Linked by Thom Holwerda on Wed 3rd Jan 2018 00:42 UTC
Intel

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features - such as PCID - to reduce the performance hit.

That's one hell of a bug.

Thread beginning with comment 652471
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Microcode
by kwan_e on Wed 3rd Jan 2018 21:15 UTC in reply to "RE: Microcode"
kwan_e
Member since:
2007-02-18

but features like branch prediction are still hardwired and require new silicon designs.


That is surprising to me. I'd have thought you'd want to make something like branch prediction modifiable (well, just like other instructions/features) so fixes can be applied.

So my question is, why is the lack of security check hardwired, or why it was designed in such a way that not even a microcode update could fix it?

Reply Parent Score: 2

RE[3]: Microcode
by Kochise on Wed 3rd Jan 2018 21:41 in reply to "RE[2]: Microcode"
Kochise Member since:
2006-03-03

Well, a cpu is not a fpga, the whole logic is not reprogrammable. The microcode allows to modify/patch the isa, but the main 'engine' (composed of the 'alu', the 'execution unit', ...) have to be hardwired somehow.

Good explanation here : http://dsearls.org/courses/C391OrgSys/CPU/CPU.htm

Reply Parent Score: 1

RE[4]: Microcode
by kwan_e on Wed 3rd Jan 2018 21:54 in reply to "RE[3]: Microcode"
kwan_e Member since:
2007-02-18

The microcode allows to modify/patch the isa, but the main 'engine' (composed of the 'alu', the 'execution unit', ...) have to be hardwired somehow.


I would hardly call speculative execution as part of the main engine, since processors can get along fine without it. I would have thought speculative execution would be one of the killer features of modern microcode-based designs.

AMD, at least claims, to not have this security hole hardwired into their processors, so it's not impossible to not hardwire this stuff into the processor as to be unfixable.

Reply Parent Score: 3