'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

General discussion and chat (archived)
User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Tomaso » 2018-01-03, 09:37

https://www.theregister.co.uk/2018/01/0 ... sign_flaw/
A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system.
Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products.
The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.
More recent Intel chips have features – such as PCID – to reduce the performance hit.
Your mileage may vary.
--

Initial Benchmarks Of The Performance Impact Resulting From Linux's x86 Security Changes:
https://www.phoronix.com/scan.php?page= ... 6pti&num=2
Last edited by Tomaso on 2018-01-03, 09:37, edited 1 time in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Moonchild » 2018-01-03, 10:25

I'm glad I stick with AMD ;)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite


User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35402
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Moonchild » 2018-01-03, 11:08

Tom Lendacky of AMD wrote:AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Tomaso
Board Warrior
Board Warrior
Posts: 1622
Joined: 2015-07-23, 16:09
Location: Norway

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Tomaso » 2018-01-03, 11:19

Update:
As it turns out, apparently the Linux patch that is being rolled out is for ALL x86 processors including AMD, and the Linux mainline kernel will treat AMD processors as insecure as well.
As a result, AMD CPUs will feel a performance hit as well, though the bug only technically affects Intel CPUs and AMD recommends specifically not to enable the patch for Linux.
How Microsoft specifically will address the issue with the Windows operating system remains unclear until the company's formal Patch Tuesday update is made known, hopefully soon.
https://hothardware.com/news/intel-cpu- ... ows-macos/

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 5146
Joined: 2011-10-03, 10:19
Location: Piney Woods of Southeast Texas, USA

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Night Wing » 2018-01-03, 12:46

Over on the linux Mint forums, this is being discussed also.

https://forums.linuxmint.com/viewtopic. ... 8&t=260764
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox

John connor

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by John connor » 2018-01-03, 13:14

YAV (Yet Another Vulnerability)

This makes what? Two vulnerabilities now with CPUs?

Image


Still trying to figure out how I can secure this laptop from that WPA WIFI vulnerability. My phone needs to be upgraded.

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 5146
Joined: 2011-10-03, 10:19
Location: Piney Woods of Southeast Texas, USA

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Night Wing » 2018-01-03, 14:35

On this vulnerability, I'm taking a "wait and see" attitude. As of right now, this vulnerability really seems to affect companies that use virtualized environments. As such, this wouldn't affect me. I will say that; hypothetically speaking, if this "fix" comes through today for linux (Mint), I wouldn't install it. Why? I figure my chances of getting hit by a bolt of lightning is far greater than getting hit by this vulnerability. So I like my chances/odds.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Isengrim » 2018-01-03, 15:28

Guess it's time for me to try out that Ryzen thing I keep hearing about.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

Terryphi

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Terryphi » 2018-01-03, 15:36

Let's not get hysterical. The impact of such a slowdown has yet to be properly assessed. It may not affect everyday PC and laptop users, but in data centres with servers running Intel chips where every second of performance counts, the effects could be more significant.

User avatar
TwoTankAmin
Keeps coming back
Keeps coming back
Posts: 777
Joined: 2014-07-23, 13:56
Location: New York

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by TwoTankAmin » 2018-01-03, 16:10

Don't worry, be happy. You are as secure as you think your are. Wanna buy a nice bridge in Brooklyn? I can get you a great deal.

The last Intel CPU I had was in the early 1990s. I decided back then I could use either Windows or Intel, but not both. So I have used an AMD cpu for a long time. For some reason I distrusted Intel more than Microsoft back then. But Microsoft has caught up and even passed Intel now.

I do worry about Linux because I am headed in that direction from Windows 7 when I am done with it. I am confused as to weather this flaw actually effects devices using an AMD processor. And it seems to me pushing the fix to the OS side of things is an admission that the Intel flaw cannot be fixed on the hardware side.
“No one has ever become poor by giving.” Anonymous
“Everyone is entitled to his own opinion, but not to his own facts.”" Daniel Patrick Moynihan
"The good thing about science is that it’s true whether or not you believe in it." Neil DeGrasse Tyson

Terryphi

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Terryphi » 2018-01-03, 16:20

An interesting comment in Sky News from a former senior lecturer at Cambridge University:
"You won't really notice it [the slowdown] with web browsing and editing documents. It's an interesting one with gaming, because gaming is very graphics intensive, but most graphics these days don't involve systems calls...... People who work with graphing applications or large spreadsheets on their home computers will experience this processing slowdown."
So, when the kernel fix is available I will install it.
Last edited by Terryphi on 2018-01-03, 16:22, edited 1 time in total.

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Isengrim » 2018-01-03, 18:27

TwoTankAmin wrote:I am confused as to weather this flaw actually effects devices using an AMD processor. And it seems to me pushing the fix to the OS side of things is an admission that the Intel flaw cannot be fixed on the hardware side.
From what I have read, AMD processors are not affected by this flaw. The OS-side fix is (most likely) intended to be temporary until Intel releases new chips and users install them... a process that could take years.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
eskaton
Lunatic
Lunatic
Posts: 474
Joined: 2013-08-23, 19:54

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by eskaton » 2018-01-03, 18:39

I haven't read much into this yet today, but I'd have thought this would be addressed with a microcode update directly on the processor. Skylakes received an 'update' like this last year, as outlined in the ars article: https://arstechnica.com/gadgets/2016/02 ... de-update/

I guess the problem is beyond the capability of the microcode.

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Isengrim » 2018-01-04, 01:12

It appears the problem is more widespread and severe than they thought. Intel is still the only one affected by what they're now calling "Meltdown", but all manufacturers' chips (Intel, AMD, and ARM) are affected by another flaw that has been dubbed "Spectre".

https://arstechnica.com/gadgets/2018/01 ... ity-flaws/
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

adam27

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by adam27 » 2018-01-04, 06:58

If im reading this correctly, AMD is only vulnerable to a less severe version of spectre by default, unlike intel, which doesnt involve reading kernal memory or privilege escalation. Inorder to be vulnerable to the more severe version net.core.bpf_jit_enable must be enabled and it has to be an AM4 based cpu(ryzen or a few laptop bulldozer cpus).

https://googleprojectzero.blogspot.com/ ... -side.html
Last edited by adam27 on 2018-01-04, 06:58, edited 1 time in total.

franzk

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by franzk » 2018-01-04, 08:27

Night Wing wrote:On this vulnerability, I'm taking a "wait and see" attitude. As of right now, this vulnerability really seems to affect companies that use virtualized environments. As such, this wouldn't affect me. I will say that; hypothetically speaking, if this "fix" comes through today for linux (Mint), I wouldn't install it. Why? I figure my chances of getting hit by a bolt of lightning is far greater than getting hit by this vulnerability. So I like my chances/odds.
It could be argued that time slice multitasking is virtualization already...

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 5146
Joined: 2011-10-03, 10:19
Location: Piney Woods of Southeast Texas, USA

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Night Wing » 2018-01-04, 12:02

franzk wrote:
Night Wing wrote:On this vulnerability, I'm taking a "wait and see" attitude. As of right now, this vulnerability really seems to affect companies that use virtualized environments. As such, this wouldn't affect me. I will say that; hypothetically speaking, if this "fix" comes through today for linux (Mint), I wouldn't install it. Why? I figure my chances of getting hit by a bolt of lightning is far greater than getting hit by this vulnerability. So I like my chances/odds.
It could be argued that time slice multitasking is virtualization already...
Since I'm not a power user, just a non technical user, would you care to explain to me (in simple laymen's terms without using techno geek babble which goes over my head) what "slice multitasking" is and how it would affect a person like me?
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox

adisib
Lunatic
Lunatic
Posts: 380
Joined: 2015-06-13, 03:34
Location: KY

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by adisib » 2018-01-04, 18:49

Apparently the Intel CEO sold $24 million worth of stock upon finding out about the security vulnerability.

http://www.businessinsider.com/intel-ce ... law-2018-1

User avatar
Baloo
Fanatic
Fanatic
Posts: 167
Joined: 2017-08-24, 15:02

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Unread post by Baloo » 2018-01-04, 21:50

Will this require Pale Moon to be updated to protect computers that have this bug present?
Image
Image

Locked