back to article Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes …

  1. ~mico
    Pint

    Re: How convenient

    replacing free of charge

    I don't see that happening, ever. Especially not for skylakes and older. The cost would be exorbitant, especially for all the machines where it's soldered on, like my new laptop. At best, they'll make a deal on class lawsuit, giving everyone $5 for their troubles.

  2. Eddy Ito Silver badge

    Re: How convenient

    ... selling new CPUs without upping any specs. How convenient indeed.

    Technically it is upping the specs since the new processors wouldn't need to be kneecapped by software in order to be "secure". I imagine the marketing line will be something like 'our new processor run as fast as the old one was supposed to without pissing ring-0 data!'

  3. rnturn

    Re: How convenient

    You mean something like "the most secure Windows ever", then? (Until the next chip-level screw-up.)

  4. kain preacher Silver badge

    Re: How convenient

    Well in all fairness if your hardware is compromised before the OS even loads it would matter what OS you use. This does affect linux too.

  5. Mark 85 Silver badge

    Re: How convenient

    When exactly did good sensible engineering go out the window in favour of marketing ideas which seemed great in endless ego preening meetings and then were badly implemented in a hurry on the way to the next ego preening session,..

    Relatively speaking....around the time that "return shareholder value" became a corporate catch-phrase and started being used in just about every corporate operation manual and press release.

  6. Boohoo4u

    Want to bet Apple is considering expediting their homegrown A series chips into products that currently use Intel processors?

    Apple just released their iMac Pro that starts at $5000. How happy are they going to be telling their customers they’re about to see a 30% processor performance hit?

    Intel has been the Gold standard in processors, turns out it’s Copper Inside(TM).

  7. zarchasmpgmr

    Bet 1 Infinite Loop is rethinking their decision to switch from the Power chip. If Ginny were smart (we know she isn't), she'd be on a flight right now to Cupertino, with the latest Power and Z chip info.

  8. DougS Silver badge

    Apple has Intel at their beck and call via the implied threat to switch to AMD or their own SoC, they might be able to get Intel to supply replacement CPUs if the ones in the just-released iMac suffer from the bug. Issuing a recall and replacing the CPU for free would be good PR after the black eye from the iPhone battery business, and wouldn't cost a whole lot because they couldn't have sold that many of the new iMacs yet.

  9. lsatenstein

    It could be an expensive repair. The CPU chips are likely soldered in. Changing a cpu requires extraction wihile unsoldering, If there was a CPU socket, the repair is simplified

  10. Mike Pellatt

    Intel has been the Gold standard in processors.....

    That was a joke, right ??

    Going right back to the original 80386 which had a pretty serious Virtual 8086 mode bug (it broke the EMM emulators, needed a motherboard fix), onto the Famous FP bug - "it's not a problem, it only happens every few million instruction executions...."

    All Intel have offered that's a "gold standard" is backwards compatibilty, and the only time they tried to drop that (at least in the hardware - Itanium), it didn't end well and let AMD in to define the 64-bit x86 architecture.

    Although, to be fair, the Itanium issues were more about the the difficulties with VLIW architecture.

  11. Adam 1 Silver badge

    Not sure Apple would be too concerned. There are easier ways to get root.

  12. DougS Silver badge

    The CPU isn't soldered in

    See the teardown: https://www.macrumors.com/2017/12/28/owc-imac-pro-teardown-2017/

    So not that difficult to replace, though they might want to replace the whole module that includes the CPU, GPU and common heatsink to make things simpler in the field.

  13. Peter Gathercole Silver badge

    @ lsatenstein

    I think you'll find that Core, i series and Xeon processors are all installed in sockets.

    Atom processors are designed in packages intended to be soldered onto system boards. Everything else is in sockets that allow the processor to be replaced. But the problem here is that Intel keep changing the socket design, so you just can't put new processors into old motherboards.

    This means that if you are upgrading a system piecemeal, rather than all at once, you end up having to replace not only the processor, but also the motherboard and probably the memory as well.

    I would very much like Intel to be forced to support older sockets for longer, so you could give a system a relatively non-intrusive processor upgrade without having to tear the whole system down.

  14. Teiwaz Silver badge

    Re: @ lsatenstein

    But the problem here is that Intel keep changing the socket design, so you just can't put new processors into old motherboards.

    To be fair, AMd do that too, all that 'AM' number malarky so you're never 100% certain what you've bought is actually going to fit what you've got until they're both sitting in front of you and it's 'meccano time' Then there's all that fun with fans and coolers that make me sweat.

  15. Dave K Silver badge

    >>Intel has been the Gold standard in processors.....

    >That was a joke, right ??

    There have been other black marks too. The 3.8GHz Prescott P4s that throttle under repeated high load. The whole dirty Rambus saga, the 1.13GHz PIII that had to be recalled due to stability issues, the CPU serial number privacy scandal, etc.

    Although Intel seemed to have turned a corner since Core 2 Duo came along, they've made loads of previous muck-ups.

  16. Hans 1 Silver badge

    It could be an expensive repair. The CPU chips are likely soldered in.

    That was by Apple's design, ach Schadenfreude ...

  17. CrazyOldCatMan Silver badge

    Intel has been the Gold standard in processors

    Not for those of us that remember all the errors they have made in the past (and the fact that you could heat your house off some of the pentium range of chips..).

  18. CrazyOldCatMan Silver badge

    It could be an expensive repair

    Yup. Cheaper by far to replace the whole motherboard in one go. Unless your SSD is also soldered on. In which case it's a tad more complex.

    And would you trust your data to a hardware replacement company? Let alone having a problem with a Bitlocker or APFS-encrypted drive where the local key is in the TPM locker.

    I forsee that it could get very expensive for Intel, very, very quickly.

  19. Doctor Syntax Silver badge

    " If there was a CPU socket, the repair is simplified"

    Never mind the quality feel the (lack of) width.

  20. Roo

    "Although Intel seemed to have turned a corner since Core 2 Duo came along, they've made loads of previous muck-ups."

    *cough*

    https://www.theregister.co.uk/2007/06/28/core_2_duo_errata/

  21. collinsl

    Re: @ lsatenstein

    The i5 soldered into the motherboard of my Lenovo x220 begs to differ

    The i7 models are the same too. And the x230 if memory serves.

  22. kain preacher Silver badge

    The issue was making PPC laptop chip that was faster that would not cook your nads and kill you patter. That's why they were stuck at G4 when the desktop was at g5. then there was price and scale. Apple was going to get price on intel chips since they made way more then what IBM made.

  23. kain preacher Silver badge

    Re: @ lsatenstein

    do you read ? an AM4 cpu goes in an AM4 MB Am3 CPU in an AM3 board. it's really simple.

  24. 2+2=5 Silver badge
    Joke

    Titsup?

    > At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

    Total Inability To Supply Usable Processors

  25. philthane

    No joy from Intel

    About 15 years ago I worked for a graphics software co that discovered a bug in Intel graphics chipsets. Our drawing software used a command (new I think in Win98) to draw a rectangle with a single command. Our competitors continued to use the old method of drawing four lines in consecutive steps (automatically from the user POV, but slower). Intel hadn't implemented the new command so our software suddenly crashed if a user tried to draw a rectangle. Other less elegant applications worked fine. We of course were blamed despite our devs making a simple demo app whose only function was to draw a rectangle, crash and log the problem. Intel refused to talk to us even after the company sent a copy of the app on disk via registered mail. We sent out an upgrade that probed the hardware before deciding which command set to use, which would have slowed the operation slightly but fortunately not really significantly.

    If your 'Intel Inside' PC suddenly goes 30% slower what chance they'll talk to you?

    Glad I use Linux on AMD.

  26. HmmmYes Silver badge

    Re: No joy from Intel

    I worked for Intel.

    Other parts of Intel would not talk to us, even when we were finding significant issues with the silicon.

    The way intgl works is every now snd thrn, it thorws lots of silicon at the wall. Some stick. Some fall off. Some slowly slide down.

    Once a product meets an internal gate - poof - all the people go off and wotk in other stuff.

  27. Anonymous Coward
    Anonymous Coward

    Re: No joy from Intel

    In another life time I did onsite warty fix for IBM PC/laptops for Intel. We would get the occasional laptop wi fi does not work. We get the lap top in and it worked fine. Then one day we found out that all of these laptops were not working at star bucks. So you can guess what we thought. Then we found out that certain intel wi fi chips used an buggy driver that will no work on certain Cisco AP if channel 7 or 11 is used. Kind of like kissing a frog under a blue moon will cause the destruction of the earth. Turns out intel did have a driver update burred deep in their webs site. Kicker is you can never update the driver from IBM on windows again else you ran the risk of wi fi not working when waking up from sleep.(solution was another driver update from intel that was well hidden) You would thinking being we were fixing computers for intel some at intel would of told us.

  28. Anonymous Coward
    Anonymous Coward

    Re: No joy from Intel

    That's not new. All SoCs come with an errata sheet of hardware bugs that must be corrected by software. Be it Intel, AMD, ARM, Infineon, Qualcomm ... there is no such things as bug free hardware. That's because hardware validations are much more costly than software ones. A CPU vendor will not modify a verified design if a bug can be easily workaround with a software patch.

    That said, this Intel bug is of epic proportions. A huge optimization flushed down the toilet.

  29. schafdog

    Intel cheating like VW?

    Has they been doing this for years knowingly for performance gain against competition?

  30. TechnicalBen Silver badge

    Re: Intel cheating like VW?

    While possible it seems more a "don't ask don't fix". As the performance difference of fixing it in silicone I assume is a percentage point or two difference. But the percentage difference above is noted as 30% for some in software.

    So while Intel has an advantage, I think they could afford to give in that tiny bit and still lead. But if it slipped through... they could only keep going for risk of big problems if found out. And after 10 years? Well even I think the little "problems" will just go away... to then get told by tge Dr they are worse. :(

  31. Anonymous Coward
    Anonymous Coward

    Re: Intel cheating like VW?

    They cheated on their compiler already (it would not generate efficient code for non-Intel variants for things like SSE extensions), and got caught, and had to agree not to do it again.

    see for example http://www.agner.org/optimize/blog/read.php?i=49#49

  32. jelabarre59 Silver badge

    Re: Intel cheating like VW?

    Has they been doing this for years knowingly for performance gain against competition?

    It sounds closer to what I would call a "Pinto Defect" were I to make up a clever term (without all that nasty exploding gas tank business of course). I suspect Intel may have known, and hoped no one would notice (it was cheaper to ignore it tan to fix it).

  33. Anonymous Coward
    Anonymous Coward

    Where is the recall

    Is there actually a single intel chip that performs as advertised?

    What about their other platforms, do they make anything remotely secure, I ask as I seriously wonder if intel actually make anything that works properly or even just as advertised.

    For years intel has been allowed to hide it's fails and personally I think it is high time for their ignored coustomers to be put first for a change.

  34. HmmmYes Silver badge

    Re: Where is the recall

    Nah.

    Stuff eaches the errata years later.

    Youll get a term like In certain situation this impossible to work around problem occurs, causing you to spend millions looking for a software error.

  35. kain preacher Silver badge

    Re: Where is the recall

    "Stuff eaches the errata years later."

    You left out signing a NDA to read the real and or full errata

    Just imagine having to sign an NDA to read about a 5 year bug.

  36. whitepines Bronze badge
    Megaphone

    Re: Where is the recall

    Or, you could just develop on processors from a company that actually cares about transparency. Get a Talos with POWER9 and you know *exactly* what's going on in every corner of that chip. Or, stay with Intel and AMD and wonder just which proprietary blob or NDA-restricted and hidden silicon bug is interacting with your application in bad ways or leaking your GDPR-protected data....

    Or, use ARM. NXP has some nice little 2U boxes for sale, and there's lots of Chromebooks and such with ARM inside. Literally anything is better than x86 right now!

  37. lsatenstein

    Re: Where is the recall

    I believe that Intel makes a best effort. If not, rumors would have already destroyed the company.

    They hire engineers, these are mostly talented designers. A project is created to release a cpu update (same chip, only internal cpu number is up by one). All kinds or work and testing goes into the chip upgrade until freeze date. Thereafter, whatever is fixed is part of the new version number. If chip volumes are still significant, a new project would be created for the next bug fix release.

    You cannot have a trickle of fixes to silicon occurring as discoveries are found. The real attempt is to fix the problem with microcode updates.

    No, I consider that one releases versions, so as to be able to manage the manufacturing, distribution/supply chain and microcode releases.

  38. Flocke Kroes Silver badge

    Re: Where is the recall

    Employing the best engineers is no use when PHBs insist on RDRAM. I cannot see rumours doing Intel any damage whatsoever when headlines across the tech press never did any serious damage before. Take a look for Intel's previous epic cockups in the main stream news. If they are mentioned at all it is only a few words because non-techies will tune out the moment a news reader tries to explain what speculative execution and virtual memory translation buffers are. Outside the tech news this will be forgotten by Monday. Customers will keep buying Intel despite FUCKWIT because most of them do not realise they have a choice.

    Almost everyone who bought or sold Intel kit will pay for this mistake and only a small portion of the damage will land on Intel. A few of the big players like Google and Amazon might get a financial apology from Intel - if they can switch their orders to AMD/ARM. If you do not believe me, join the class action lawsuit and three year from now watch Intel settle ... with the lawyers.

  39. Anonymous Coward
    Anonymous Coward

    Re: Where is the recall @whitepines

    IBM have had their share of processor bugs.

    I was working on an HPC account when we had to break it to the customer that there was a fault in one of the complex floating point instructions in Power 7 that could, under certain sequences of instructions, lead to unreliable results. The fix was to put a No-Op after each of the affected instructions (added by the compiler), resulting in a low single digit percentage performance hit.

    Because they were an HPC customer (with a very large number of processors in their systems), who were doing large amounts of floating point arithmetic, this was a concern to them.

    IBM ended up paying damages (I think it was by reducing the maintenance charges) to the particular customer I was working with. Not sure what happened to other customers.

    But at the end of the fiscal life of these systems (they were only about three and a half years old, but hey, there was new money to spend), they were still providing more than adequate performance, and the customer was a little sad to see them go (as was I, as it was the end of a very enjoyable assignment).

  40. Anonymous Coward
    Anonymous Coward

    Re: Where is the recall

    "Is there actually a single intel chip that performs as advertised?"

    What is "advertised" ? Where have you seen the precise definition ?

    Yes, there are HW bugs, yes they suck and have been forever. And yes, this one is quit massively epic.

    But frankly, the "works as advertised" stance is meaningless. I'm sure 100% of your home appliances have also flaws, and and they are a LOT less complex, therefore more inexcusable.

  41. Chairman of the Bored Silver badge

    Why not just hire a VW engineer...

    ...and just cock up the benchmarks to match? My bet is that you can get one just coming off parole really cheap. Just kidding. I hope.

  42. Anonymous Coward
    Anonymous Coward

    Re: Why not just hire a VW engineer...

    They did. Have you not seen Optane?

    (Though I admit it has potential in the future, all current benchmarks are cherrypicked)

  43. Giles Jones Gold badge

    Re: Why not just hire a VW engineer...

    So the benchmarks planning a car racing game will be good so long as you have the wheels facing forward?: )

  44. Steve Davies 3 Silver badge

    Slowing the CPU Down?

    Oh well, another few thousand lawsuiits will be heading in Apple's direction.

    (sic)

  45. Anonymous Coward
    Anonymous Coward

    New Laptop will use a Ryzen chip

    When the top end Intel chips have the software fixes applied and get the 5-30% performance hit the AMD Ryzen CPUs will out perform them. Can we adjusted benchmarks now?

  46. IGnatius T Foobar
    Facepalm

    Novell got it right

    Apparently, the folks at Novell got it right ... every program that ran on Netware was basically just a kernel extension. No userland to switch back and forth to. *grin*

  47. Adam 1 Silver badge

    Re: Novell got it right

    Back 15ish years, I had a part time job helping to maintain a Novell network. Mostly clearing jammed print queues, changing backup tapes, keeping Windows and AV signatures up to date and sorting out the big boss with a new monitor every other week. Oh, and every morning resetting the clock on the Novell server that lost near enough to 10 minutes a day. And every time a user signed in their local PC time got synced to the wrong time. By the time I would get back into the office it could be out by 30+ minutes.

    We got it fixed eventually. CMOS battery I hear you ask? No, nice try but guess again. Ah, your UPS? No, that was fine too. Come on, what's the obvious cause that you're missing? Oh of course, there must be a bug in the CDROM driver running on the wrong kernel ring and causing the ticks to be slightly slower than they should. Well spotted.

  48. Anonymous South African Coward Silver badge

    Re: Novell got it right

    Lovely ABEND errors if something did something naughty :)

  49. Michael Thibault Bronze badge
    Facepalm

    Ahhh, the beauty of a monoculture! Everyone suffers equally.

    "Suffice to say, this is not great." The article could -- probably should -- have started with that sentence.

    2018 is shaping up to be a major doozy for Intel. At least.

  50. Destroy All Monsters Silver badge
    Paris Hilton

    Re: Ahhh, the beauty of a monoculture! Everyone suffers equally.

    But people will be looking at optimizing code again.

    This *could* be a big deal in interesting applications that have real time constraints. Maybe.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018