Linked by Thom Holwerda on Wed 3rd Jan 2018 00:42 UTC

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit.

That's one hell of a bug.

Thread beginning with comment 652455
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Microcode
by Alfman on Wed 3rd Jan 2018 15:16 UTC in reply to "Microcode"
Member since:


So why kernel patches and not microcode? I'm assuming it's just a short term solution and there will be a better long term solution.

There's only so much you can do in microcode to alter the behavior of some opcodes, but features like branch prediction are still hardwired and require new silicon designs. My understanding is that the engineers tried to avoid this, this was a last resort, but they found no other solution.

Reply Parent Score: 4

RE[2]: Microcode
by kwan_e on Wed 3rd Jan 2018 21:15 in reply to "RE: Microcode"
kwan_e Member since:

but features like branch prediction are still hardwired and require new silicon designs.

That is surprising to me. I'd have thought you'd want to make something like branch prediction modifiable (well, just like other instructions/features) so fixes can be applied.

So my question is, why is the lack of security check hardwired, or why it was designed in such a way that not even a microcode update could fix it?

Reply Parent Score: 2

RE[3]: Microcode
by Kochise on Wed 3rd Jan 2018 21:41 in reply to "RE[2]: Microcode"
Kochise Member since:

Well, a cpu is not a fpga, the whole logic is not reprogrammable. The microcode allows to modify/patch the isa, but the main 'engine' (composed of the 'alu', the 'execution unit', ...) have to be hardwired somehow.

Good explanation here :

Reply Parent Score: 1