Page 1 of 6

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 09:37
by Tomaso
https://www.theregister.co.uk/2018/01/0 ... sign_flaw/
A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system.
Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products.
The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.
More recent Intel chips have features – such as PCID – to reduce the performance hit.
Your mileage may vary.
--

Initial Benchmarks Of The Performance Impact Resulting From Linux's x86 Security Changes:
https://www.phoronix.com/scan.php?page= ... 6pti&num=2

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 10:25
by Moonchild
I'm glad I stick with AMD ;)

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 10:55
by Terryphi
According to this Phoronix article AMD may be vulnerable too!

https://www.phoronix.com/scan.php?page= ... -4.15-Test

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 11:08
by Moonchild
Tom Lendacky of AMD wrote:AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 11:19
by Tomaso
Update:
As it turns out, apparently the Linux patch that is being rolled out is for ALL x86 processors including AMD, and the Linux mainline kernel will treat AMD processors as insecure as well.
As a result, AMD CPUs will feel a performance hit as well, though the bug only technically affects Intel CPUs and AMD recommends specifically not to enable the patch for Linux.
How Microsoft specifically will address the issue with the Windows operating system remains unclear until the company's formal Patch Tuesday update is made known, hopefully soon.
https://hothardware.com/news/intel-cpu- ... ows-macos/

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 12:46
by Night Wing
Over on the linux Mint forums, this is being discussed also.

https://forums.linuxmint.com/viewtopic. ... 8&t=260764

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 13:14
by John connor
YAV (Yet Another Vulnerability)

This makes what? Two vulnerabilities now with CPUs?

Image


Still trying to figure out how I can secure this laptop from that WPA WIFI vulnerability. My phone needs to be upgraded.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 14:35
by Night Wing
On this vulnerability, I'm taking a "wait and see" attitude. As of right now, this vulnerability really seems to affect companies that use virtualized environments. As such, this wouldn't affect me. I will say that; hypothetically speaking, if this "fix" comes through today for linux (Mint), I wouldn't install it. Why? I figure my chances of getting hit by a bolt of lightning is far greater than getting hit by this vulnerability. So I like my chances/odds.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 15:28
by Isengrim
Guess it's time for me to try out that Ryzen thing I keep hearing about.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 15:36
by Terryphi
Let's not get hysterical. The impact of such a slowdown has yet to be properly assessed. It may not affect everyday PC and laptop users, but in data centres with servers running Intel chips where every second of performance counts, the effects could be more significant.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 16:10
by TwoTankAmin
Don't worry, be happy. You are as secure as you think your are. Wanna buy a nice bridge in Brooklyn? I can get you a great deal.

The last Intel CPU I had was in the early 1990s. I decided back then I could use either Windows or Intel, but not both. So I have used an AMD cpu for a long time. For some reason I distrusted Intel more than Microsoft back then. But Microsoft has caught up and even passed Intel now.

I do worry about Linux because I am headed in that direction from Windows 7 when I am done with it. I am confused as to weather this flaw actually effects devices using an AMD processor. And it seems to me pushing the fix to the OS side of things is an admission that the Intel flaw cannot be fixed on the hardware side.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 16:20
by Terryphi
An interesting comment in Sky News from a former senior lecturer at Cambridge University:
"You won't really notice it [the slowdown] with web browsing and editing documents. It's an interesting one with gaming, because gaming is very graphics intensive, but most graphics these days don't involve systems calls...... People who work with graphing applications or large spreadsheets on their home computers will experience this processing slowdown."
So, when the kernel fix is available I will install it.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 18:27
by Isengrim
TwoTankAmin wrote:I am confused as to weather this flaw actually effects devices using an AMD processor. And it seems to me pushing the fix to the OS side of things is an admission that the Intel flaw cannot be fixed on the hardware side.
From what I have read, AMD processors are not affected by this flaw. The OS-side fix is (most likely) intended to be temporary until Intel releases new chips and users install them... a process that could take years.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-03, 18:39
by eskaton
I haven't read much into this yet today, but I'd have thought this would be addressed with a microcode update directly on the processor. Skylakes received an 'update' like this last year, as outlined in the ars article: https://arstechnica.com/gadgets/2016/02 ... de-update/

I guess the problem is beyond the capability of the microcode.

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-04, 01:12
by Isengrim
It appears the problem is more widespread and severe than they thought. Intel is still the only one affected by what they're now calling "Meltdown", but all manufacturers' chips (Intel, AMD, and ARM) are affected by another flaw that has been dubbed "Spectre".

https://arstechnica.com/gadgets/2018/01 ... ity-flaws/

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-04, 06:58
by adam27
If im reading this correctly, AMD is only vulnerable to a less severe version of spectre by default, unlike intel, which doesnt involve reading kernal memory or privilege escalation. Inorder to be vulnerable to the more severe version net.core.bpf_jit_enable must be enabled and it has to be an AM4 based cpu(ryzen or a few laptop bulldozer cpus).

https://googleprojectzero.blogspot.com/ ... -side.html

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-04, 08:27
by franzk
Night Wing wrote:On this vulnerability, I'm taking a "wait and see" attitude. As of right now, this vulnerability really seems to affect companies that use virtualized environments. As such, this wouldn't affect me. I will say that; hypothetically speaking, if this "fix" comes through today for linux (Mint), I wouldn't install it. Why? I figure my chances of getting hit by a bolt of lightning is far greater than getting hit by this vulnerability. So I like my chances/odds.
It could be argued that time slice multitasking is virtualization already...

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-04, 12:02
by Night Wing
franzk wrote:
Night Wing wrote:On this vulnerability, I'm taking a "wait and see" attitude. As of right now, this vulnerability really seems to affect companies that use virtualized environments. As such, this wouldn't affect me. I will say that; hypothetically speaking, if this "fix" comes through today for linux (Mint), I wouldn't install it. Why? I figure my chances of getting hit by a bolt of lightning is far greater than getting hit by this vulnerability. So I like my chances/odds.
It could be argued that time slice multitasking is virtualization already...
Since I'm not a power user, just a non technical user, would you care to explain to me (in simple laymen's terms without using techno geek babble which goes over my head) what "slice multitasking" is and how it would affect a person like me?

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-04, 18:49
by adisib
Apparently the Intel CEO sold $24 million worth of stock upon finding out about the security vulnerability.

http://www.businessinsider.com/intel-ce ... law-2018-1

Re: 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Posted: 2018-01-04, 21:50
by Baloo
Will this require Pale Moon to be updated to protect computers that have this bug present?