back to article Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes …

Page:

          1. Roo
            Windows

            Re: Hmmm...

            "We never worried about "security" in the old days of processor design"

            How old is old ? MMUs have been around a long time now.

            "We never worried about "security" in the old days of processor design, we were far more worried about incorrect access causing a crash and that took priority - with the result that modern security issues were mostly nonexistent."

            Seems to depend on where you worked - some vendors never embraced KISS. The protection features of the DEC Alpha were far easier to understand, use, test and verify than the equiv plumbing on the much older i386 for example.

    1. TheVogon Silver badge

      Re: Hmmm...

      So we all get new CPUs on Intel like we did with the Pentium floating point bug?

      1. bpfh Bronze badge

        Re: Hmmm...

        And a soldering iron for all the cpu’s that are welded to the mobo...

      2. Hans 1 Silver badge

        What if ?

        Class action lawsuit -> recall -> Intel chapter 11

      3. Giles Jones Gold badge

        Re: Hmmm...

        Pretty sure the FPU bug was easily patched, they just added one or two NOOPs between certain instructions. It was a compiler fix.

      4. Daniel von Asmuth Bronze badge
        Unhappy

        Re: Hmmm...

        No, you don't get a new CPU, you get a software workaround.

        There is no time like the present for China to become a world player in CPU design.

        Around the turn of the millennium I was able to read and write SCO Unix kernel variables (specifically uptime) as root using a simple shell script. Utilities such as 'ps' likewise ran in user space and needed to read process tables from kernel memory.

    2. Oh Homer Silver badge
      Mushroom

      Intel Inside...

      Can run but can't hide.

      What a clusterfsck.

      Yet another reason to stick to AMD.

      1. big_D Silver badge

        Re: Intel Inside...

        Hmm, good timing... I bought a new PC just before Christmas and decided to go AMD after about a decade of Intel...

        1. sambaynham

          Re: Intel Inside...

          Me too! Ryzen Ryzen, La la la!

        2. Maelstorm Bronze badge

          Re: Intel Inside...

          "Hmm, good timing... I bought a new PC just before Christmas and decided to go AMD after about a decade of Intel..."

          Good call. I just bought a new laptop myself and went with AMD as well. It's going to be some time before updated chips from Intel come out as this is a hardware problem with speculative instruction execution on the pipeline. Hardware means that Intel will have to redo all the masks that are used for the fabrication process.

        3. Doctor Syntax Silver badge
          Unhappy

          Re: Intel Inside...

          " I bought a new PC just before Christmas and decided to go AMD after about a decade of Intel"

          Just starting to think about a laptop replacement. Looked at PC Specialist. Not an AMD in sight.

          1. honkhonk34

            Re: Intel Inside...

            PC Specialist stopped being my go to around 3 years ago unfortunately, as the choices were becoming too restrictive. If I knew of a company as good as they once were, I'd throw business at them any day of the week!

        4. rnturn

          Re: Intel Inside...

          Good timing indeed. I've got plans to replace several aging PC/servers and AMD just leapfrogged to the top of the list (or should I say that Intel just step on their shoelaces and stumbled to the bottom).

    3. Robert Brockway

      Re: Hmmm...

      There is precedent here. The kernel still tests for the F00F bug on boot and applies the kernel-level work around only on systems that need it. Thus the slow down is only applied where it is needed. I expect this will happen in this case, although we are talking about a significant architectural change here.

    4. wayne 8

      Re: Hmmm...

      Will this slowdown affect iPhones? /sarc

      1. Version 1.0 Silver badge

        Re: Hmmm...

        Looks like the bug doesn't affect the J11 on my PDP 11/23 so I guess I'm OK.

    5. peter-.-

      Re: Hmmm...

      did you mean, eh, crippling AMD ??

      you bet, it will happen

      how come that AMD would be faster ? impossible !!!!11!!1!!!

      1. Maelstorm Bronze badge

        Re: Hmmm...

        "did you mean, eh, crippling AMD ?? you bet, it will happen how come that AMD would be faster ? impossible !!!!11!!1!!!"

        If that happens, I can safely guarantee that AMD will not be quiet about it. Lawsuit anyone?

    6. cream wobbly

      Re: Hmmm...

      If it helps, Minix, Mach, Hurd, Exec, and Fuchsia (okay, Zircon) won't suffer the 'slowness feature'. Less-than A aitch-ref equals https://en.wikipedia.org/wiki/Tanenbaum%E2%80%93Torvalds_debate greater-than I'll wait for you to catch up less-than oblique a greater than.

      1. oldcoder

        Re: Hmmm...

        I believe the added overhead in context switching will nail all the microkernels...

    7. J. R. Hartley Silver badge

      Re: Hmmm...

      Fuc

  1. bazza Silver badge

    Oh....

    ....crap.

    1. Sampler

      KAISER?

      I predict a riot...

      1. elDog Silver badge

        Re: KAISER?

        I predict a roll. Would you like poppy-seeds on that, sir?

        Not sure if translates well outside of US delicatessens.

      2. John Smith 19 Gold badge
        Unhappy

        Re: KAISER?.. I predict a riot...

        And are we sure this will be a complete solution?

    2. Pascal Monett Silver badge
      Flame

      Crap indeed

      Here I was, all happy with my i7 6700 that has served me well for the past two years, and now I learn that I'm basically going to have to replace the hardware if I want to stay secure and have good performance. What a nuisance.

      Another round of Windows reinstall, with another fracking call to Redmond to justify that I am indeed the owner of this shit. I hate the idea already.

      Ah, the day games are made for Linux first . . .

      1. lsatenstein

        Re: Crap indeed

        My uneducated guess is that the brute force protection code is being implemented. This code should give Intel some time to arrive at a more sophisticated microcode solution where the overhead is perhaps one or two dozen microcode instructions. With a microcode fix, the patch can be removed, or made specific to certain models of CPU.

        I like to be optimistic, not pessimistic. A low overhead fix will be developed AQAP. (As quickly as possible)

        1. xeridea

          Re: Crap indeed

          They say it is not possible to fix with microcode. Either be insecure, have huge slowdown, or buy an AMD CPU.

          1. werdsmith Silver badge

            Re: Crap indeed

            I'm quite happy to live with the security flaw on my home computers, so I hope this update is elective.

            Did Mac OSX get mentioned in the article? I don't read that carefully.

            1. Known Hero

              Re: Crap indeed

              "I'm quite happy to live with the security flaw on my home computers, so I hope this update is elective."

              I was under the impression that MS is forcing updates whether you like it or not !!

            2. Don Pederson

              Re: Crap indeed

              Isn't the Mach kernel in MacOS a microkernel? If so, wouldn't that mean that this wouldn't be an issue?

              1. oldcoder

                Re: Crap indeed

                Nope.

                The problem appears to be context switching problems due to pipeline optimization.

                The presented solutions will impact microkernels more than monolithic kernels as they have to do more context switching.

              2. kain preacher Silver badge

                Re: Crap indeed

                nope its hybrid kernel same as windows.

                https://en.wikipedia.org/wiki/MacOS

        2. Paul Shirley

          Re: Crap indeed

          If the problem is memory fetching that does not check permissions before fetching ops or data that's under the level microcode works at and can't be fixed.

          1. -tim
            Facepalm

            Re: Crap indeed

            A problem seems to be that the data is feed into the data pipeline (and L1 cache?) via speculative execution. To simplify the problem... if you have some code like:

            if(false) {

            x=some data that shouldn't work

            } else {

            do something slow

            }

            y=some data that shouldn't work

            The x= gets the data loaded into the cache while the slow code is slow enough to make sure it gets there. Then the y= pulls data that is in the cache (and whatever makes up the other 64 bytes in its cache line) and that might not be checked against the permission bits in the virtual memory tables. I can't think of any situations where the x86 does speculative writes that would hit memory so this should be limited to reading data. The trick might work to slow down memory sharing on multi-core systems. x86 I/O sometimes is read based so that reading a memory location could resets a counter or buffer and that would be a problem limited to some i/o device. If someone can come up with a way to have the speculative data being read and then written back through the cache, the security game is over.

        3. scarletherring

          Re: Crap indeed

          > I like to be optimistic, not pessimistic

          You must be new here.

        4. oldcoder

          Re: Crap indeed

          Unfortunately, this is below the microcode level.

      2. LewisCowles1986

        Re: Crap indeed

        I was thinking the same, but then I remembered that Linux also has to deal with this shit because it's on the CPU die itself.

      3. Anonymous Coward
        Anonymous Coward

        Re: Crap indeed

        I'd be on Linux for gaming already if Star Citizen had a linux client.. Yes the game is miles from done but damn its' fun.

        1. Dane Pack

          Re: Crap indeed

          How many miles could you go in the next 4 years

  2. GBE

    I finally switch from AMD to Intel, and this is what happens.

    It's my fault. For decades I bought AMD processors instead of Intel. The last time around, I finally broke down and bought Intel...

    1. Tom 7 Silver badge

      Re: I finally switch from AMD to Intel, and this is what happens.

      I find buying AMD like not buying Windows - some else always makes the savings.

    2. Anonymous Coward
      Anonymous Coward

      Re: I finally switch from AMD to Intel, and this is what happens.

      I considered AMD, having recently bought a Xeon for a personal server. I wonder where we stand legally now? IANAL but surely the chips we have, once patched, will no longer be performing as advertised?

      1. Anonymous Coward
        Anonymous Coward

        Re: I finally switch from AMD to Intel, and this is what happens.

        Just change the battery.

      2. Red Bren

        Re: I finally switch from AMD to Intel, and this is what happens.

        "IANAL but surely the chips we have, once patched, will no longer be performing as advertised?"

        I was thinking something similar. The Lenovo laptop I bought less than 18 months ago is still in warranty so is it reasonable to ask for a refund/replacement?

      3. Alan J. Wylie Silver badge

        Re: I finally switch from AMD to Intel, and this is what happens.

        Intel's CEO Just Sold a Lot of Stock

        https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

        (Via Jackie Stokes)

        1. Kabukiwookie
          FAIL

          Re: I finally switch from AMD to Intel, and this is what happens.

          Wonder if the SEC is going to investigate this.

          Of course they're not going to be doing that, most regulations in the US that held back predatory forms of capitalism have been neutered and the ones that are still in place are not being enforced.

          1. Anonymous Coward
            Anonymous Coward

            Re: I finally switch from AMD to Intel, and this is what happens.

            The Securities and Exchange Commission in the US? I don't think this falls in their area, does it?

            No, this is a job for ...for...Bat Man?

        2. Colonel Mad

          Re: I finally switch from AMD to Intel, and this is what happens.

          Oh Wow, SEC on alert?

      4. Aqua Marina Silver badge

        "I wonder where we stand legally now?"

        If you are a UK based consumer (not business) you have up to 6 years to make a claim against the business that sold you the CPU (not Intel) because of the wonderful Consumer Rights Act. If the manufacturer admits the fault, then all the relevant criteria have been met. A 30% performance loss would be considered unreasonable without compensation.

        The "First 6 months" and "since months or more" paragraphs on the Which website explain it best here https://www.which.co.uk/consumer-rights/regulation/consumer-rights-act

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019