Reported Intel design flaw forces Windows/Linux Redesigns - Patch expected to have a performance impact
Software patches are expected to fecrease performance by 5-30%
Published: 2nd January 2018 | Source: The Register |
Reported Intel design flaw forces Windows/Linux Redesigns
Right now, it looks like this issue is unfixable using microcode updates, which means that a software solution is required. Right now, it seems like the fix will require a separation of kernel memory from user processes, requiring time inefficient address space shifting that is expected to lower the performance of Intel-based systems.
The effects of these major software updates are unknown, though early estimates have placed the performance hit at between 5 and 30 percent, though newer Intel processors do have features that are said to reduce the slowdown. If these reports are true, Intel is in for a lot of trouble. The performance drop will depend on how much tasks depend on kernel access which is where the slowdown will occur.
One thing to note here is that this issue was originally reported as a "security bug impacting apparently all contemporary CPU architectures", though now it seems like AMD architectures are not affected by this problem.
Over Christmas, an email was sent to the Linux kernel mailing list, stating that that "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against". This email was sent by Thomas Lendacky, a software engineer at AMD that specialises in Linux kernel development. Below is the full email.
AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
As The Register points out, this email implies that the problem is exclusive to Intel processors and suggests that "Intel's CPUs [can] speculatively execute code potentially without performing security checks".
Both Amazon's web services and Microsoft's Azure cloud are expected to undergo security updates and maintenance within the next two week. These updates are to expected implement security fixes that will address this issue. At this time it is unknown when fixes will be available on consumer-grade operating systems.
At this time, exact details about both the hardware issue and its software fix are unknown, leaving us in a position where it is unknown exactly how this problem will affect both normal consumers and enterprise users or how this will affect users of Intel hardware.
All that can be said at this time is that if this bug is as big as it sounds, it will be catastrophic for Intel. Sadly no concrete information about this is available, though The Register and Python Sweetness both have detailed reports on the matter. In Theory, this issue can affect everyone, so I guess we will all just have to wait and see how things play out.
You can join the discussion on Intel rumoured security flaw on the OC3D Forums.