From owner-freebsd-questions@freebsd.org Fri Feb 2 11:18:32 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3AC97ED13A5 for ; Fri, 2 Feb 2018 11:18:32 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) Received: from sonic310-21.consmr.mail.ne1.yahoo.com (sonic310-21.consmr.mail.ne1.yahoo.com [66.163.186.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CA21386AC9 for ; Fri, 2 Feb 2018 11:18:31 +0000 (UTC) (envelope-from pathiaki2@yahoo.com) X-YMail-OSG: x.GxR1gVM1kH9Pmnu7Sdn7oYzDANGkPIxU1Yy3NGp_zQ5L2kWGCH0y5OsVzfiqj fLgVIAKngFeeB2tkvz3jxUBWoZzT8ckNoPMe84rdJWwdDQm.H_n6mJpk9OzCpPQdysfR8CJ5tLB5 joLW7So8EVIV.CnRz3snAlmdd5UhP1ECLSa8QV01mXeO3VK0J5U7xoXBuXEdvVfE.u3b0dmvsxeC KcufH6rBw8o8RtGlnFQsrVqwRGoWuwk4NyX5y.5cY9dLMaULbo4k0aubkBX1sc.JQtn9Ls4FneIA AmAdGctcFUmVnmw84WetKiK.Dk.SJ7.I37U740OG__fo2CLGZFRIaIxro8yFjgkj_USmu4sl4bmX FgOa_WW4MKhu_kfQ3faqFuyoRSuVu_Zd.D_h514IOEl77.Llgl9E_R9vzqIaaHYNJLGIGXuO8SQO En851vqCxBL5vj2uq9_txjvX0QHLFEYAt68Gkhb5O87._BNAjUhqqz7cvrFWcC.bXyaapqT.5Yd1 3.FJaXkBbtrP.EQr6VvXpdu2sNQ2cjKIDPep_a49x Received: from sonic.gate.mail.ne1.yahoo.com by sonic310.consmr.mail.ne1.yahoo.com with HTTP; Fri, 2 Feb 2018 11:18:25 +0000 Received: from smtp234.mail.ne1.yahoo.com (EHLO [192.168.0.6]) ([10.218.253.207]) by smtp416.mail.ne1.yahoo.com (JAMES SMTP Server ) with ESMTPA ID 34e5ac256949f0b3644ba1915dc37ff2 for ; Fri, 02 Feb 2018 11:18:21 +0000 (UTC) Subject: Re: Response to Meltdown and Spectre To: freebsd-questions@freebsd.org References: <23154.11945.856955.523027@jerusalem.litteratus.org> <5A726B60.7040606@gmail.com> <92120E50-19A7-4A44-90DF-505243D77259@kreme.com> From: Paul Pathiakis Message-ID: <044e62f7-69ca-71fe-34a8-5c5cafc06f08@yahoo.com> Date: Fri, 2 Feb 2018 06:18:20 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Feb 2018 11:18:32 -0000 On 02/01/2018 22:14, @lbutlr wrote: > On 1 Feb 2018, at 16:04, Adam Vande More amvandemore@gmail.com> wrote: >> On Thu, Feb 1, 2018 at 3:48 PM, @lbutlr wrote: >> >>> the trouble is that AMD's behavior has been at least as bad as Intel's, if >>> not worse, in regards to Meltdown, >>> >> Can you explain what provoked this assertion? > First, they violated (not technically, but they made it bloody obvious) the NDA so that the flaw was widely discovered a week early by adding a comment to a meltdown patch that lead every expert int he field straight to the vulnerability: "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault." > > Second, they initially claimed they were would not release any firmware because they were entirely immune, which was untrue. > > They were almost immediately proved to be vulnerable to some of the flaws. > > Third, while Intel released (and continues to release) detailed technical information, AMD released PR statements. > > Honestly, as bad as Intel has looked in the last month, AMD looks worse since they'd behaved like children. > This is the exact opposite of what I have seen/read. What NDA is this? "A week early"? Again, this was found out about in June of last year to affect intel architecture. A flaw that existed for over 10, if not 20 years. They did not release the information, Google researchers and other independents did.... Again, they stated the are immune to all variants of 1 and almost non-zero potential to the other. They have not changed this story at all. Again, proving what they stated is just someone doing due diligence and they made a public statement as to which ones that could under the right 'blue moon' circumstances MIGHT be exploited. Their statement is that they would do 'what is necessary' to mitigate ANY risk from them no matter how small. Intels patches have 'bricked' processors. Yes, made them totally unusable as they rushed them out the door. They pulled them immediately and told people to destroy them. I consider that 'highly irresponsible' as their QA is shabby or not-fully encompassing. Intel and AMD cannot release detailed information as it will make it a lot more obvious as to hack those ships. As far as I know, making a user's product useless by bricking them due to lack of testing was the most irresponsible thing anyone can do and that wasn't AMD who did it. Another thing I find disturbing about the situation is that Intel, already knowing about the vulnerability, pushed out the i9 series knowing it had the same fundamental flaw and putting more chips out there with the issue. Also, firmware is not the only problem but OS memory management is another issue. TG for FreeBSD and it's proper design and management. P.