'

Reported Intel design flaw forces Windows/Linux Redesigns - Patch expected to have a performance impact

Software patches are expected to fecrease performance by 5-30%

Reported Intel design flaw forces Windows/Linux Redesigns - Patch expected to have a performance impact

Reported Intel design flaw forces Windows/Linux Redesigns 

On Monday a Blogpost started circulating regarding an "embargoed security bug", which has forced both extreme redesigns of both Linux and Windows Kernels to address the issue. This bug is said to exclusively affect Intel processors, allowing normal programs to discern the contents of protected kernel memory. Kernel memory is hidden for a reason, though at this time exact information about this exploit is unknown. 

Right now, it looks like this issue is unfixable using microcode updates, which means that a software solution is required. Right now, it seems like the fix will require a separation of kernel memory from user processes, requiring time inefficient address space shifting that is expected to lower the performance of Intel-based systems. 

The effects of these major software updates are unknown, though early estimates have placed the performance hit at between 5 and 30 percent, though newer Intel processors do have features that are said to reduce the slowdown. If these reports are true, Intel is in for a lot of trouble. The performance drop will depend on how much tasks depend on kernel access which is where the slowdown will occur. 

One thing to note here is that this issue was originally reported as a "security bug impacting apparently all contemporary CPU architectures", though now it seems like AMD architectures are not affected by this problem. 

Over Christmas, an email was sent to the Linux kernel mailing list, stating that that "AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against". This email was sent by Thomas Lendacky, a software engineer at AMD that specialises in Linux kernel development. Below is the full email. 

     AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.

  
  
As The Register points out, this email implies that the problem is exclusive to Intel processors and suggests that "Intel's CPUs [can] speculatively execute code potentially without performing security checks". 

Both Amazon's web services and Microsoft's Azure cloud are expected to undergo security updates and maintenance within the next two week. These updates are to expected implement security fixes that will address this issue. At this time it is unknown when fixes will be available on consumer-grade operating systems.  

  

Reported Intel design flaw forces Windows/Linux Redesigns - Patch expected to have a performance impact  


At this time, exact details about both the hardware issue and its software fix are unknown, leaving us in a position where it is unknown exactly how this problem will affect both normal consumers and enterprise users or how this will affect users of Intel hardware. 

All that can be said at this time is that if this bug is as big as it sounds, it will be catastrophic for Intel. Sadly no concrete information about this is available, though The Register and Python Sweetness both have detailed reports on the matter. In Theory, this issue can affect everyone, so I guess we will all just have to wait and see how things play out. 

You can join the discussion on Intel rumoured security flaw on the OC3D Forums.  

«Prev 1 Next»

Most Recent Comments

02-01-2018, 18:49:44

Agost
Oh, come on Intel, seriously?

I suppose AMD employees are uncorking champagne bottles right nowQuote

02-01-2018, 19:07:58

looz
This is major for servers, but not relevant for desktop setups at all, really, if some of the early speculation is to be believed.

EPYC just got a whole lot better for most server providers.Quote

02-01-2018, 21:18:20

Radioman
Quote:
Originally Posted by looz View Post
This is major for servers, but not relevant for desktop setups at all, really, if some of the early speculation is to be believed.

EPYC just got a whole lot better for most server providers.
You ain't kiddin. We are still early on this one. If this turns out to be as big as the news report implies it could be tough sledding for Intel for quite a while.Quote

03-01-2018, 02:40:33

NeverBackDown
Pretty sad that even after 8 generations of refinements on the same architecture they still have major security issues.Quote

03-01-2018, 03:19:35

ImprovizoR
Quote:
Originally Posted by looz View Post
This is major for servers, but not relevant for desktop setups at all, really, if some of the early speculation is to be believed.
I hope so because I'm gonna be in' livid if I lose even 5% performance after the update.

Linux fix has been released and there's been no reduction in gaming performance. I hope that the same will be true for Windows. Still, I'm probably switching to Ryzen this year.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.