Home » Mailing list archives » openbsd-misc » 2007 » June » 27

Intel Core 2

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Theo de Raadt
Subject: Intel Core 2
Date: Wednesday, June 27, 2007 - 10:08 am

Various developers are busy implimenting workarounds for serious bugs
in Intel's Core 2 cpu.

These processors are buggy as hell, and some of these bugs don't just
cause development/debugging problems, but will *ASSUREDLY* be
exploitable from userland code.

As is typical, BIOS vendors will be very late providing workarounds /
fixes for these processors bugs.  Some bugs are unfixable and cannot
be worked around.  Intel only provides detailed fixes to BIOS vendors
and large operating system groups.  Open Source operating systems are
largely left in the cold.

Full (current) errata from Intel:

  http://download.intel.com/design/processor/specupdt/31327914.pdf

  - We bet there are many more errata not yet announced -- every month
    this file gets larger.
  - Intel understates the impact of these erraata very significantly.
    Almost all operating systems will run into these bugs.
  - Basically the MMU simply does not operate as specified/implimented
    in previous generations of x86 hardware.  It is not just buggy, but
    Intel has gone further and defined "new ways to handle page tables"
    (see page 58).
  - Some of these bugs are along the lines of "buffer overflow"; where
    a write-protect or non-execute bit for a page table entry is ignored.
    Others are floating point instruction non-coherencies, or memory
    corruptions -- outside of the range of permitted writing for the
    process -- running common instruction sequences.
  - All of this is just unbelievable to many of us.

An easier summary document for some people to read:

  http://www.geek.com/images/geeknews/2006Jan/core_duo_errata__2006_01_21__full.gif

Note that some errata like AI65, AI79, AI43, AI39, AI90, AI99 scare
the hell out of us.  Some of these are things that cannot be fixed in
running code, and some are things that every operating system will do
until about mid-2008, because that is how the MMU has always been
managed on all generations of Intel/AMD/whoeverelse hardware.  Now
Intel is telling people to manage the MMU's TLB flushes in a new and
different way.  Yet even if we do so, some of the errata listed are
unaffected by doing so.

As I said before, hiding in this list are 20-30 bugs that cannot be
worked around by operating systems, and will be potentially
exploitable.  I would bet a lot of money that at least 2-3 of them
are.

For instance, AI90 is exploitable on some operating systems (but not
OpenBSD running default binaries).

At this time, I cannot recommend purchase of any machines based on the
Intel Core 2 until these issues are dealt with (which I suspect will
take more than a year).  Intel must be come more transparent.

(While here, I would like to say that AMD is becoming less helpful day
by day towards open source operating systems too, perhaps because
their serious errata lists are growing rapidly too).
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Intel Core 2, Theo de Raadt, (Wed Jun 27, 10:08 am)
Re: Intel Core 2, Stephan Andre', (Wed Jun 27, 10:43 am)
Re: Intel Core 2, Almir Karic, (Wed Jun 27, 11:35 am)
Re: Intel Core 2, Matthew Szudzik, (Wed Jun 27, 11:44 am)
Re: Intel Core 2 , Theo de Raadt, (Wed Jun 27, 11:45 am)
Re: Intel Core 2, Nick Price, (Wed Jun 27, 12:07 pm)
Re: Intel Core 2, Leonardo Rodrigues, (Wed Jun 27, 12:25 pm)
Re: Intel Core 2, bofh, (Wed Jun 27, 12:37 pm)
Re: Intel Core 2, Daniel Horecki, (Wed Jun 27, 12:38 pm)
Re: Intel Core 2, Rui Miguel Silva Seabra, (Wed Jun 27, 12:45 pm)
Re: Intel Core 2, Constantine A. Murenin, (Wed Jun 27, 12:54 pm)
Re: Intel Core 2, Douglas Allan Tutty, (Wed Jun 27, 1:54 pm)
Re: Intel Core 2, Timo Schoeler, (Wed Jun 27, 1:59 pm)
Re: Intel Core 2, Lontronics Mailingli ..., (Wed Jun 27, 2:22 pm)
Re: Intel Core 2, Jacob Yocom-Piatt, (Wed Jun 27, 3:19 pm)
Re: Intel Core 2, Constantine A. Murenin, (Wed Jun 27, 4:21 pm)
Re: Intel Core 2, Rafael Almeida, (Wed Jun 27, 4:37 pm)
Re: Intel Core 2, uv negativa, (Wed Jun 27, 7:27 pm)
Re: Intel Core 2, Nick Guenther, (Wed Jun 27, 7:32 pm)
Re: Intel Core 2, Siegbert Marschall, (Thu Jun 28, 12:27 am)
Re: Intel Core 2, Johan P. Lindström, (Thu Jun 28, 1:24 am)
Re: Intel Core 2, RedShift, (Thu Jun 28, 1:26 am)
Re: Intel Core 2, Gary Baluha, (Thu Jun 28, 6:58 am)
Re: Intel Core 2, David W. Hess, (Thu Jun 28, 7:16 am)
Re: Intel Core 2, Stuart Henderson, (Thu Jun 28, 7:34 am)
Re: Intel Core 2, Rui Miguel Silva Seabra, (Thu Jun 28, 2:19 pm)
Re: Intel Core 2, David W. Hess, (Fri Jun 29, 5:15 am)
Re: Intel Core 2 - errata pulled?!?, Toni Mueller, (Tue Aug 7, 7:22 am)
Re: Intel Core 2 - errata pulled?!? [SOLVED], Toni Mueller, (Tue Aug 7, 8:10 am)
Re: Intel Core 2 - errata pulled?!?, Chris Cappuccio, (Tue Aug 7, 7:55 pm)
Re: Intel Core 2 - errata pulled?!?, Chris Black, (Tue Aug 7, 8:43 pm)
Re: Intel Core 2 - errata pulled?!?, Nick Holland, (Wed Aug 8, 8:01 am)
Re: Intel Core 2 - errata pulled?!?, Frank Bax, (Thu Aug 9, 5:21 pm)
OpenBSD support for various hardware, Toni Mueller, (Sat Aug 11, 3:10 am)
Re: OpenBSD support for various hardware, Darrin Chandler, (Sat Aug 11, 9:21 am)