Linked by Thom Holwerda on Wed 3rd Jan 2018 00:42 UTC
Intel

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit.

That's one hell of a bug.

Permalink for comment 652440
To read all comments associated with this story, please click here.
RE: Comment by raom
by Alfman on Wed 3rd Jan 2018 05:51 UTC in reply to "Comment by raom"
Alfman
Member since:
2011-01-28

raom,

Damn. This should be great for AMD. I just hope it can be disabled in Microsoft's case. No one needs to take 30% less performance on an offline machine.


What they're saying is that AMD processors are not vulnerable, and AMD itself posted patches to disable the performance crippling workaround on it's processors.

https://mail-archive.com/linux-kernel@vger.kernel.org/msg1572418.htm...
static void __init early_identify_cpu(struct cpuinfo_x86 *c)

setup_force_cpu_cap(X86_FEATURE_ALWAYS);

- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);

fpu__init_system(c);


However at least as of right now, the current mainline kernel (4.15-rc6) does not include it! Meaning that AMD users will be punished as well if they use that kernel.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/d...



BTW if you want to browse the changes applied to the kernel source code in order to support this, here's a handy link. All references to "PTI" functions and/or files are referring to this change.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/d...

Reply Parent Score: 4