by Anonymous Coward writes:
on Monday January 08, 2018 @08:09AM (#55884305)
How far does the recall go? Should there just be a recall for Meltdown, or does that also extend to Spectre?
There wasn't a software workaround for the FDIV bug, which is why there was a recall. The F00F bug did have a software workaround, which is why there wasn't a recall for that bug. Meltdown also has a software workaround, though one with a potentially significant performance hit. Meltdown seems more like the F00F bug in that respect. Arguably, Spectre is a better candidate for a recall than Meltdown. Although there is a software workaround for it (see retopline), it cannot be implemented just by patching the operating system.
The problem here is that some of these features were designed over 20 years ago, when security wasn't as much of a priority. The feature worked and didn't present obvious security issues, so nobody tried to fix what didn't seem to be broken. It wouldn't surprise me at all if many other potentially serious vulnerabilities were lurking in hardware.
Oh sure, just disable the 8087 hardware calls, trap and emulate.
But the math co-processor is just that. An optional co-processor.
When the main CPU is bugged you are kinda screwed.
Remember SUN and their E10K faults at launch bringing down top level DNS servers?
We've had these kinds of issues since forever (16-bit sw only i386 anyone?). This is just a really big one as it goes all the way back to the Pentium Pro.
Free repair isn't going to happen. Decades ago I had my very first traffic accident, determined to be the other guy's fault. I was fascinated by how the other driver's insurance determined how much to pay, and one thing that stuck out was that one of my tires was ruined but they didn't pay enough on the tire to replace it. And there was an explanation: the tire was already somewhat worn at the time of the collision. I got paid something like 50% the cost of the tire.
There should be at least some attempt at reparations. Any processor currently being manufactured (3 years or younger) -- you would have the option of opting to get a replacement for the CPU if it is socketed by sending it into Intel (or taking it to a service centre of Intel's choosing to replace) and then getting a fixed CPU (probably timeline at least 9 months). Manufacturers could opt to replace the board at cost with new CPUs for computers that are currently in use. If you opt to keep it you would ge
"I want repaired processors for free" (Score:5, Insightful)
You know, he's not wrong. This is, in impact, way bigger than Intel's FDIV fiasco and that ended up in recalls.
Re: "I want repaired processors for free" (Score:4, Insightful)
How far does the recall go? Should there just be a recall for Meltdown, or does that also extend to Spectre?
There wasn't a software workaround for the FDIV bug, which is why there was a recall. The F00F bug did have a software workaround, which is why there wasn't a recall for that bug. Meltdown also has a software workaround, though one with a potentially significant performance hit. Meltdown seems more like the F00F bug in that respect. Arguably, Spectre is a better candidate for a recall than Meltdown. Although there is a software workaround for it (see retopline), it cannot be implemented just by patching the operating system.
The problem here is that some of these features were designed over 20 years ago, when security wasn't as much of a priority. The feature worked and didn't present obvious security issues, so nobody tried to fix what didn't seem to be broken. It wouldn't surprise me at all if many other potentially serious vulnerabilities were lurking in hardware.
Re: (Score:0)
Wrong. Meltdown has a software mitigation. There is no fix or "workaround".
Re: (Score:0)
The mitigation is a workaround.
Re: (Score:1)
FDIV was absolutely possible to workaround in software. Not without a significant performance hit though.
Re: "I want repaired processors for free" (Score:1)
Oh sure, just disable the 8087 hardware calls, trap and emulate.
But the math co-processor is just that. An optional co-processor.
When the main CPU is bugged you are kinda screwed.
Remember SUN and their E10K faults at launch bringing down top level DNS servers?
We've had these kinds of issues since forever (16-bit sw only i386 anyone?). This is just a really big one as it goes all the way back to the Pentium Pro.
Re: (Score:0)
> Remember SUN and their E10K faults at launch bringing down top level DNS servers?
Google doesn't.
Re: (Score:0)
Free repair isn't going to happen. Decades ago I had my very first traffic accident, determined to be the other guy's fault. I was fascinated by how the other driver's insurance determined how much to pay, and one thing that stuck out was that one of my tires was ruined but they didn't pay enough on the tire to replace it. And there was an explanation: the tire was already somewhat worn at the time of the collision. I got paid something like 50% the cost of the tire.
This tells me how Intel's liability lawy
CPU replacement or partial refund. (Score:2)
Re: (Score:0)
Really? You can't just have software replace FDIV with a (slow) software implementation, like everyone did before they got a hardware FDIV?