'

Both Intel and AMD CPUs are being reported as "insecure" on Linux

AMD states that their processors are secure from this type of attack

Both Intel and AMD CPUs are being reported as

Both Intel and AMD CPUs are being reported as "insecure" on Linux

Over the past few days, a bug was discovered within Intel processors dating back a decade. This issue has forced rapid redesigns of both the Linux and Windows Kernels, implementing security fixes that will impact the performance of affected systems.   

The bug is not fixable with microcode updates, requiring an expensive software update to bypass the issue, delivering a substantial performance hit in specific workloads. Early benchmarks show a considerable performance impact on I/O heavy workloads, which will likely hit the server/enterprise market the hardest. 

The Linux Kernal has been the first to implement a fix for the issue, though for now, the OS is taking a careful approach to the problem, using this fix on all x86 processors regardless of whether or not they are affected by this hardware issue. AMD engineers have stated that their products are unaffected by the attacks this security measure is designed to prevent, giving AMD users an unnecessary performance hit. 

Over Christmas, an email was sent to the Linux kernel mailing list, stating that that "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against". This email was sent by Thomas Lendacky, a software engineer at AMD that specialises in Linux kernel development. Below is the full email. 

 

     AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.

  
If AMD is indeed unaffected by the issue, today's Linux Kernel is degrading the performance of AMD hardware unnecessarily, though the measure is understandable given the gravity of the exploit. In time, it is likely that the kernel will be updated to remove this unnecessary feature on AMD hardware, giving AMD a nice one up on Intel in the server market.  

Both Intel and AMD CPUs are being reported as

While some will say that Linux is favouring Intel by artificially hobbling AMD's CPUs with unnecessary performance penalties, it is most likely that developers are taking the "better safe than sorry" approach to security. AMD should be able to demonstrate that their products are unaffected by the bug and should be able to get the kernel patched with exceptions in the near future, leaving this mess solely at Intel's feet. 

Below is some information from the changelog for the latest build of Linux, version 4.14.11

      Many x86 CPUs leak information to user space due to missing isolation of user space and kernel space page tables. There are many well documented ways to exploit that.

The upcoming software migitation of isolating the user and kernel space page tables needs a misfeature flag so code can be made runtime conditional.

Add the BUG bits which indicates that the CPU is affected and add a feature bit which indicates that the software migitation is enabled.

Assume for now that _ALL_ x86 CPUs are affected by this. Exceptions can be made later.



Update - An AMD patch for the Linux Kernel is now available here. Another workaround to prevent PTI from applying to AMD CPUs is to boot the kernel with the nopti command line parameter. We are currently hearing conflicting reports regarding this patch's merger with the mainline Linux Kernel.  

Update 2 - Intel, AMD and ARM have all released statements about these recently discovered security issues

You can join the discussion on the Linux Kernel's security update affecting all x86 processors on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

03-01-2018, 05:44:32

AlienALX
Quote:
Originally Posted by WYP View Post
Both Intel and AMD x86 products are affected at the time of writing.
AMD are on it Quote

03-01-2018, 06:07:52

TheF34RChannel
Ah, so AMD wasn't uncorking champagne then...Quote

03-01-2018, 06:18:08

AlienALX
Quote:
Originally Posted by TheF34RChannel View Post
Ah, so AMD wasn't uncorking champagne then...
They will be as soon as their "unpatch the indiscriminate patch" goes live Quote

03-01-2018, 06:51:00

wozza365
Quote:
Originally Posted by TheF34RChannel View Post
Ah, so AMD wasn't uncorking champagne then...
The patch is only going to affect AMD temporarily, it's going to affect pretty much all Intel CPUs permanently until they release new hardware.Quote

03-01-2018, 07:31:55

Gothmoth
Quote:
it is most likely that developers are taking the "better safe than sorry" approach to security. AMD should be able to demonstrate that their products are unaffected by the bug and should be able to get the kernel patched with exceptions in the near future, leaving this mess solely at Intel's feet.
they (at least microsoft) work on this patch since october.

they should be able to confirm if AMD is affected or not... Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.