BIOS safely?
a.k.a. GeoB99 -- ReactOS Kernel developer -- My Wiki page
User avatar
Fraizeraust
Posts: 234
Joined: Thu Jan 05, 2017 11:46 am
Location: Italy
Contact:

Re: Intel processor design flaw requiring ROS kernel mode ch

Post by Fraizeraust »

Welp, looks like I'm completely f*cked up. Went through Toshiba Support web page looking for newest BIOS update but the latest one is from 2012... Hopefully Toshiba will release a update if not, then I'm screwed.
a.k.a. GeoB99 -- ReactOS Kernel developer -- My Wiki page
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot] and 41 guests