Reported Intel design flaw forces Windows/Linux Redesigns – Patch expected to have a performance impact

Reported Intel design flaw forces Windows/Linux Redesigns - Patch expected to have a performance impact

Reported Intel design flaw forces Windows/Linux Redesigns 

On Monday a Blogpost started circulating regarding an “embargoed security bug“, which has forced both extreme redesigns of both Linux and Windows Kernels to address the issue. This bug is said to exclusively affect Intel processors, allowing normal programs to discern the contents of protected kernel memory. Kernel memory is hidden for a reason, though at this time exact information about this exploit is unknown. 

Right now, it looks like this issue is unfixable using microcode updates, which means that a software solution is required. Right now, it seems like the fix will require a separation of kernel memory from user processes, requiring time inefficient address space shifting that is expected to lower the performance of Intel-based systems. 

The effects of these major software updates are unknown, though early estimates have placed the performance hit at between 5 and 30 percent, though newer Intel processors do have features that are said to reduce the slowdown. If these reports are true, Intel is in for a lot of trouble. The performance drop will depend on how much tasks depend on kernel access which is where the slowdown will occur. 

One thing to note here is that this issue was originally reported as a “security bug impacting apparently all contemporary CPU architectures“, though now it seems like AMD architectures are not affected by this problem. 

Over Christmas, an email was sent to the Linux kernel mailing list, stating that that “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against”. This email was sent by Thomas Lendacky, a software engineer at AMD that specialises in Linux kernel development. Below is the full email. 

     AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.

  

  
As The Register points out, this email implies that the problem is exclusive to Intel processors and suggests that “Intel’s CPUs [can] speculatively execute code potentially without performing security checks”. 

Both Amazon’s web services and Microsoft’s Azure cloud are expected to undergo security updates and maintenance within the next two week. These updates are to expected implement security fixes that will address this issue. At this time it is unknown when fixes will be available on consumer-grade operating systems.  

  

Reported Intel design flaw forces Windows/Linux Redesigns - Patch expected to have a performance impact  

At this time, exact details about both the hardware issue and its software fix are unknown, leaving us in a position where it is unknown exactly how this problem will affect both normal consumers and enterprise users or how this will affect users of Intel hardware. 

All that can be said at this time is that if this bug is as big as it sounds, it will be catastrophic for Intel. Sadly no concrete information about this is available, though The Register and Python Sweetness both have detailed reports on the matter. In Theory, this issue can affect everyone, so I guess we will all just have to wait and see how things play out. 

You can join the discussion on Intel rumoured security flaw on the OC3D Forums. Â