[leglug-users] Attention! Buggy Intel Core 2

BashLogic bashlogic at gmail.com
Thu Jun 28 02:48:00 EDT 2007 

somehow im having a dejavu with this topic :)

all is true, ive been banging my head on the wall with related stuff.

these issues concern both dual and quad cores. so if you have a single
core, then you are one of the lucky ones as you would have less bugs.

im more concerened with the virtualization layers used by vmware, xen,
openvz, etc
as how badly they are affected and how much at risk is the different
virtual OS capsulation.
this intel issue really spells out trouble for virtualization in data centers as
once again it has been prooven that mothing is full prool, all the
work that vmware
and xen have done during the last couple of years to market virtual OS systems
is now at the risk of going down the drain in certain environments.

what is shitty here as well is that lots of these bugs have been known
by other application
vendors for quiet some time which only reveals the fact that there is knowledge
and experience out there to exploit these bugs.

microsoft has released a microcode patch for the winOS but with very
minimal discription
not to reveal to hackers of what is in question, if you didnt know
what it is about, then you wont know with the MS released bulletin. i
recommend to install that fix on all windows servers running on dual
and quad core intel processors. linux has yet to catch up so we will
see when this will get resolved. the processor microcode can by update
it to fix some of these bugs but somehow im skeptic as whether they
will publish anything other than how to program differently.

AMD is not doing that well either, in their past releases they have
had more bugs than intel and have addressed only a fraction of them as
well. in short if you want to code a stable and reliable secured
system kernel/driver or application start by first reviewing the
INTEL/AMD bulletins and comprehend how your compiler works.

regards
BL



On 6/28/07, Denys (VISP) <nuclearcat-lelug at nuclearcat.com> wrote:
> Thats from Theo de Raadt:
>
> Various developers are busy implimenting workarounds for serious bugs
> in Intel's Core 2 cpu.
>
> These processors are buggy as hell, and some of these bugs don't just
> cause development/debugging problems, but will *ASSUREDLY* be
> exploitable from userland code.
>
> As is typical, BIOS vendors will be very late providing workarounds /
> fixes for these processors bugs.  Some bugs are unfixable and cannot
> be worked around.  Intel only provides detailed fixes to BIOS vendors
> and large operating system groups.  Open Source operating systems are
> largely left in the cold.
>
> Full (current) errata from Intel:
>
>   http://download.intel.com/design/processor/specupdt/31327914.pdf
>
>   - We bet there are many more errata not yet announced -- every month
>     this file gets larger.
>   - Intel understates the impact of these erraata very significantly.
>     Almost all operating systems will run into these bugs.
>   - Basically the MMU simply does not operate as specified/implimented
>     in previous generations of x86 hardware.  It is not just buggy, but
>     Intel has gone further and defined "new ways to handle page tables"
>     (see page 58).
>   - Some of these bugs are along the lines of "buffer overflow"; where
>     a write-protect or non-execute bit for a page table entry is ignored.
>     Others are floating point instruction non-coherencies, or memory
>     corruptions -- outside of the range of permitted writing for the
>     process -- running common instruction sequences.
>   - All of this is just unbelievable to many of us.
>
> An easier summary document for some people to read:
>
>   http://www.geek.com/images/geeknews/2006Jan/
> core_duo_errata__2006_01_21__full.gif
>
> Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare
> the hell out of us.  Some of these are things that cannot be fixed in
> running code, and some are things that every operating system will do
> until about mid-2008, because that is how the MMU has always been
> managed on all generations of Intel/AMD/whoeverelse hardware.  Now
> Intel is telling people to manage the MMU's TLB flushes in a new and
> different way.  Yet even if we do so, some of the errata listed are
> unaffected by doing so.
>
> As I said before, hiding in this list are 20-30 bugs that cannot be
> worked around by operating systems, and will be potentially
> exploitable.  I would bet a lot of money that at least 2-3 of them
> are.
>
> For instance, AI90 is exploitable on some operating systems (but not
> OpenBSD running default binaries).
>
> At this time, I cannot recommend purchase of any machines based on the
> Intel Core 2 until these issues are dealt with (which I suspect will
> take more than a year).  Intel must be come more transparent.
>
> (While here, I would like to say that AMD is becoming less helpful day
> by day towards open source operating systems too, perhaps because
> their serious errata lists are growing rapidly too).
>
> --
> Denys Fedoryshchenko
> Technical Manager
> Virtual ISP S.A.L.
>
> _______________________________________________
> leglug-users mailing list
> leglug-users at lists.leglug.org
> http://lists.leglug.org/mailman/listinfo/leglug-users
>


-- 
My vacation destinations are based on the area's Assault & Battery
Consent and Sex Deviance laws.

More information about the leglug-users mailing list