Linked by Thom Holwerda on Wed 3rd Jan 2018 00:42 UTC
Intel

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit.

That's one hell of a bug.

Thread beginning with comment 652454
To read all comments associated with this story, please click here.
Microcode
by kwan_e on Wed 3rd Jan 2018 15:00 UTC
kwan_e
Member since:
2007-02-18

So why kernel patches and not microcode? I'm assuming it's just a short term solution and there will be a better long term solution.

Reply Score: 2

RE: Microcode
by Alfman on Wed 3rd Jan 2018 15:16 in reply to "Microcode"
Alfman Member since:
2011-01-28

kwan_e,

So why kernel patches and not microcode? I'm assuming it's just a short term solution and there will be a better long term solution.


There's only so much you can do in microcode to alter the behavior of some opcodes, but features like branch prediction are still hardwired and require new silicon designs. My understanding is that the engineers tried to avoid this, this was a last resort, but they found no other solution.

Reply Parent Score: 4

RE[2]: Microcode
by kwan_e on Wed 3rd Jan 2018 21:15 in reply to "RE: Microcode"
kwan_e Member since:
2007-02-18

but features like branch prediction are still hardwired and require new silicon designs.


That is surprising to me. I'd have thought you'd want to make something like branch prediction modifiable (well, just like other instructions/features) so fixes can be applied.

So my question is, why is the lack of security check hardwired, or why it was designed in such a way that not even a microcode update could fix it?

Reply Parent Score: 2

RE: Microcode
by Kochise on Wed 3rd Jan 2018 15:43 in reply to "Microcode"
Kochise Member since:
2006-03-03

Article says :

Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86-64 hardware, and it appears a microcode update can't address it

Reply Parent Score: 2

RE[2]: Microcode
by leech on Wed 3rd Jan 2018 17:07 in reply to "RE: Microcode"
leech Member since:
2006-01-10

I was going to mention also that MacOS is affected as well, it isn't just a Windows and Linux issue, as the article here states.

Reply Parent Score: 0

RE: Microcode
by kwan_e on Wed 3rd Jan 2018 21:08 in reply to "Microcode"
kwan_e Member since:
2007-02-18

Apparently some people on this site don't like it when you ask an earnest question because you don't know something.

Sorry, next time I'll pretend to know everything.

Reply Parent Score: 2

RE[2]: Microcode
by Kochise on Wed 3rd Jan 2018 21:37 in reply to "RE: Microcode"
Kochise Member since:
2006-03-03

You asked a question, I (we) replied, why are you getting angry ?

Reply Parent Score: 0

RE: Microcode
by whartung on Thu 4th Jan 2018 21:05 in reply to "Microcode"
whartung Member since:
2005-07-06

Sounds like has some solution, and I assume it's via Microcode.

https://newsroom.intel.com/news-releases/intel-issues-updates-protec...

Reply Parent Score: 3

RE[2]: Microcode
by Alfman on Fri 5th Jan 2018 00:46 in reply to "RE: Microcode"
Alfman Member since:
2011-01-28

whartung,

Sounds like has some solution, and I assume it's via Microcode.


That's interesting.

I'll take any good news we can right now, but it sounds like they are relying on the software based workarounds that OS vendors are working on. What intel has done to update CPU behavior is vague and makes me wonder what CPU specific updates they could offer? I'm really curious.

Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.


Taken at face value though, it seems many consumers won't be covered because many desktop computers are sold with older cpus. My newest computer (i7-3770) that I bought two years ago is already outside their specified support window ;)

Edited 2018-01-05 00:48 UTC

Reply Parent Score: 3