@Yen - Right now I have more faith in a simple tool written by an independent software developer than I do in mega-corporations like Intel, AMD, Dell, HP, Lenovo, and Microsoft. In my opinion they're all dragging their collective asses while the open source community is spearheading the effort to come up with a solution to this mess. We all know that these software patches are merely a band-aid so that people can continue to use the three billion or so flawed Intel processors that are currently in use throughout the world. The only alternative is to tear them out of their sockets and send them to the crusher, but no one can afford to do that, since there is no readily available replacement for them.
Intel don't want to fix this because it will probably put them way behind AMD in terms of performance.
The tools do nothing wrong as long as they'd only analyze what's there... But they do twist the causality. My CPU is vulnerable because the prediction is vulnerable. It is NOT vulnerable because a special countermeasure is still missing! And there is no 'instance' that would follow scientific claims.... Retpoline support in kernel is only one thing. People obviously get fooled by saying if your kernel supports this and that you are not vulnerable anymore. The retpoline approach requires co-work. To say: "status: not vulnerable" if some features are there is more than questionable....
@john: So do I. The independent software developer isn't driven by corporate greed, which in itself is a double-edged sword. @john: Maybe they just don't have the mental prowess to come up with a fix. At least not a universal fix. Intel have -never- been leaders in compiler products or motherboards. Their stuff is half-baked. The independent developers are always the ones who come up with the best stuff. Anyone remember the Zortech C++ compiler? Top-notch and open source. Full disclosure. That's the model that the GNU people have chosen for their products. Here's another more sinister line of thought: What if this CPU flaw was the only way to force people to abandon their old hardware (and Windows 7) and upgrade their hardware and OS? It would be a windfall for Microsoft, Intel -and- the MoBo Manufacturers. So, what justification do they have to fix it? Only the Open Source community is motivated to repair this. Not them.
The open source community has a better concept already and they had more time to get busy with side channel attacks. KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed) is a project that has started already before meltdown and spectre got published. KAISER was before! The result KPTI was already developed and meltdown could be reasonably met. Anyway with google's retpoline people assumed that they also will be on the right and quick path to fight spectre...we would just have to wait for it. When reading closely they said that system programs and libs and apps and the kernel itself needs to be re-compiled therefore. This requires also time... Intel / M$ will do what's needed to get them tools reported: not vulnerable.... But it will be ever a rotten compromise between performance loss and vulnerability. Depending on OS and CPU each of us is running we will be relatively safe on a relative cost of performance. I wonder if it makes sense to apply measures against spectre at all.
Trust me,I don't understand most of this stuff. But since this first came to light that was exactly what I was thinking!! Where is my tin foil hat??
Using the term "half-baked" would be giving them too much credit, at least where the Meltdown vulnerability is concerned. "Dangerous" or "incompetent" would be a better description. Meltdown was the result of allowing the user space to interact with the kernel space. This is breaking one of the cardinal rules of processor design. The processes running in kernel space should be strictly isolated from the processes running in user space. They got away with this for twenty years and now it's time to pay the piper.
They once have made the decision that speculative executions are not treated the same way..security related....performance over security. Why is it possible to do things on the speculative branch which I normally cannot? Circumvent bounds check etc etc... because such checks are time consuming!
Actually i send him a mail. With code where mprotect(addr,PROT_NONE) can blocks Spectre 2 exploit (Under all operating systems). Maybe he have idea how to do this through the kernel - send all requests with speculative execution to PROT_NONE through the SIGSEGV signal for that process. Where overhead would be 0 cycles. I do not understand so much in the kernel. But there must be a solution (it's a matter of time). Except we throw the CPU in the garbage. And it is unlikely that they will give us the new processors in exchange for free.
Since spectre is dependant on hardware specific ways an exploit is hard to realize, but on the other hand approaches of mitigation have to be specific as well. There might come up other variants of spectre in the future, who knows? To patch JITs/interpreters to prevent exploits form there seems to be reasonable for now. Sooner or later the CPU devs would have to add additional resources to prediction entries or tag them somehow to make clear who can own/access what...
What is publicly published is a mild variant since the magic result is from it's own address space. They did not publish the one that directly attacks apps (Inter-Application PoC like a virus) and is not harmless. I can not imagine that Linux / Mac OS must have an anti-virus. But we seem to have come close to that. (if there is no other solution)
Actually it's not that far-fetched imho. I built an i7 6700 in June 2016, spent a fortune on it, anyway: In late November 2017 I noticed my Net speed had dropped 15MB/s, I am no way a computer expert but I've been running and building systems since Win98 with a Pentium 200 Since then I was a total AMD fanboy (XP1600+, XP2400+, X2 5200+, Phenom 955, Phenom 1090t and in 2016 I finally went Intel again, what a huge f-ing mistake that was. Anyway, back to my speed drop, I set about looking for malware, I eventually found a svchost.exe in roguekiller and numerous infections through FRST. It appeared to be an exploit in the USB 3.0 controller and the Realtek Audio (an installed and un-removable service) I spent the best part of 2 days trying to fix the system till I was eventually alerted to the Intel ME exploit (I only found this out when checking my MB site to find they had released a BIOS update just 2 weeks before to 'combat' the exploit. So, I patched the BIOS, ran the ME update tool and according to Intel I was no longer vulnerable (the Intel tool said so lol) So, at this point I decided a clean install was required of Win7, so I do that, but boom, svchost infection straightaway, After spending over a week trying clean installs etc and trying to disagnose it was clear my BIOS had been flashed via the ME exploit and there were bcd files hidden on my storage drives (D: & E and various other folders of undeterminate size all unaccessible and I could not even take control using security in safe mode! Out of desperation I had to wipe ALL drives, convert them to GPT and install Win7 offline completely (Ethernet unplugged) I got back in to win7 and yet within another 3-4 days (My box is on and connected 24/7) I was exploited yet again. Un-f-ing-believeable. Then on Jan 4th Asus updated the microcode via yet another BIOS update, this may have fixed the issues, but by then I had already wiped all the drives yet again (/clean all - that was 2 days downtime) and I upgraded to Win10 and enabled secureboot. So Intel, the ME exploit has clearly been used in the wild, and now I am having to use win10 even though I do not want to use it, I honestly considereed just keeping this i7 machine offline as a media server (I have licenses for VDJ, VRD, DVBViewer and it is solid with my dual DVB-T2 card) then building an old FM2+ AMD box for Linux on the net for under £200. Intel on the inside....All your data on the outside. I contacted Intel and told them all of this, their response, a clean format would not allow a system to get re-infected after being patched - I can smell something and it aint Strawberries, nope, that's bulls**t. Oh, as for performance hit when patched, my cinebench cpu score is now 823 from 825, so it appears I have seen a negligable performance reduction ~ 0.2% - I want a damn refund Intel