Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Yet another serious attack on/vuln. of intel CPUs - "EchoLoad"
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Yet another serious attack on/vuln. of intel CPUs - "EchoLoad"

jsgjsg Member, Resident Benchmarker
edited February 2020 in General

As I just fell over it and our community can well use some actual content (other than looking at itself and its troubles) ...

Welcome to yet another very serious attack on intel processors.

Why very serious?

  • Because all intel processors from Pentium 4 (Prescott) up to the newest Cascade Lake are vulnerable
  • Because KASLR (kernel address space layout randomization) can not protect the kernel against the attack.
  • Because kernel space can in fact be de-randomized ("unprotected") within tens of microseconds
  • Because it does not require intel TSX or knowledge of internal data structures
  • Because the attack is deeply rooted in the design of the microarchitecture, it cannot easily be fixed, neither in software nor hardware
  • Even on Cascade Lake with fixes for Meltdown and MDS the kernel can be de-randomized
  • The attack even works on KPTI, the Linux software mitigation for Meltdown.
  • The attack also works in restricted environments such as SGX

How about AMD? - AMD Zen is not vulnerable

Who has developed and brought us this new attack? - The University of Graz people (again) who are already well known for some studies of and finding serious attacks against x86 (mostly intel) processors. One example is "DataBounce" (which is dangerous but less so than EchoLoad.

Link to their paper -> http://cc0x1f.net/publications/kaslr.pdf

My personal take: I tried to stay halfway neutral for a long time. And in fact intel processors aren't all bad. There are some things where they are better than AMD, one important example being CPUs with low power envelope (which often is a factor in hosting).
But the more one looks, the more crappy engineering and (not really) smart "cost saving" decisions become visible. Now, we see a vulnerability which can not be mitigated, neither in hardware nor in software and, to make it even worse, it also breaks the "foundation", kernel KASLR, upon which a lot depends. Yes, there is good news too; in fact the authors themselves suggest something like a "better KASLR", but how long will that take to be examined, discussed, and finally brought into safer kernels? Things like that don't happen quickly and even if we had safer kernels - for quite a few OSs at that - within a reasonably short time frame, there still is the issue of lots and lots of older kernel which won't be updated (just think of the billions of plastic boxes out there).

TL;DR Buy AMD only

«1

Comments

  • I am so happy to see this. Intel needed a reality check for the crap they’ve been selling at a premium.

  • And it takes a while (at least 1 or 2 generations) for them to fix exploits in hardware...

  • @Synatiq said:
    I am so happy to see this. Intel needed a reality check for the crap they’ve been selling at a premium.

    I agree with this 100%

    I won't completely give up on Intel, but will definitely never trust them again. AMD just got even more prem. Yikes.

    Thanked by 1Synatiq
  • I trust my Intel completely.. I mean, I sleep with it under my pillow every night so..

    Thanked by 2pike pluush
  • @stefeman said:
    I trust my Intel completely.. I mean, I sleep with it under my pillow every night so..

    Beautiful packaging. Lovely :blush:

  • I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    Thanked by 1vimalware
  • @poisson said:
    I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    My 2 year old i7 laptop is my daily driver and it's been amazing, now I distrust it. I'm going to build my own CPU out of transistors and breadboards and live like it's the 80's

    Thanked by 1pike
  • From all this vuln, is there any real life accident? Like some provider or company being victims because of it?

    Thanked by 1Ganonk
  • @ErawanArifNugroho said:
    From all this vuln, is there any real life accident? Like some provider or company being victims because of it?

    None reported yet. You can still choose whether you prefer a YOLO lifestyle.

  • @dahartigan said:

    @poisson said:
    I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    My 2 year old i7 laptop is my daily driver and it's been amazing, now I distrust it. I'm going to build my own CPU out of transistors and breadboards and live like it's the 80's

    Lol.. Maybe I should find punch cards and vacuum tubes.

    My take is that I won't rush to replace personal computers, but I won't take the risk for VPS in shared environments.

  • @poisson said:

    @dahartigan said:

    @poisson said:
    I guess I ain't losing sleep over a cheap second-hand lenovo Intel i5 laptop from 2015, but boy I am glad my workhorse desktop is zen

    My 2 year old i7 laptop is my daily driver and it's been amazing, now I distrust it. I'm going to build my own CPU out of transistors and breadboards and live like it's the 80's

    Lol.. Maybe I should find punch cards and vacuum tubes.

    My take is that I won't rush to replace personal computers, but I won't take the risk for VPS in shared environments.

    This is my approach largely, however it depends on the application of the VPS. I have Intel in my "fleet" alongside AMD. It's a matter of using the right tool for the job imo :-)

  • The time for AMD is now.

  • ClouviderClouvider Member, Patron Provider

    That’s Epyc.

    Thanked by 2eva2000 maverickp
  • JordJord Moderator, Host Rep

    @poisson said:

    @ErawanArifNugroho said:
    From all this vuln, is there any real life accident? Like some provider or company being victims because of it?

    None reported yet. You can still choose whether you prefer a YOLO lifestyle.

    Nothing wrong with a YOLO lifestyle 😂

  • JordJord Moderator, Host Rep
    edited February 2020

    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

  • dahartigandahartigan Member
    edited February 2020

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Deeecent!

    Edit: bold fail

  • JordJord Moderator, Host Rep

    @dahartigan said:

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Deeecent!

    Edit: bold fail

    Let me fix that for you sir. Now it's prem.

    Thanked by 1dahartigan
  • ClouviderClouvider Member, Patron Provider

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Link?

  • JordJord Moderator, Host Rep
    edited February 2020

    @Clouvider said:

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Link?

    https://www.asrockrack.com/general/productdetail.asp?Model=X470D4U#Specifications
    https://www.asrockrack.com/general/productdetail.asp?Model=1U4LW-X470#Specifications

    They even have motherboards for threadripper now. Prem indeed.

  • @Jord said:

    @Clouvider said:

    @Jord said:
    Oh and AMD is prem. Ryzen are the tits. Now that Asus has built a rack server for Ryzen there is nothing stopping AMD now.

    Link?

    https://www.asrockrack.com/general/productdetail.asp?Model=X470D4U#Specifications
    https://www.asrockrack.com/general/productdetail.asp?Model=1U4LW-X470#Specifications

    They even have motherboards for threadripper now. Prem indeed.

    Threadripper boards go up to 256GB RAM, while Ryzens only go up to 128GB. Potentially a Threadripper node can support more VMs with the higher RAM and cores, but of course I haven't done a cost benefit analysis.

  • Keep in mind that TR only have quad-channel memory vs octa on epyc. So if You want to do virtualization You should go with Epyc. If You need pure compute power then TR is way to go.

  • JordJord Moderator, Host Rep

    I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time. It's actually really nice compared to Intel. And if Intel are going to keep having these problems, I think people will start to move to AMD.

  • Mr_TomMr_Tom Member, Host Rep

    Jord said: I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time.

    I presume that's down to the clock speed of the Ryzen?

  • @Jord said:
    I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time. It's actually really nice compared to Intel. And if Intel are going to keep having these problems, I think people will start to move to AMD.

    Same here and 100% agreed. Ryzen is honestly extremely impressive, high clocks and strong on plow.

    @Mr_Tom said:

    Jord said: I have a Ryzen VM and and EPYC VM. The Ryzen kicks ass every time.

    I presume that's down to the clock speed of the Ryzen?

    In my testing, yes. In saying that, the EPYC is quite fast too considering the lower clock but doesn't enter the same performance league as Ryzen.

    Thanked by 1Mr_Tom
  • JordJord Moderator, Host Rep
    edited February 2020
    Basic System Information:
    ---------------------------------
    Processor  : AMD Ryzen 9 3900X 12-Core Processor
    CPU cores  : 4 @ 3792.876 MHz
    AES-NI     : ✔ Enabled
    VM-x/AMD-V : ✔ Enabled
    RAM        : 3.7G
    Swap       : 0B
    Disk       : 1.1T
    
    Geekbench 5 Benchmark Test:
    ---------------------------------
    Test            | Value
                    |
    Single Core     | 1276
    Multi Core      | 4137
    Full Test       | https://browser.geekbench.com/v5/cpu/1288376
    
    Basic System Information:
    ---------------------------------
    Processor  : AMD EPYC 7551P 32-Core Processor
    CPU cores  : 3 @ 1996.250 MHz
    AES-NI     : ✔ Enabled
    VM-x/AMD-V : ✔ Enabled
    RAM        : 2.8G
    Swap       : 0B
    Disk       : 25G
    
    Geekbench 5 Benchmark Test:
    ---------------------------------
    Test            | Value
                    |
    Single Core     | 602
    Multi Core      | 1739
    Full Test       | https://browser.geekbench.com/v5/cpu/1292823
    
    Thanked by 1Ganonk
  • jsg said: Why very serious?

    The reasons you listed here didn't convince me. The attack per se only breaks KASLR, so what? Can you explain what serious things an attacker can do with the knowledge of the kernel address?

  • I see cheap used Intel CPUs flooding the market.

  • PulsedMediaPulsedMedia Member, Patron Provider

    I am so glad we've been mostly AMD shop ever since we went for our own hardware :)
    Tho it does annoy that we do have couple racks of unused Intel servers left wondering if we should even power them up at this point.

    As for power consumption: Intel lies. and oh do they lie! On all testing we've done Intel platforms have far exceeded the power envelope expectations by a quite a big margin, where as all AMD systems tend to use less than expected. One late nice surprise was when we started using 32c/64t EPYC servers with 24 drives each, all memory channels populated, some nvme etc. and they consumed 100W less than expected, churning happily along at 400-420W power envelope in production. (@Wall, averaged over months)

    Waiting to receive some mITX X570 server motherboards late next month for testing! :)

  • jsgjsg Member, Resident Benchmarker
    edited February 2020

    @naing said:

    jsg said: Why very serious?

    The reasons you listed here didn't convince me. The attack per se only breaks KASLR, so what? Can you explain what serious things an attacker can do with the knowledge of the kernel address?

    Answer: Look at why KASLR was developed and deployed. Also read OP again (hint: e.g. SGX).

Sign In or Register to comment.