{"id":13265,"date":"2016-01-12T12:49:57","date_gmt":"2016-01-12T17:49:57","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=13265"},"modified":"2016-01-12T12:59:25","modified_gmt":"2016-01-12T17:59:25","slug":"intel-cpu-bugs-of-2015","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/01\/12\/intel-cpu-bugs-of-2015\/","title":{"rendered":"Intel CPU Bugs of 2015"},"content":{"rendered":"<p><a href=\"http:\/\/danluu.com\/cpu-bugs\/\">Dan Luu<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=10877270\">Hacker News<\/a> and <a href=\"https:\/\/twitter.com\/steipete\/status\/686462987587162112\">Peter Steinberger<\/a>):<\/p>\n<blockquote cite=\"http:\/\/danluu.com\/cpu-bugs\/\"><p>We&rsquo;ve seen at least two serious bugs in Intel CPUs in the last quarter, and it&rsquo;s almost certain there are more bugs lurking. Back when I worked at a company that produced Intel compatible CPUs, we did a fair amount of testing and characterization of Intel CPUs; as someone fresh out of school who&rsquo;d previously assumed that CPUs basically worked, I was surprised by how many bugs we were able to find. Even though I never worked on the characterization and competitive analysis side of things, I still personally found multiple Intel CPU bugs just in the normal course of doing my job, poking around to verify things that seemed non-obvious to me. Turns out things that seem non-obvious to me are sometimes also non-obvious to Intel engineers. As more services move to the cloud and the impact of system hang and reset vulnerabilities increases, we&rsquo;ll see more black hats investing time in finding CPU bugs. We should expect to see a lot more of these when people realize that it&rsquo;s much easier than it seems to find these bugs. There was a time when a CPU family might only have one bug per year, with serious bugs happening once every few years, or even once a decade, but we seem to have moved past that. In part, that&rsquo;s because &ldquo;unpredictable system behavior&rdquo; have moved from being an annoying class of bugs that forces you to restart your computation to an attack vector that lets anyone with an AWS account attack your cloud-hosted services, but it&rsquo;s mostly because CPUs are <a href=\"http:\/\/danluu.com\/new-cpu-features\/\">now complex enough that they&rsquo;ve become too complicated to test effectively<\/a>. Ironically, we have hardware virtualization is supposed to help us with security, but the virtualization is so complicated4 that the hardware virtualization implementation is likely to expose &ldquo;unpredictable system behavior&rdquo; bugs that wouldn&rsquo;t otherwise have existed.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Dan Luu (via Hacker News and Peter Steinberger): We&rsquo;ve seen at least two serious bugs in Intel CPUs in the last quarter, and it&rsquo;s almost certain there are more bugs lurking. Back when I worked at a company that produced Intel compatible CPUs, we did a fair amount of testing and characterization of Intel CPUs; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,261,260,48],"class_list":["post-13265","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-intel","tag-processors","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=13265"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13265\/revisions"}],"predecessor-version":[{"id":13269,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13265\/revisions\/13269"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=13265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=13265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=13265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}