'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign

According to The Register, "A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug." From the report: Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in this month's Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December. Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- specifically, PCID -- to reduce the performance hit. Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated -- the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder. Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue. The report goes on to share some details of the flaw that have surfaced. "It is understood the bug is present in modern Intel processors produced in the past decade," reports The Register. "It allows normal user programs -- from database applications to JavaScript in web browsers -- to discern to some extent the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI."

Don't know if serious.

At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

Re:Don't know if serious.

[Hal_Porter]

https://www.mail-archive.com/l...

2) Namespace

      Several people including Linus requested to change the KAISER name.

      We came up with a list of technically correct acronyms:

          User Address Space Separation, prefix uass_

          Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix fuckwit_

      but we are politically correct people so we settled for

        Kernel Page Table Isolation, prefix kpti_

      Linus, your call :)

LOL!

Re:Don't know if serious.

[Pseudonym]

At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

Someone on LKML using the word "fuckwit" is what Linux developers call "a normal Wednesday".

Re:Don't know if serious.

People should remember this next time Linus goes off on a rant.
The point is that he's not just a complete asshole-- he's a high spirited man among high spirited peers and all are working passionately on a project of great difficulty and importance.
If you can't stand the heat then stay out of the kitchen.

gran torino style.

Re:Don't know if serious.

[KingBenny]

I just read "we are not liable for selling yo stupid ass faulty hardware" so we come out with the bug b/c sales are slacking ... on howtogeek the article was all like "but these numbers are linux only so we dont know if it will affect windows at all" thats the OS that runs at 100% of one of my cores just sitting on the desktop while linux would be the os that runs three or four apps over four to six desktops on a celeron i can only conclude this is a "we got you by the balls maneuver" by intel

FOOF

[OverlordQ]

About par for Intel's course. Make it fast at the expense of horrible bugs.

Re:FOOF

FOOF

Was that just onomatopoeia or were you making a reference to Satan's kimchi (a.k.a. dioxygen difluoride)?

Re:FOOF

[sjames]

Actually, it's a reference to a hex value that could trigger a nasty Pentium bug.

Re:FOOF

F00F

Re:FOOF

[sunking2]

Seriously, hardware design is so much more complicated than software its not even funny.

Re:FOOF

Yep, programming is basically semi-skilled labor, like burger-flipping

Re:FOOF

[TheRaven64]

Having done a fair amount of both, I would disagree. The things that make software complex are dynamic: you can dynamically create threads and you can dynamically allocate memory, which makes the number of possible interactions almost impossible to statically reason about. In a CPU, all of these things are bounded and (very) finite, to the extent that it is actually possible to apply formal methods to the design (Centaur in collaboration with UT Austin do some amazing work in this area).

The difference is that a bug in software can usually[1] be fixed after you ship, whereas a bug in silicon usually can't (though if you've got a lot of microcode you can sometimes work around it). ARM has a nice chart of the cost of fixing a bug at each stage in development, which becomes more and more terrifying, whereas for software that cost is roughly flat, so you can get away with spending a lot less effort on correctness.

[1] Though not always easily. A colleague of mine released his first CVE a couple of years ago for a small library he wrote a couple of decades back. It turns out that most deployments of this library are in fax machines and printers, with no software update mechanism.

Re:FOOF

[Shinobi]

Hardware design of a contemporary CPU is much more difficult than software design, assuming equal competence levels of both crews(However, SOOO many software developers are incompetent AND lazy, so you end up with the huge messes you mention....)

As for Centaur, they've verified small subsets, based on the Verilog, and not the actual finished hardware with varying frequencies or voltage levels etc etc.

Re: FOOF

[Zero__Kelvin]

Having done both I can assure you that is not true. Just as digital is a special case of analog, so to is software a special case of hardware. They are symbiotic, and a simple "hello world" circuit (led turns on e.g.) is no more complex than the software equivalent. Complexity is in the design, not the domain. The kernel is as complex as the CPU. In fact it just got more complex because of a flaw in the CPU.

Re: FOOF

You might want to go back to Math vs Engineering debate.

Fuckwit.

Re:FOOF

[aliquis]

Make you next processor a VIA one.
https://hexus.net/tech/news/cp...

Re:FOOF

More importantly, the CEO dumped all his stock options right down to the corporate requirement minimum for his post, and he did this about 2 weeks ago. Make of that what you will.

Re:FOOF

[Tablizer]

SOOO many software developers are incompetent AND lazy

Because competency is not sufficiently rewarded. If their boss is a PHB, they won't know good code from horse fumes, and reward the horse fumes instead.

Re: FOOF

There are burger flipper programmers and burger flipper hardware designers.

And you are just a burger flippin burger flipper if you canâ(TM)t understand that.

Re:FOOF

[morethanapapercert]

I think what you're talking about is Boehm's curve. Got a link to that ARM chart you mentioned?

Re:FOOF

So what about IBM OS/2 Warp? Is that immune from the Intel bug? OS/2's memory protection design is pretty tough to crack, isn't it?

In all fairness...

Intel guys are doing the bulk of the work for the linux kernel changes, and I'm sure to be fair they'll equally cripple all processors with the changes not just their own.

Re:In all fairness...

[scumdamn]

Looks like you missed this commit from Tom Lendacky at AMD.

Re:In all fairness...

[nemequ]

What are you talking about? That patch says AMD CPU's aren't vulnerable:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

The (trivial) patch essential disables the work-around on AMD CPUs. I'm not going to comment on how fair GP's criticism of Intel is in general, but that link definitely isn't evidence in Intel's favor

Re:In all fairness...

[sjames]

That bolster's AC's point. It looks like the Intel guys were going to cripple performance for everyone until the patch from AMD removed the unnecessary crippling from AMD processors.

Re:In all fairness...

Intel fucking sucks. What a bunch of wankers.

Re:In all fairness...

Oh, goody, they've already done it.

Re: In all fairness...

If Intel exluded AMD CPUs from the start they still would have been accused of not playing fair. Its also up to AMD to know if they needed this patch too even though its rare for two companies to foobar this.

Re:In all fairness...

[ColaMan]

Well, I'm guessing the approach was more along the lines of "an abundance of caution with the X86 ISA" as opposed to deliberate malice towards AMD.

Whilst no doubt there's some Intel guys with a very good working knowledge of AMD CPU internals, you'd really want to get direct confirmation from the actual AMD hardware guys that their hardware is immune to this.

Re:In all fairness...

[Demena]

Thus makes apple's recent fiasco trivia in comparison. I just got a new machine. How do I get it changed for one that does not have the bug?

Re:In all fairness...

[sexconker]

Well, I'm guessing the approach was more along the lines of "an abundance of caution with the X86 ISA" as opposed to deliberate malice towards AMD.

Hi. Have you met Intel?

Re: In all fairness...

How thoughtful of Intel to try and save amd from this embarrassing bug too /s

Re: In all fairness...

Lol. No. Intel tried to patch for amd too when they shouldnt. You are right how it is up to amd to patch their own cpus. Intel shouldnt be doing patches which affect amd cpus but we can see why they did. They want their slowdown patch to slowdown amd cpus too. Get with the program

Re:In all fairness...

Have you met every Intel employee?

Re:In all fairness...

I'm sure the 30% slow down won't encourage people to go out and upgrade their processors to the latest models.

Re:In all fairness...

Get an AMD chip, not an Intel one.

Re:In all fairness...

[scumdamn]

I'm saying that Intel tried to cripple all processors but the dude from AMD told him their products weren't vulnerable and didn't need to be slowed down.

Re: In all fairness...

[viperidaenz]

They didn't explicitly create a patch for AMD CPU's. They made changes that patch ALL x86 CPU's, regardless of vendor.
AMD submitted a vendor check to disable the patch for AMD CPU's

Re: In all fairness...

When it comes to intel C compiler, optimizations that would work on AMD chips are left out when compiling for that CPU, because "we wouldn't presume to know what would work and what wouldn't on a competitor's chip!"

Yet in this case, they presumed to know what was best for a competitor's chip.

Funny how the error always falls to Intel's favor. One might think it wasn't an error at all.

Re:In all fairness...

You mean the ones who do what Intel tells them?

Re: In all fairness...

[TheRaven64]

When it comes to the C compiler, Intel puts some things behind microarchitecture tests because in the past they didn't and people complained. They enabled fast paths after doing feature checks and it turned out that a bunch of x86 chips implemented certain instructions, but in microcoded slow paths and the optimised icc version that used them ran a lot slower than the version that didn't. As a result, they only enable certain instructions on chips that they have tested and which run faster when those instructions are used. And then people complained that they weren't doing optimisations on their competitors chips...

In this case, there is a vulnerability affecting a bunch of x86 processors, they issued a patch for x86 processors. This is exactly the right thing to do for a security issue: blanket enable and then whitelist safe CPUs.

Re:In all fairness...

[ColaMan]

I was going put in a Trump-esque 'Intel? Great company. Super-great, best company, great people too' kind of spiel here.

But then I was worried that someone might take me seriously.

Re:In all fairness...

[Anne+Thwacks]

It looks like the Intel guys were going to cripple performance for everyone until the patch from AMD removed the unnecessary crippling from AMD processors.

This sounds like racketeering to me. Where is RICO when you need him?

Re:In all fairness...

[nnull]

This, I don't completely understand the reasoning for crippling all processors, including non-intel. It seems Intel is trying to use its political clout to reduce everyone's performance with a bunch of fear and scare tactics which just tops the charts for 2017 and 2018, just so they don't lose their edge. This is just an utter catastrophe for Intel and they're trying to drag the rest of us with them.

Re: In all fairness...

[Zocalo]

This. Without being privy to the closed discussions about how to engineer the patch (which AMD was clearly a part of) we have no way of knowing whether this wasn't the agreed approach. It's not like AMD would really want Intel making the decision over whether or not each of their CPU SKUs were vulnerable, and I doubt Intel would want to make that call either - they've got more pressing matters than trying to exploit AMD CPUs to deal with and they'd have to assume AMD would eat their lunch in court if they got one wrong. Time will tell though, I'm expecting some more details to come out on this aspect of it once the embargo lifts, and I doubt AMD will be shy about it if they think Intel tried to stiff them when they do.

Re: In all fairness...

to foobar this

To fuck oop beyond any repair this?

Re: In all fairness...

Bullshit.

If some manufacturer produces bad goods, the remedy isn't to blacklist $GOOD, it's to blacklist $MANUFACTURER.

What was done wasn't the right thing to do, it was a childish, petty and obvious anticompetitive move.

Re:In all fairness...

[zifn4b]

Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity

Re: In all fairness...

It's good to test the patch on AMD CPUs too. The code is not in production use yet anyway.

Re:In all fairness...

Which is wrong. Intel did not try anything. This assumption was made by non-Intel people at a point where it was not known that AMD is not affected.

Re: In all fairness...

The error of deliberately crippling a competitor's performance due to your own blunder when you're a hundred billion dollar company cannot be adequately explained by stupidity.

Re: In all fairness...

[zifn4b]

The error of deliberately crippling a competitor's performance due to your own blunder when you're a hundred billion dollar company cannot be adequately explained by stupidity.

It's a double-edged sword, if you do nothing to purposefully alter the behavior of the competitor, you're accused of doing something wrong and out of line. If you deliberately alter the behavior for your competitor, even if you had good intentions, you're accused of doing something wrong and out of line.

Besides, that's what pull requests and code reviews are for. You throw out your best guess and then the code review participants make suggestions based on their bigger picture view of the system. This is how any large scale system with multiple customers that use the system differently works. You're obviously not a developer. Managing all that is tricky business.

Re: In all fairness...

To foo this bar?

Re: In all fairness...

[Carewolf]

When it comes to the C compiler, Intel puts some things behind microarchitecture tests because in the past they didn't and people complained. They enabled fast paths after doing feature checks and it turned out that a bunch of x86 chips implemented certain instructions, but in microcoded slow paths and the optimised icc version that used them ran a lot slower than the version that didn't. As a result, they only enable certain instructions on chips that they have tested and which run faster when those instructions are used. And then people complained that they weren't doing optimisations on their competitors chips...

No.... This was no how it happened. They had a switch that was compile time and worked fine for AMD, they improved it to be runtime and made it specifically only detect Intel chips for no good reason, when tools were released that fixed their auto-crippling and arms-race started where Intel increasing obfuscated the auto-crippling to make it harder to remove. This back and forth arm-race laster for over a year with a new release every two 2 months, where Intel reinstated a new way of crippling performance on AMD chips when the old one was circumvented. In the end those making the hacks just gave up on the Intel compiler and to this day it still does it.

Re:In all fairness...

[dstyle5]

A decision like this isn't coming down to what employee X feels is right or wrong: "Yeah, just do what you feel like doing Bob, whatever." This is huge decision which was most likely made by management at Intel. Or by Raja Koduri.. ;)

Re:In all fairness...

[bat21]

Whether or not Intel would deliberately do something like that (which would be very foolish), individual developers have a general sense of camaraderie. They're not typically going to deliberately screw over people they view as being in friendly competition.

Re:In all fairness...

You are going to have to wait for a new batch of CPUs to be released without the bug. All current Intel processors have the bug.

Re: In all fairness...

It's good to test the patch on AMD CPUs too. The code is not in production use yet anyway.

So, if someone breaks their back, it's good to put you too in a plaster cradle, just to make sure? Idiotic.

Re: In all fairness...

[Agripa]

When it comes to intel C compiler, optimizations that would work on AMD chips are left out when compiling for that CPU, because "we wouldn't presume to know what would work and what wouldn't on a competitor's chip!"

So they test for it based on the vendor ID instead of the feature flags doing exactly what they said they are not.

Re: In all fairness...

[steveha]

Intel puts some things behind microarchitecture tests because in the past they didn't and people complained. They enabled fast paths after doing feature checks and it turned out that a bunch of x86 chips implemented certain instructions, but in microcoded slow paths

I don't have a link, but I remember years ago someone posted example code generated by the Intel C Compiler for copying bytes. If the CPU ID was Intel, the code compiled the most efficient byte copy possible (IIRC it used SIMD); for non-Intel it was an actual loop that copied one byte per loop iteration, didn't even use REP MOVESB.

I wasn't aware that there was any non-sinister explanation for checking CPU ID; thanks for making me aware. But I continue to think that the Intel C Compiler is actually malicious toward Intel's competition.

Re: In all fairness...

"They didn't explicitly create a patch for AMD CPU's. They made changes that patch ALL x86 CPU's, regardless of vendor.
AMD submitted a vendor check to disable the patch for AMD CPU's"

Piss off Intel apologist, i didn't say it was explicit. I said their patch affected amd cpus as well which it did. Amd should never have had to release a vendor specific exclusion from this patch made by intel. It was Intel who included amd in the patch when it shouldn't have. Intels patch should have been vendor specific because IT IS THEIR FUCKEN BUG IN THE FIRST PLACE.

Re:In all fairness...

[Demena]

Possibly. But will they be willing to replace it then? I think not, I think they are soldered in. Be cheaper to replace the machine and I doubt they will do that. Regretfully the consumer laws in this country will probably require them to do so. They are in a bit of shit here, as is every other manufacturer. Many will be able to cut and run but not Apple. At least IOS devices use their CPUs not Intel.

Re:In all fairness...

[sjames]

It might be hard to prove in court, but given Intel's past behavior w/ the Intel compiler, it likely was intentional dirty pool.

Re:In all fairness...

however, this can not be adequately explained by stupidity, since they are capable enough to *fix* this problem.

Re: In all fairness...

[TheRaven64]

Not using REP MOVESB is actually a good thing even on some Intel microarchitectures. The cost of that relative to a loop is very variable. Centaur x86 chips will recognise the copy-a-byte-at-a-time loop in microcode and replace it entirely with their own faster memcpy microcode (unless you have breakpoint or watchpoint registers set). The SIMD versions are also not always best. They are on Intel, though the exact set of SSE / AVX instructions that runs fastest varies between microarchitectures (the AVX version is slower on some, even when they support SIMD). A few non-Intel chips have advertised SSE instructions, but cracked them down to a sequence of scalar ops that end up being slower than the equivalent scalar code (early Intel Atoms also cracked 128-bit SSE operations into pairs of 64-bit micro-ops, though these were generally still faster than the scalar equivalents).

Re: In all fairness...

[TheRaven64]

Do you still have that opinion after the more recent disclosure from Google's Project Zero that at least some AMD chips are vulnerable? What would your opinion have been if Intel had only submitted patches enabling the fix for Intel's chips and it had turned out that at least some AMD chips are vulnerable?

Having looked at the attack now that it's public, I'd be quite surprised if most superscalar chips weren't vulnerable.

Re:In all fairness...

Hanlon's Razor may be adequate when dealing with the typical layperson, but when dealing with highly educated and intelligent people it's the exact opposite: Never attribute to stupidity that which can be adequately explained by malice.

Re: In all fairness...

So where's Intel's whitelist?

How could this be abused?

[jader3rd]

Sorry for the lack of imagination, but if the user space process can only read kernel memory, and can't write to it, how could one make use of this?

Re:How could this be abused?

[OverlordQ]

You're running in EC2 on shared hardware. Your instance can read the memory of other instances running on the same physical hardware.

Re:How could this be abused?

[pereric]

Cryptographic keys, information on other processes (making other attacks feasible), perhaps random number generator seeds and status, for example ...
And the principle in general that there could be information the process is not supposed to reach.

Re:How could this be abused?

[EndlessNameless]

Private keys for system-level crypto and user credentials are stored in kernel space. You want everyone on the system to be reading those? If you can read a private key or a Kerberos token, you can become that daemon/system/user.

This bug essentially destroys local security and severely compromises network security, subject to any limitations on where/when data can be read.

I'm not a microarchitecture guru who can dig through the details and figure out the limitations of potential attacks. Perhaps only a small portion of kernel memory can be exposed via this bug. I don't really know. The naive, simple scenario where all kernel memory is exposed, though---that is pretty damned bad. Infosec doomsday bad.

Re:How could this be abused?

Some very clever Javascript in a webpage could have access to any and all RAM bad. That's how bad this is.

Re:How could this be abused?

Rowhammering.

Re:How could this be abused?

You're running in EC2 on shared hardware. Your instance can read the memory of other instances running on the same physical hardware.

Yep, "the cloud" bites again.

When are you supposedly "technically sophisticated" people going to learn that security inherently means running on your own hardware?

When you cheap out, you lose. Performance, security, integrity, reliability - everything.

VM specifically: For most local-system applications, VM is a long in the tooth, unneeded hangover that drops performance. I have 64 GB of RAM. I killed VM long ago (under OS X, it's fairly easy to do) and gained substantially in performance. I run a lot of big, hungry apps, too. Zero problems, faster. It's not the 1990's any longer. Memory is crazy cheap these days compared to your time and security and energy and wallet thickness; you should have lots and lots. If you don't, then there's your error.

If you really need a cloud (well, you probably don't, but there are exceptions) then you should build your own cloud. The software's out there. Sharing hardware is not a good idea.

If you won't, or can't, run your own system(s) then you're walking in dogshit. Some of it will eventually stick to your shoes. While the cloud people will be LOL'ing on your dime, suckers.

Re:How could this be abused?

Huh. I think you missed the point of VM's. I have a x10dal-i with 2x 2600's and 128GB ram running around 50 VM's. Hardly ever does a single VM need the full resources. It saves money on hardware (a lot) and power (a lot) and makes managing those servers trivial. I can spin up a test server in 'no time' and make it live just as fast, spin down a old one, blow away the test server and not effect the live services. Etc Etc Etc. Sadly market dweebs took that ability and sold it as "the cloud" (which just means other peoples servers) and the penny pinchers bought it hook line and sinker.

Re: How could this be abused?

Bullshit. Scale out, not up.
Your VM isn't running on windows, it's running on a hypervisor which emulates the hardware. There's no reason why this can't be fixed at the hypervisor layer.

Sure, this is a big deal for desktops, but I have a hard time seeing how it applies to servers.

Re:How could this be abused?

[segedunum]

Now you have a performance hit to factor into that analysis.

Re:How could this be abused?

[LordKronos]

He confused me at first with the mention of VMs as, like you, I initially thought he was talking about Virtual Machines (especially given the context of cloud computing and hardware sharing). But he was actually talking about Virtual Memory. Not sure how he got from one topic to the other, but it's pretty clear:

  "Memory is crazy cheap these days compared to your time and security and energy and wallet thickness; you should have lots and lots. If you don't, then there's your error."

Re:How could this be abused?

[Mad+Merlin]

When you cheap out, you lose.

You're assuming that the cloud works out cheaper. Sometimes it does, but for many cases it does not (and it's not even close).

Re:How could this be abused?

[chuckugly]

You disabled paging, most likely, not virtual address mapping.

Re: How could this be abused?

[Bert64]

It can and will be fixed at the hypervisor layer, but this will incur a performance hit (potentially up to 30%?)...
That means for the same level of performance, your cloud provider now has to buy 30% more servers, pay for 30% more power, 30% more rackspace, 30% more cooling and 30% more maintenance... Those costs will be passed on to the customers.

Re:How could this be abused?

[viperidaenz]

You've confused virtual address space for swap.

Re:How could this be abused?

[Mal-2]

But lots of laptops now ship without DIMM slots. What you get when you buy it is all you will ever have. My Acer C720 has 4 GB of RAM, which is generally adequate, but I do hit the page file a lot. Fortunately, this is made tolerable by an SSD that pretty much saturates the SATA III bus on both reads and writes. (Even the stock 16GB Kingston SSD is really fast, but my 250 GB replacement is slightly faster.)

For a whole lot of people in a whole lot of situations, adding more RAM just isn't an option. It almost always is an option on a desktop PC, but that has been a shrinking piece of the computing pie for many years now, and can't really be considered a "typical use case" for Windows or Linux any longer.

Re:How could this be abused?

[Anne+Thwacks]

But lots of laptops now ship without DIMM slots.

And people wonder why sales of laptops are bad? Its obvious the old ones are better if you ever manage to actually get hold of the specs from anyone.

Typical use case for the Laptops in PC world appears to be "getting in the way".

Re:How could this be abused?

[Mal-2]

No slots (or if you're lucky, maybe M.2 slots) seem to be the order of the day in thin-and-light laptops, and that seems to be what the average person buys now -- and has been for several years. Telling them to upgrade RAM is tantamount to saying "your computer is obsolete".

As for those old laptops, I've rehabilitated a number of dual-core Merom laptops and put them back in service with family members and friends. They still work just fine, but they are admittedly hot, bulky, and noisy. They also (generally) have a 4 GB RAM limit by design, although they are 64-bit and the Merom architecture itself is not limited to 4 GB. I wouldn't want to sleep with one running by my bed 24/7 though, and I do that with the C720. It's my TV-driving machine, my Minecraft server, and my day-trip computer all in one. I certainly planned that purchase with the knowledge that the RAM was not upgradeable, but that the storage was.

Basically, if someone has a laptop from 2009 or later, they probably don't have to replace it. That's why laptop sales are weak, but it doesn't mean that there isn't value in the thin-and-light trends that have followed. It's just a different kind of value. Still, these machines are the new baseline, and it does mean "throw more RAM at it" is not an option in a lot of cases.

Re:How could this be abused?

[zifn4b]

When you cheap out, you lose. Performance, security, integrity, reliability - everything.

Unfortunately, this is the status quo in the computer technology industry and has been for quite some time. The executives don't understand the relationship between cost and quality or just outright reject it because they don't care for reality too much, only profit. Many companies have failed due to executives projecting what they want reality to be onto reality. You can twist perception but reality won't budge.

Re:How could this be abused?

Read: read passwords, admin files, content of other people's databases, etc.

Re:How could this be abused?

Eh?? There is usually no private key or user credential in linux kernel space, at least not on desktop systems without encrypted fs. Unless you mean temporary network packets??

five to 30 per cent slow down

[rwven]

I find it hard to believe that a virtual memory change will result in a 5-30% slowdown for Intel processors. Maybe for a few extremely specific (likely edge-case) tasks, but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.

Re: five to 30 per cent slow down

[Monster_user]

By "virtual memory" are we talking Page Files and swap space? Disk space as memory?

So an almost unusuable computer becomes completely unusable. Unless you're on solid state, then you get the performance of a mechanical hdd.

Re: five to 30 per cent slow down

Yes, free replacement cpus come to mind. Unfortunately, unlike fixes where..."take it in for a simple fix" is concerned...there isn't one for this. This is more like...the doors will unlock automatically so we need to relock them with a key, so someone needs to lean out the window and manually lock the door.

Re:five to 30 per cent slow down

[jonwil]

If the choice is a 30% slowdown or a massive highly dangerous security flaw, the developers will pick the 30% slowdown. Especially if that flaw is a big problem for people using VMs (there are suggestions in some places that the flaw would be a HUGE problem for cloud providers like Amazon). That said, if you are running Linux and dont care about the security flaw but do care about the slowdown, you can always compile your own kernel without the relavent bits in there :)

Re:five to 30 per cent slow down

[Carewolf]

I find it hard to believe that a virtual memory change will result in a 5-30% slowdown for Intel processors. Maybe for a few extremely specific (likely edge-case) tasks, but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.

Virtual memory access is used in every single memory access cached or not. 5% would be lucky for trying to work around a broken system. I am guessing the flaw is probably in the TLB which is meant to accelerate these things.

Re:five to 30 per cent slow down

[gravewax]

I can see it being a problem for shared providers etc. HOWEVER, I know a lot of cases in the customer I am working with they will happily accept the risk rather than take an even 5% performance hit as they use the machines for dedicated tasks so if rogue code was somehow on their they would have already been seriously compromised. So I seriously hope regardless of OS that their is a way to disable the fix easily while staying in a supported state if the performance hits are more than just FUD.

Re:five to 30 per cent slow down

[epine]

I find it hard to believe that a virtual memory change will result in a 5-30% slowdown for Intel processors. Maybe for a few extremely specific (likely edge-case) tasks, but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.

Of course, if microcode update fails, there's always the hail Mary unicorn ass-pull.

I assure you, every Intel employee is kneeling on the carpet this very instant, facing the most auspicious astrological direction like ten of thousands of well-aligned human magnetic domains, while praying in unison like a telepathic Tourettic cuckoo clocks to any qualified god who will take their call.

If you've been harbouring a time machine, looking for optimal market conditions, I suggest you pull it out of your ... hiding place ... any minute now, because the market is ripe, ripe, ripe and bidding will begin with a B.

What a fucking nightmare.

Re: five to 30 per cent slow down

Well, as my still-in-its-warranty-period laptop has a soldered-in Intel CPU, it had better be a whole new laptop.
AMD's new CPU's will definitely be in my next workstation though.

Re: five to 30 per cent slow down

[darkain]

Page File is only one area that can be mapped into a Virtual Address Space. System RAM is another. Often time, I/O is as well.

https://en.wikipedia.org/wiki/...

Re:five to 30 per cent slow down

[Zocalo]

Linux users don't even need to compile a custom kernel (although if performance *really* matters you should probably be doing so as a matter of course) as there's a boot time option in the that can be set to disable the new Page Table Isolation mode, "nopti". Without knowing the performance hit for a specific usage case and the nature of the flaw its currently impossible to say whether using it is going to be a good idea or not, but it's nice that they at least thought to include the option. Pretty sure BSD will do the same, but feel free to place your bets on commercial operating system vendors...

Re:five to 30 per cent slow down

if the performance hits are as large as claimed you can pretty much guarantee commercial OS's will provide the option to turn it off. 5% can be enough to cause meltdowns in some mission critical processes.

Re:five to 30 per cent slow down

[LinuxIsGarbage]

If the choice is a 30% slowdown or a massive highly dangerous security flaw, the developers will pick the 30% slowdown.

As it is it seems a lot of developers choose "30% slowdown" over "spend some time to write not shit code".

"Premature optimization is the root of all evil" gets turned to "Do no optimization whatsoever, have no understanding of underlying hardware, and pick the latest trendiest framework that runs on top of 5 layers of framework to provide 6502 performance from an i7."

Re:five to 30 per cent slow down

I wonder if this bug was the reason for the delaying of the Intel based Aurora supercomputer from 2018 to 2021. The bug would definitely be serious enough for such a shared, performance critical system.

Re: five to 30 per cent slow down

For the FDIV bug Intel recalled the affected cpus.

Re:five to 30 per cent slow down

I think the issue is a side effect of the transition from user space to kernel space and back. On the way back, the kernel is leaking information that the user can find. The fix is to erase everything on the way back. This probably kills CPU cache (maybe not the memory cache but other page mapping stuff dies along the way). If the result is an extra 10 memory page misses on each kernel => user transition, then 30% is a real figure.

Re:five to 30 per cent slow down

I think AMD stock just went up.

Re:five to 30 per cent slow down

[eclectro]

Mail everybody a new chip from the past decade would be the "different" solution!.

Re:five to 30 per cent slow down

[paskie]

The slowdown is on syscalls. So it depends on your workload. For example, `du -s` is reportedly slowed down really by tens of percents.

Re:five to 30 per cent slow down

[Zocalo]

I think that's actually going to depend more on the OS than the vendor. The available comments, urgency, and secrecy indicates a major hardware security issue being worked around, and both Apple and Microsoft have older OSs versions that are still officially in support for security patches, so this should therefore qualify. I wouldn't put it past either of them to neglect to provide the necessary switch for those older versions in an attempt to encourage people to upgrade to their current release.

One other thing that I have noticed from the Linux patch is that it is applied by default without any attempt to tie it into the use of some other feature like hardware virtualisation which raises the distinct possibility that it might be a more general problem, and quite possibly something that could be leveraged by a malicious userspace app. If that is the case, then it's potentially a vector for malware to compromise a system which would mean it would be a bad idea to disable the code on *any* system, regardless of whether it's multiuser or not. In that situation, I'd actually kind of expect Apple and Microsoft to be thinking long and hard about whether they want the typical home user to have control or not, even before you take their "we know best" mindsets into consideration.

Re:five to 30 per cent slow down

[sjames]

They don't have a choice. The cost is quite believable since the workaround involves mapping the kernel in and out of the process space for every system call. Keeping it mapped in and keeping the page tables hot in the cache helps performance a lot.

The real fix involves new silicon.

Re: five to 30 per cent slow down

By "virtual memory" are we talking Page Files and swap space? Disk space as memory?

No. On modern processor running in protected mode, all memory is virtual. Memory pages that appear contiguous could be backed up by NON-contiguous areas of physical memory, device i/o space, numa, swap, etc. This bug may affect any memory access in userspace.

So an almost unusuable computer becomes completely unusable.

OK about the second part. The first part is a matter of opinion ;-)

Re:five to 30 per cent slow down

[sjames]

This is a good point. If the machine lives in a protected environment where only approved software is used by authorized users, disabling the fix to avoid the slowdown might be the right thing.

But I'm pretty sure the slowdown in this case isn't FUD. Otherwise we'd hear Intel loudly denying it by now.

Re: five to 30 per cent slow down

[ewibble]

Why should warranty period apply, this is a manufacturing defect, that causes your machine to be insecure or slower than advertised.

Just like if find out your car air bags won't work, they are replaced free of charge.

Re:five to 30 per cent slow down

[dryeo]

provide 6502 performance from an i7

Good, it's a step in the direction of improving latency. Next, replace the rest of the computer with an Apple //E and we'll have something responsive.
Article measuring latency of various computers that finds the Apple //E to have the least latency in displaying a character, https://danluu.com/input-lag/

Re:five to 30 per cent slow down

[grimr]

I don't think you understand how drastic this fix is. Every time a user mode to kernel mode transition happens and every time a hardware interrupt happens, the entire page table directory layout has to be switched. This means all the TLB caches are flushed as well and that's where the main performance hit comes from.

So if you're doing something like crypto currency mining you're not going to see much of a hit. But if you're doing a lot of I/O (file servers, database servers, web servers, etc.) you're going to see that 25-35% performance hit.

And that's why hardware bugs are so serious. Sometimes you get lucky and it's a microcode update with no penalty. Sometimes it's a simple fix with barely any performance penalty. But sometimes you get unlucky and the fix hurts a lot and the only way to get the performance back is to swap out the hardware.

Re: five to 30 per cent slow down

[grimr]

Virtual memory is just the mapping of a virtual address space to a physical address space. Paging is the swapping out of memory to disk so you can allocate more than you physically have. Virtual memory is what's commonly used to implement paging.

This bug is a flaw with the virtual memory protection mechanism that stops user code from reading kernel data.

Re:five to 30 per cent slow down

[grimr]

It's not the flaw that causes the slowdown, it's the fix that causes the slowdown. You are correct that it has to do with the TLB cache because they are flushed after CR3 is updated to the new page table directory at each switch from user mode to kernel mode and back.

Re:five to 30 per cent slow down

[guruevi]

From what I can read it's actually every context switch, the kernel is forced to look into different address spaces. So for every interrupt (eg. a network packet) your computer has to dump it's CPU cache and re-read from RAM. This totally removes the benefits of L1-L3 caches on the CPU which these days can be ~30MB.

I'm much more surprised this can't be fixed in microcode, the entire CPU is run by its own "OS" since Pentium 1 the Intel CISC is just a translation to RISC so you should be able to patch it out. If not, it's not like the Pentium F00F bug anymore, these days we're using millions of CPU's per year, recalling even the last 5 years worth is suicide for Intel.

Re:five to 30 per cent slow down

[segedunum]

....but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.

There is, and there isn't. Intel obviously does not want to recall hardware and they really don't give a shit. If they slip this under the radar then they're hoping CPUs will just get replaced as an answer to performance problems.

Re:five to 30 per cent slow down

[aaarrrgggh]

Like a lawsuit?

Re:five to 30 per cent slow down

[fahrbot-bot]

I'm much more surprised this can't be fixed in microcode, the entire CPU is run by its own "OS" ...

Perhaps it actually can, but then Intel would assume the responsibility for that fix -- across all the many, many CPU families and versions -- and the responsible for any bricked CPUs if/when something goes wrong. Better for them to say, "Fixed in the next release."

Re:five to 30 per cent slow down

[hcs_$reboot]

to provide 6502 performance from an i7."

Well, if it uses the 6502 instruction set as well, all is not lost!

Re:five to 30 per cent slow down

[complete+loony]

Every single system call will essentially incur a costly task switch that wasn't there before. The total slowdown will be based on the total number of syscalls used in any particular workload.

Though since this is the new reality, where accessing kernel memory directly is more expensive than it used to be, you can expect kernel and application developers to try and claw back some of these losses over time.

Re:five to 30 per cent slow down

Every process runs in virtual address space--EVERY process. Low level device drivers on X86 might need to map to physical, but nearly everything is virtual. Certainly everything in user-mode.

This is why process 1 memory location 10000 is a different piece of physical ram from process 5 memory location 10000. Different virtual address spaces. Each such mapping between each virtual address space and physical space is stored in a "page table". (Pages might also not currently exist in physical ram and the OS handles that, e.g., load from disc, make up from scratch or whatever, but that's a separate discussion.)

The main cost of a context switch between processes is flushing the "TLB" (translation lookaside buffer) - it's essentially a cache of "for the current process, what virtual addresses map to what physical addresses".

Traditionally, OS's separated the virtual address space into 'Kernel' and 'User' portions. (Those of you that remember /3GB switch on NT know all about this.) This way, jumping into the Kernel is might lighter-weight than jumping between processes because the TLB is still valid and thus doesn't need flushing. The TLB's data about kernel address space is correct.

The performance hit is this turns every transition from user-to-kernel from "a quick update of the current privilege level" into a full "load new page table and full TLB flush" as the kernel no longer lives in the same virtual address space. This is a huge hit on every kernel call.

The only OS's that wouldn't be affected by this are ones that use a single address space; or already separate everything including their kernel into separate virtual address spaces. Maybe a microkernel OS isn't affected, and single-address-space things like Unikernels and (Microsoft Research's) Singularity wouldn't be. Non-protecting operating systems also wouldn't be affected as they don't have security to begin with--for example, FreeDOS which aims to still run on 8088 chips, doesn't have any kernel protection or multitasking so it cannot be affected.

Re:five to 30 per cent slow down

The cancer you refer to is a serious problem in layers above the kernel, but in the Linux kernel it is not a serious problem - performance in critical areas of the kernel is certainly not ignored and the developers updating this code certainly understand the underlying hardware -- although, they of course can't rely on undocumented or unsupported features that may exist in a particular variant.

If additional manipulation of memory maps is required on every call into the kernel to avoid the exploit and those calls result in slow execution upon entry and/or return after the call while the maps fault in again, there's really nothing the kernel devs can do.

Re:five to 30 per cent slow down

[guruevi]

They already release microcode fixes all the time. Microcode gets patched when the OS boots up and then is promptly 'forgotten', it doesn't get permanently written.

Re:five to 30 per cent slow down

[Xenx]

The problem is, if it can be fixed in microcode... Intel would likely alienate a lot of businesses by pulling that. Intel letting major business take a 30% performance hit, so Intel can make money off of their own flaw doesn't sound like it would fly. Just because Intel doesn't have a legal responsibility to resolve the problem, doesn't mean it isn't in their best interest as a company.

Re:five to 30 per cent slow down

[eldakka]

This cannot be fixed in microcode. It will require a new hardware revision to fix.

Re:five to 30 per cent slow down

[Xenx]

Design defects are already not covered under their warranty. I'm not saying a lawsuit couldn't happen, but you wouldn't be starting from a position of power.

Re:five to 30 per cent slow down

[grimr]

This totally removes the benefits of L1-L3 caches on the CPU

No, those caches work on physical addresses so the page table mappings have no effect. It's the TLB caches which caches the virtual to physical address mappings that are flushed.

I'm much more surprised this can't be fixed in microcode

Microcode can't fix everything. It's generally limited to how instructions get executed. The virtual memory system can't be patched by microcode. Even if it could the slowdown would be 10s to 100s of times worse than the slowdown caused by this fix. This is a fundamental flaw in the virtual memory protection circuitry.

Re:five to 30 per cent slow down

Yeah, having to do a TLB flush and repoint the page tables on every user/kernel mode transition: We got really unlucky. :-(

Re: five to 30 per cent slow down

[MrKaos]

By "virtual memory" are we talking Page Files and swap space?

Almost. The difference is a minor or major page fault. From swap space to ram to CPU cache is a major page fault whereas a memory transfer is between the CPU cache (L1,L2 or L3) and system RAM is a minor page fault.

Disk space as memory?

No. Between CPU cache and system RAM. In this case the issue relates to minor page faults which occur when the CPU scheduler is switching tasks, called "context switching", between processes, threads and lwt running on the system.

The kernel maintains a summary page of the process when it switches tasks so that it doesn't have to recreate details of the process and is more efficient when it switches tasks. It is this summary page that can be attacked and IIUC addresses can be changed to access memory the process does not have permission to access.

This means that a process running in the userspace of Ring 3 of the CPU it can modify it's summary table to access data in Ring 0, where the kernel is. Which is obviously bad because now that process can access all the memory.

So an almost unusuable computer becomes completely unusable. Unless you're on solid state, then you get the performance of a mechanical hdd.

Maybe, but not how you would expect. The CPU scheduler *may* make it possible to hide some of the latency created by the now crippled context switching in mechanical disk latency that you can't do with ssd because of the way IO determines *when* the scheduler will context switch. Still early days and it depends on what techniques can be devised. It depends on where the summary tables are maintained and I would expect that to be in CPU cache, which is much faster than system RAM, which is why it is a tough bug to get around.

With that in mind it's plain to see why the Linux kernel devs want to call the patch fuckwit_ because Intel screwed up badly on this.

Re:five to 30 per cent slow down

[mlyle]

It's a huge penalty on the system call path. If your code does few system calls and is cpu bound, it's no penalty. Typical code takes a 5% hit. Networking/IPC/filesystem heavy code can pay 35%+ tax.

Re: five to 30 per cent slow down

[tigersha]

On a 6502 all programs have access to all memory all the time

Re:five to 30 per cent slow down

[TheRaven64]

Note that this wouldn't be the first time that Linux has done this. RedHat kernels used to support a 4GB/4GB address split on i386 PAE systems. Conventionally, on 32-bit systems, the kernel reserves the top 2GB of the address space and userspace gets the bottom 2GB. When this started to get cramped, the was an option to reserve the top 1GB for the kernel and make the bottom 3GB available for userspace. Sometimes, even that wasn't enough, so with a 4GB/4GB address split both get completely separate page tables and you do a page table swap on every kernel entry and exit. I remember it came with a performance hit, but I vaguely remember that it was closer to 5-10% back then (which some people were willing to pay if it meant that their code that needed 3.5GB of RAM actually ran, with the kernel using 3GB of RAM). It was fairly short lived, because most people who had a real use for it bought x86-64 hardware.

Re: five to 30 per cent slow down

[Pseudonym]

More to the point, on x86 architectures, running in 64-bit mode requires virtual memory. There is no such thing as 64-bit real mode (although you can identity map memory to emulate it).

Re: five to 30 per cent slow down

[hcs_$reboot]

Yes, but the Motorola instruction set is nicer.

Re:five to 30 per cent slow down

[Zocalo]

A lot of modern CPU speed comes from speculative execution of code in branches. In simple terms, if the CPU sees what looks like a loop it will assume it's going to be going round the loop again, look at the execution queue, and start working on any memory fetches, loading of registers, etc.so any the data is right there in the on-chip cache when needed. What seems to be happening with the flaw is that the kernel memory that should be hidden might be accessible during that speculative execution phase and can be copied before the speculative code execution is commited.

The performance hit from the fix comes if you have a system call to the OS kernel inside that loop, as the fix requires that all that data be flushed to hide kernel memory space from the user memory space every time you switch from usermode to kernel mode and back again. That seems to imply that if your code has a tight loop that makes multiple calls to the OS kernel, then you've not only lost all the performance benefits of the speculative execution and cache, but you've also had to sacrifice CPU cycles to flush it in the first place. If your code loop is being executed millions, or even billions, of times - not uncommon for some tasks - then, yeah, you could well be looking at a double-digit percentage performance hit.

Re:five to 30 per cent slow down

yes but that has zero to do with Apple doing anything good. It is simply a fact of the lack of features of the hardware and software of the time, the input is basically direct and their really is not much point to speeding up the speed a character appears on a screen post keypress in modern computers as the advantages are basically zip, they could do it but their just is no point, really quite a dumb comparison.

Re:five to 30 per cent slow down

[edtice1559]

This isn't about virtual memory. It's about memory dependence prediction. https://en.wikipedia.org/wiki/... The idea is that the microprocessor will speculatively load some memory so that the pipeline doesn't stall waiting for the load. If it's wrong, so what, just flush it out and stall the pipeline just like you would have with in-order execution. But when the out-of-order execution mechanism does this, it doesn't know what memory the current process actually has access to. So it could potentially load something from kernel space. Not a big deal as the "proper" load would replace this (i.e. pipeline stall, load continue, just as if there were no out-of-order execution). It seems that somebody has found a way, however to access the improperly loaded memory during the transient period when it was in a register. This is the type of creative exploit that it's fun to read about. Now the OS designers have to go back and somehow try to prevent this from happening presumably using some other feature of the micro-processor but the effect will be that the ability to do out-of-order execution will be significantly reduced thus slowing the machine down considerably.

Re:five to 30 per cent slow down

[AvitarX]

I think I saw even more than 30% for du -s without pcid.

Re:five to 30 per cent slow down

provide 6502 performance from an i7

Good, it's a step in the direction of improving latency. Next, replace the rest of the computer with an Apple //E and we'll have something responsive. Article measuring latency of various computers that finds the Apple //E to have the least latency in displaying a character, https://danluu.com/input-lag/

Bah, they didn't test an Amiga. Subjectively, the most responsive computer I ever used.

Re:five to 30 per cent slow down

While not fixed, can anything be done in microcode to make it less bad?

Re:five to 30 per cent slow down

[huckamania]

Would increasing the time between context switches help in this case? If it is context switching that is the culprit, then wouldn't doubling the context switch time cut the penalty in half?

Most file/web/whatever servers aren't running solitaire or surfing the web, so couldn't the OS makers take advantage of that and disable/retard services and daemons?

This sounds like a good way to trick people into upgrading their hardware.

Re:five to 30 per cent slow down

[Agripa]

I find it hard to believe that a virtual memory change will result in a 5-30% slowdown for Intel processors. Maybe for a few extremely specific (likely edge-case) tasks, but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.

The software fix includes invalidating the page table cache on every task switch and OS call and reloading the page table cache creates a severe performance hit.

The only way for Intel to fix this is to replace the processor. Won't that be a fabulous marketing opportunity? Buy our new and improved processor to replace our old and inferior one because we screwed up!

Re: five to 30 per cent slow down

[Agripa]

For the FDIV bug Intel recalled the affected cpus.

The number of CPU affected by the FDIV bug was minor compared to this and they were all replaceable (socketted) unlike this.

Re:five to 30 per cent slow down

[Agripa]

I wonder if Microsoft will apply this change to systems using AMD processors whether they need it or not. Based on the Linux patches from Intel, that is what they intended.

Re:five to 30 per cent slow down

[Agripa]

I'm much more surprised this can't be fixed in microcode, the entire CPU is run by its own "OS" since Pentium 1 the Intel CISC is just a translation to RISC so you should be able to patch it out. If not, it's not like the Pentium F00F bug anymore, these days we're using millions of CPU's per year, recalling even the last 5 years worth is suicide for Intel.

I got the feeling reading technical details that it can be fixed in microcode by disabling speculative execution which entails an even larger performance hit.

Re:five to 30 per cent slow down

[Bengie]

"Premature optimization is the root of all evil" followed by "Know when to optimize ahead of time otherwise you're going to be in for a world of hurt".

Re: five to 30 per cent slow down

Why should warranty period apply, this is a manufacturing defect, that causes your machine to be insecure or slower than advertised.

Just like if find out your car air bags won't work, they are replaced free of charge.

Car airbags are a life and death matter though. It is hard to say that a security vulnerability is the same situation.

There is also specific legislation requiring automobile manufacturers to replace faulty safety related parts, they are not doing it voluntarily. There is no such legislation for CPUs. If your car radio had a security vulnerability that caused people to be able to spy on you through the microphone in your bluetooth, they would not recall it.

This could be massive

[Artem+S.+Tashkinov]

The developers behind the GRSecurity project measured up to 63% performance loss. If most common tasks are equally affected, Intel is sure fucked. Home users might not need to bother, but large cloud providers might be seriously affected.

Meanwhile the Linux kernel has received the largest incremental minor patch in its history (229KiB) - perhaps kernel 4.14.11 already contains all the required fixes.

I have a sneaking suspicion Intel shares will fall through the floor in the next few weeks because Intel CPUs might have suddenly become quite slower than their AMD Zen based counterparts.

Re:This could be massive

[Artem+S.+Tashkinov]

Some PostgreSQL results have just been released: up to 23% performance loss. This is indeed huge.

Re:This could be massive

[scumdamn]

Doesn't look like it's everybody. https://lkml.org/lkml/2017/12/...

Re:This could be massive

It doesn't appear that way..

https://lkml.org/lkml/2017/12/27/2

Re:This could be massive

It's context switching overhead which is also why nobody ever ran rdbms under osx. Breaking KASLR isn't a good reason for this work, the real problem is prefetching privileged memory from unprivileged processes - possibly as a result of a bug in intel's speculative execution.

Re:This could be massive

[sl3xd]

Nice catch.

I guess that's what I get for reading articles about the issue, rather than LKML...

Re:This could be massive

To clarify from your link, it's not that AMD processors have the Page Table Isolation (PTI) fault, but rather it can be "turned off" on AMD cpus whereas it can not be turned off on intel CPU's (my interpretation).

Re:This could be massive

[grimr]

Nope. Page Table Isolation is the fix and not the fault. But isolating the userland and kernel page tables means you have to switch between them each time you go from user mode to kernel mode and back. This slows things down.

AMD CPUs don't have the bug where user mode can read kernel pages so does not require this isolation and the performance hit caused by enabling it. From the AMD email: "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."

Re:This could be massive

[Qzukk]

Based on this link from Hacker News: https://cyber.wtf/2017/07/28/n... and the linked email/patch from AMD, it looks like what happens is that AMD checks memory permissions up front before allowing an instruction into the pipeline, while Intel made the memory permission check as a later part of the pipeline, apparently after the memory was accessed and inserted into the cache.

Re:This could be massive

[Motherfucking+Shit]

I have a sneaking suspicion Intel shares will fall through the floor

Intel's CEO agrees; a couple weeks ago he sold all the Intel stock he can. If he'd dumped any more shares, he would have had to forfeit his job. That isn't a man who's confident about the future of his company...

Re:This could be massive

[Zocalo]

This flaw has been known about since at least October, and probably even sooner since early code to fix it starting coming out in November, which makes it seem *highly* likely that he was aware of the it and the potential impact when he took the decision to commit to the November sale. Also, as CEO, there's no way that he can plausibly claim "I didn't know about it" like the two Equifax execs who executed a stock sale just before their breach announcement did without coming across as completely incompetent and unfit for the CEO role. This reeks of insider trading, and after the outcry over the Equifax execs I can't imagine that the SEC isn't going to want to take a good hard look at this stock sale as well.

I'm sure his vested options will pay for some really good lawyers but, even so, forfeiting his job could be the least of his problems.

Re:This could be massive

I have a sneaking suspicion Intel shares will fall through the floor in the next few weeks because Intel CPUs might have suddenly become quite slower than their AMD Zen based counterparts.

Their CEO has already offloaded his entire stock bar the minimum he is required to keep for his company role. He had no need to, having just received a massive bonus. He basically took up all options at a bargain price and dumped them all mid Dec. He knew this flack was coming. Over to the SEC?

Re:This could be massive

[edtice1559]

I suspect that Intel shares will go way up in the medium-term as people suddenly find themselves refreshing hardware that was previously just fine. Intel will still get the bulk of the orders.

Re:This could be massive

Hopefully people will become aware of the dangers of single source for critical components.

tanenbaum's revenge?

sounds like one way to fix this would be to implement the operating system as some sort of message-passing microkernel...

Re:tanenbaum's revenge?

[sl3xd]

If you read one of the original articles about the KAISER patch set: a commenter asked about microkernels, and the reply is that since it's a hardware issue, both microkernels & monolithic kernels have to pay the same price.

Re:tanenbaum's revenge?

[mikael]

And this comment. Someone could feel the storm coming.

KAISER: hiding the kernel from user space

Posted Nov 16, 2017 7:21 UTC (Thu) by alkbyby (subscriber, #61687) [Link]
Looks like something bad is coming. Such as mega-hole maybe in hardware that can be mitigated by hiding kernel addresses.

Otherwise I cannot see why simply hiding kernel addresses better, suddenly becomes important enough to spend massive amount of cpu on it.

- This isn't the first time. There was a problem a decade ago with Intel CPU's, when separate process threads could access each others data through cache memory.

Re:tanenbaum's revenge?

If you read one of the original articles about the KAISER patch set: a commenter asked about microkernels, and the reply is that since it's a hardware issue, both microkernels & monolithic kernels have to pay the same price.

The workaround that is deployed has the effect of making context switches a lot more expensive.
Many microkernels depend on context switches being fast since they use more frequent context switches than a monolitic kernel does.
(you write a block to a file in linux, this is ONE context switch into the kernel. you write a block to a file in minix, you first context switch to the filesystem service, then you context switch to the disk service ...)

It is not unreasonable that some workloads may hurt a microkernel much more than it hurts a monolithic kernel.

Re:tanenbaum's revenge?

[Sloppy]

What if the microkernel doesn't share the same address space as the userspace processes? My understanding is that Linux shares the space to make lots of kernel services convenient (e.g. they can do things to userspace memory, as part of their job). But on a microkernel there's less incentive to do that (whoever is doing things for you, is more likely to be doing things in its own userspace). And if you're not doing that, then there's less to defend against.

I'm probably missing something.

Re:tanenbaum's revenge?

[Pseudonym]

What if the microkernel doesn't share the same address space as the userspace processes?

Before PCID (and in a sense, before 64-bit), microkernel OSes on x86 pretty much had to. L4 famously mapped commonly-used servers into everyone's address space for performance reasons.

My understanding is that Linux shares the space to make lots of kernel services convenient (e.g. they can do things to userspace memory, as part of their job).

Yes. There is always a tradeoff between security and programmer convenience. And by that I mean kernel programmer convenience, not user-space programmer convenience.

Microkernels certainly do have to mess with user space to implement anything interesting with virtual memory, for example. The difference is that microkernels only typically have to implement this once.

For example, consider the case where a user program needs a large block of data from somewhere else. The kernel could copy this into user space, or if it really cares about performance, it could just memory-map it and save having to copy it. Memory-mapped files are one common example; the kernel is maintaining a buffer cache anyway, so why not just map it into the address space of anyone who needs it?

Now suppose you had a microkernel that did this with IPC. It carefully looks at an IPC request, and if it seems more efficient and just as safe to do so, it could share pages between a server and a client instead of copying data.

Now you also have memory-mapped pipe I/O, and memory-mapped networking... all for essentially free.

Will this fix the kswapd0 100% CPU bug?

I used to use Linux in some small VMs without swap. Even though there was no swap space, if memory even started to become scarce some kernel process, I think called kswapd0, would go stupid and would use 100% of the CPU. Clearly it wasn't doing anything useful, because there was no swap space at all to be used. Since it was acting in an unwanted and wasteful way, I consider this to be a severe bug. Do these changes fix this bug?

Re:Will this fix the kswapd0 100% CPU bug?

[Artem+S.+Tashkinov]

Have you just hit infamous bug 12309? It's ostensibly fixed however people keep reproducing it (just google for heavy I/O operations slow down my PC).

Re:Will this fix the kswapd0 100% CPU bug?

The linux kernel has a parameters, swapiness, which is used to tell the kernel when to start attempting to swap to disk.

So if your swappiness value is 60 (the default), it means that kswapd will start to swapping out memory when there is 60% free. And if you have nothing to swap, then kswapd spins endlessly looking for a place to swap.

So you can do one of two things: fix your kernel setting, or create/use swap.

Re:Will this fix the kswapd0 100% CPU bug?

[sl3xd]

Nah, GP didn't configure the kernel's settings properly.

There's more to running without swap than not enabling a swap file/partition. You have to configure swappiness, the oom_adj_score for what to kill when memory runs out, and so on.

Re: Will this fix the kswapd0 100% CPU bug?

That extra configuration should be considered an additional bug. If there's no swap then Linux should automatically disable this kswapd0 process, without needing any manual configuration. It's stupidity like these multiple bugs affecting core functionality that drives Linux users over to the *BSDs.

Re: Will this fix the kswapd0 100% CPU bug?

If there's no swap present then the Linux kernel just shouldn't try to swap pages out, regardless of what those irrelevant (since there's no swap) settings are. This pointless work consuming 100% of the CPU and effectively slowing down the system to the point of being unusable is completely idiotic. The best fix at this point is to install one of the *BSDs, or even Windows.

Re:Will this fix the kswapd0 100% CPU bug?

Not having a swap partition will stop user data being paged out onto the swap...
But other things like file IO (eg executables etc) will still be flushed from memory and reread from their original location as required, rather than being written out onto the swap partition.

Re: Will this fix the kswapd0 100% CPU bug?

So many exploits and malware making use of swap partition. It is probably not a bug but another hidden feature.
Better solution might be to recompile the kernel without this daemon kswapd0.

Obligitory LWN link (Also affects ARM64)

[sl3xd]

Linux Weekly News has been covering this for quite a while.

5% slowdown on average, with up to 30% for some particularly bad network operations.

ARM64 is also affected, so it's not just intel

Re:Obligitory LWN link (Also affects ARM64)

It will be interesting to see real world performance. My old i7 960 never pins the CPU cores, so lopping off even 30% per core would not impact say, my gaming, where each core is never pushed past about 50%... Anyone have a list of affected CPUs? Is a 960 even affected?

Re:Obligitory LWN link (Also affects ARM64)

subscription required

Re:Obligitory LWN link (Also affects ARM64)

It's not that simple. You WILL notice a difference.

And, time for AMD to shine again

[NuclearCat]

And what is interesting, AMD is immune to that, proof: https://lkml.org/lkml/2017/12/...

Re:And, time for AMD to shine again

[sl3xd]

Nice catch.

AMD is safe

[TeknoHog]

The summary is not fully explicit: this is not a flaw in Intel x86 ISA, but specific to CPUs made by Intel. AMD processors don't have the problem, so they should not need the patch.

https://lkml.org/lkml/2017/12/...

This could be a huge win for AMD, because the patch incurs a measurable slowdown. At the moment, though, the Linux fix doesn't seem to distinguish between manufacturers. I expect the distinction will appear later -- better safe than sorry.

Re:AMD is safe

[Mindragon]

Although AMD is safe, why do they mention a 50% slowdown for AMD processors?

> @grsecurity measured a simple case where Linux “du -s” suffered a 50% slowdown on a recent AMD CPU.

Re:AMD is safe

They measured AMD with it on, but it's confirmed that AMD doesn't need it on. Useless stat.

Re:AMD is safe

Because the initial patchset didn't exclude AMD, it was a later patch that whitelisted AMD CPUs, so it would have applied the workaround unnecessarily before that.

Re:AMD is safe

[ColaMan]

Presumably they enabled the software workaround and ran it on a bunch of CPUs. Then they picked the most alarming slowdown they could find, regardless of whether that CPU needed the workaround or not.

Or perhaps they were just unaware at the time that AMD CPUs are not at risk.

Re:AMD is safe

The patch isn't hardcoded. It's applied at runtime and only on CPUs that are listed as insecure. AMD CPUs are not affected.

Either that or a lawsuit

[rsilvergun]

you cut 30% off the performance of my CPU expect to hear about it.

Re:Either that or a lawsuit

[Xenx]

Technically speaking, they're making a change to the operating system kernel and how it operates, not reducing performance of the CPU.

Re:Either that or a lawsuit

change obligatory to accomodate a defective CPU

Re:Either that or a lawsuit

Same thing. You designed a flaw, find it out and tell people to drive to fast because the brakes might fail. You are at fault.

Re:Either that or a lawsuit

[Xenx]

Microsoft/linux kernel devs/etc are not the ones at fault. They're working around an issue in the CPU. Using your analogy, they didn't design the car. They're just forcing you to either slow down, not drive on their roads, or buy a different car.

Re:Either that or a lawsuit

[segedunum]

That's how they want this to go.

Re:Either that or a lawsuit

[Xenx]

I'm unsure which "they" you're referencing here, so I'm not sure what point you're wanting to make. The problem is in the CPU. The kernel devs as a whole are not responsible for the problem. They're responsible for providing a stable/secure system. If they don't patch the problem with the kernel software, they're intentionally leaving people vulnerable. Unfortunately, given Intel's rather large lead in the CPU market, this is going to negatively impact a lot of people.

Re:Either that or a lawsuit

[hcs_$reboot]

Technically speaking Intel fails to provide a CPU that works as advertised.

Re:Either that or a lawsuit

You could try overclocking.

Re:Either that or a lawsuit

[Xenx]

But, Intel isn't the one making the change to the kernel. The change is being done by the kernel devs to fix an issue. They were suggesting a lawsuit for cutting performance of the CPU. As Intel isn't slowing down the CPU, that means they are suggesting a lawsuit against the companies behind the OSes. If they were suggesting a lawsuit against Intel, it was poorly worded.. but a different story.

Re:Either that or a lawsuit

[iggymanz]

chips were advertised and sold as having protected and separated memory

Re:Either that or a lawsuit

[Bert64]

They're not forcing anything, they're providing options for users who bought a defective product.

Re:Either that or a lawsuit

[Xenx]

If you're provided three options, and only three options, you're forced to pick one. Inaction is a choice that would force at least one of the options.

Re:Either that or a lawsuit

[Xenx]

That has nothing to do with what I said. Intel designed and produced the CPU. The OS devs are responsible only for the OS. If there is a flaw in the Intel CPU, that is between "you" and Intel. The OS devs patching a security hole in the CPU should not leave them open to a lawsuit when the only way to patch it slows down the performance of the system.

Re:Either that or a lawsuit

[segedunum]

This is a CPU problem, and yes, in reality they are reducing the performance of the system. What should be happening is a recall, but Intel obviously don't want to do that. If the impact of the performance hit is noticeable for many, and this includes desktops, servers and every conceivable workload where an Intel CPU is used, expect an absolute shitstorm.

Re:Either that or a lawsuit

[Xenx]

It's a simple path of logic. The problem is in the CPU, not in the kernel. The OS devs are only doing their job and in no way should be targeted in a lawsuit for fixing a security hole they didn't create. That is the only point I made. Anything else is misinterpretation of what I said.

Re:Either that or a lawsuit

One of the options is disable the fix, so you can carry on as before. The Linux devs are opting for security over performance by default, but you still have the option to disable this fix and remain insecure.

Is it really a problem being forced to pick an option, if one of the options you can pick is "carry on as before"?

Re:Either that or a lawsuit

Except some of the kernel devs work for Intel, so I'm not sure you're right.

Re:Either that or a lawsuit

A flaw in the CPU, means that secure operating systems can not take advantage of all acceleration/caching mechanism in the virtual memory systems. CPU have TLBs to make Virtual Memory. They have a Privilege Mode Flag to protect kernel space from user space in these TLBs to avoid constant remapping of the TLBs. Intel CPUs have a flaw that can allow you to load kernel memory into L1 Cache from userspace because of instruction reordering. The only work around is to map and unmap the kernel TLB entries on interrupts and user space / kernel boundaries (every sys call). If the kernel TLB entries are not there, userspace can not take advantage of the bug. The intel flaw basically causes lots of TLB churn which has huge effect on caching.

Re:Either that or a lawsuit

[Pyramid]

Intel isn't making any changes because it is physically impossible for them to do so. The only option left for OS maintainers to make software patches to work around this flaw. They would be negligent for leaving a known security flaw unaddressed. This rests solely on Intel's shoulders - they created and sold a product with a serious, undisclosed flaw.

Re:Either that or a lawsuit

[Pyramid]

"you cut 30% off the performance of my CPU expect to hear about it.
--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-..."

I can't be the only person who sees the irony of a person complaining about performance degradation and that they make Firefox plug-ins in the same post.

Re:Either that or a lawsuit

[Xenx]

Disabling the fix was one of the options, yes. However, I think the average user won't have the option to disable the fix. It does sound like Microsoft's style.

Re:Either that or a lawsuit

The option will likely only be available through a registry key. For the average user that would be just fine. The ones that know what they are doing won't have a problem with that, and the rest should stick to the default.

What about games?

[rsilvergun]

or heck if you've just got a low end laptop?

Re: What about games?

[Monster_user]

I'm already getting serious slowdown from games optimizing for other Windows operating systems. Rebooting into Windows 7 offered an incredible leap in performance on the same rig for one game in particular, Makes the game as fast as it was when I first installed it on the old OS! That is what I get for playing an MMORPG.

Re:What about games?

[AHuxley]

The top games are created to work well on the cpu and gpu limited consoles. No slow down will be noticed from game ports to the PC desktop due to the average games design limitations and the poor quality code, art.
A new GPU issue would have been evil. CPU use is consul port code and art limited already and most games on suggested settings will not feel any different.

Re:What about games?

You have no idea what you're talking about.

Re:What about games?

[Xenx]

You're over generalizing. You're also assuming people are playing games that are console ports. I play a few games that are already CPU limited. There are also a few popular titles that are cpu intensive. PUBG being a big one right now. I'm not saying this fix is going to make it worse, as I don't know. But, a huge hit to CPU performance would make a huge impact on those games.

Re:What about games?

[AHuxley]

Re "You're also assuming people are playing games that are console ports"
The end users play what they are told to in ads and from reviews.
Its the developers who have to be aware of that generations average CPU, GPU and the limitations of a console/PC release. That game has to still run on generations of older cpu's and still play well. So a new CPU should have room to keep working within normal game settings.

Re:What about games?

[Xenx]

First, people play what they want to play... or what everyone else is playing to fit in. Ads will encourage them, but definitely don't define what gets played. That assumption alone tells me that you're not exactly worth the effort here. However, yes.. large titles that start out as a console release are less likely to have higher CPU requirements. There are quite a few PC games, which would be the segment of games affected by issues with the CPU in a PC, that heavily rely on the CPU. Further.. If you look at minimum CPU requirements for PC versions of games that are on console.. often times you'll see the min requirements are higher than the actual CPU of the console. So, obviously... it's not a direct comparison.

Re:What about games?

[aliquis]

I'd call bullshit.

1) The consoles and "oh shiny"-benchmarks want to brag about 4K and before of ultra graphics quality and show pretty screenshots. As is I have an i7 8700K but still the HD 6950 2 GB graphics card .. I get 80ish to 120 fps in 1280x800 on low in Quake Champions. Not sure which part is holding me back but currently the monitors which support UHD at over 60 Hz is easily counted and I'm more interested in both HDR and higher refresh-rate than what I'm about more pixels. Not that UHD is uninteresting just that I'd much rather have 144 Hz WQHD than 60 Hz UHD. While on consoles 30 fps may be ok or they want to up the graphical quality and sacrifice frame-rate I'm not them. I play games on low to get better performance as is.

2) The Ryzen 5 1600 isn't all that much slower than an i7 8700K.
If we compare the max OC chips on userbenchmark the i7 8700K is 37%, 39% and 28% faster in single-core, quad-core and multi-core loads. Throw in whatever disadvantage there for the Intel and the gap shrinks. The Ryzen 5 1600 + B350 board cost half as much as the i7 8700K and a Z370 one.
For the Ryzen 7 1700 things will look even better but they are also due to a refresh 1-3 months from now. The ThreadRipper 1900X is from the chips they deem worthy for threadripper so I'll use that rather than the Ryzen 7 1700 just to have the best 8 core they have currently. Against that the i7 8700K is 28% and 29% faster on single- and quad-core loads but 10% slower on multi-core ones.
Remove some Intel performance and add some AMD performance and it will quickly become about a wash but AMD charges half the price for their solution.
I paid more money for the i7 8700K because it's the best. If it's not then it's of course not worth that money.

3) Regardless of where consoles are now and whatever a slower processor would be "ok" now things progress and this mean that the Intel chips won't last as long into the future. They will both lose their lead over AMD but of course if Intel fix this on silicon level that mean that the new chips will be a bunch faster too. Intel speed has progressed very slowly at 10% per generation or so. At best possibly. A 30% drop would mean 3 generations of lost performance (That's not how you to math with percent but it's how Intel claimed the i7 7700K against the 6700K, 4790K and 4770K or whatever it was. A kinda weird selection of chips maybe.)

Anyway a 30% performance loss for gaming would be massive. But I kinda don't feel 15% is acceptable either.

Ryzen 7 1700 already have higher multi-core performance. Add an OS slow-down on Intel and a process gain on AMD and the Ryzen 7 2700 will become much faster in multi-core tasks and maybe catch up in single-core ones.

Re:What about games?

[aliquis]

1) First post mention PUBG.
2) Reply mention ads.

By now PUBG of course market itself but how much of a marketing budget did it have originally?

Was it marketing which brought it to the top?

Re:What about games?

[Agripa]

or heck if you've just got a low end laptop?

Then your low end laptop is now lower end.

More info on the subject

[trybywrench]

some of my sys admin friends posted this on a slack channel i'm in, apparently it's a big deal

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

Re:More info on the subject

Interesting.

Perhaps the kernel randomize the time to return from page faults?

Disabling TSX instructions also might be nice.

Deja Vu

[WhoBeDaPlaya]

Anyone remember the TLB bug that also resulted in huge performance penalties in the first generation Phenoms? Guess it's Intel's turn.

Re:Deja Vu

[Artem+S.+Tashkinov]

Results varied. Some workflows experienced a very significant performance loss however, e.g. Firefox became twice as slow, WinRAR four times as slow.

Older (non-paywalled) LWN Link

[sl3xd]

An older link, about the KAISER patch set

Looks like Apple wonâ(TM)t be the only one sl

Up above

Caching is what makes CPUs fast

The fix separates the memory layout in kernel mode from the memory layout in user mode. The page tables used to be the same, but there appears to be an access method that bypasses the CPU protections, so the kernel no longer keeps the kernel pages mapped when a process leaves kernel mode. This means that every time a program calls into the kernel (to read a file, send a packet, etc.), the memory layout changes and the CPU has to flush the Translation Lookaside Buffer twice per syscall, once when the process enters kernel mode and once when it leaves kernel mode. This is what causes the slowdown. It is more severe for loads that use many system calls, but unless you have highly computationally intensive loads that rarely use system calls, you will see significant slowdowns.

Re:Caching is what makes CPUs fast

[spitzak]

Probably only needs to clear the TLB when leaving kernel mode. I don't think it is a problem if the kernel can read user pages using this bug.

Re:Caching is what makes CPUs fast

[grimr]

The TLB maps the virtual to physical addresses. Leaving stale ones is a bad idea which can lead to memory corruption.

Take this example. User mode page table maps virtual address 0x1000 to physical 0x500000. Switch to kernel mode and the kernel mode page table maps 0x1000 to physical 0x600000 for either it's own data or maybe another processes data. So the kernel goes to write to 0x1000 and the processor goes "hey, I have that cached" and proceeds to overwrite 0x500000 instead of the 0x600000 the page tables say it should.

Now there is a feature called PCID where not all the TLB entries need to be flushed. That can reduce the performance hit of the fix.

Re:Caching is what makes CPUs fast

[TheRaven64]

Leaving stale ones is often fine. FreeBSD does this intentionally in the transparent superpage promotion. When it condenses adjacent pages into a single superpage in the page tables, it doesn't invalidate the TLB entries. The exact behaviour of this varies between CPUs. When you get a TLB miss in an adjacent address range, it's filled from the superpage entry and now you have two TLB entries for the same virtual address[1]. Intel will just discard the smaller one, Centaur will note the mismatch, invalidate both, and refill from the page table, gem5 will crash (I think we've upstreamed the fix for this), and I'm not sure what AMD does.

Your example is highly unlikely, because the kernel typically reserves the top half of the address space for itself and an attempt by userspace to map anything in this range will fail. On x86 chips, there's a huge gap in the middle of the address space (it actually makes more sense to think of virtual addresses as signed values, with userspace ones being positive, kernel ones being negative, and the size of the number somewhat less than 64 bits [microarchitecture specific]). The kernel map, by default, will include the entire userspace portion of the address space for the current process, so that copies between kernel and userspace are cheap.

This kind of TLB invalidate is actually cheap on AMD, because they implement a tagged TLB with the cr3 value as the tag, so swapping cr3 values implicitly invalidates the TLB, but the entries become valid again when you reset the entry. The PCID feature, which is apparently the cause of this vulnerability, is largely a result of the fact that AMD patented this technique and so Intel doesn't use it.

[1] Some old SPARC chips would literally catch fire if you did this: the TCAMs would run hot enough to burn.

Re:Caching is what makes CPUs fast

So, wait, despite the fact that AMD isn't vulnerable to this issue; you believe the fix (separate page tables) wouldn't incur overhead? Or it could be implemented on AMD chips with very little overhead (even though it's not needed)?

Seems to me it'd be worth using this anyway then; assuming the code doesn't force flushes when they're not needed.

Re:Caching is what makes CPUs fast

[TheRaven64]

It will incur overhead, because you'll still use two TLB entries for every address that's accessed by both kernel and userspace. I believe (though I'm not 100% sure) that a cr3 modification involves a complete pipeline flush on AMD, so will have a high overhead for cheap system calls. The GrSecurity benchmarks had very high overhead on AMD, but I don't know what the root cause was.

Re:Caching is what makes CPUs fast

[grimr]

My example is not highly unlikely. It happens all the time with interrupts. If a disk read completes for another process the kernel has to flush the lower address space TLBs. But I think you're right in that it doesn't need to happen on entry to a syscall but it might need PCID to selectively flush eficiently.

I know about the virtual address space layout and the hole in the middle. It's probably on of the factors in the AMD IRET bug I ran into on Ryzen.

I don't believe the PCID feature is the cause of the bug. The cause was that Intel check privileges at instruction retirement and not at the start of the speculative operration. PCID would mitigate the performance penalty of the fix as the kernel wouldn't have to flush all TLBs.

Re:Caching is what makes CPUs fast

[Agripa]

This kind of TLB invalidate is actually cheap on AMD, because they implement a tagged TLB with the cr3 value as the tag, so swapping cr3 values implicitly invalidates the TLB, but the entries become valid again when you reset the entry. The PCID feature, which is apparently the cause of this vulnerability, is largely a result of the fact that AMD patented this technique and so Intel doesn't use it.

Wouldn't the cross licensing agreements between Intel and AMD cover Intel using AMD's patented technique?

I would sooner believe that AMD saw a problem and implemented a fix and patented it while Intel decided it was too expensive to bother fixing.

Re:Caching is what makes CPUs fast

Seems to be more than that - not just clearing the TLB, but actually invalidating the page table.

I suspect that a speculative read will succeed (complete with TLB load) when it shouldn't due to permissions.

Architectures where a TLB-miss is handled in software (e.g., MIPS) would, as you say, merely be a TLB flush on exit from kernel mode. (These issues would be worked around in the TLB-miss-fault-handler.)

The future

[Artem+S.+Tashkinov]

I'm curious how much Cannon Lake and Ice Lake CPU architectures are going to be delayed. Since Cannon Lake is basically SkyLake on a 10nm node, Intel cannot release it with such a glaring hole which causes such a significant performance loss.

I've been running a Sandy Bridge CPU for seven years now, and now I'm really looking forward to the second gen Zen CPUs. Viva, competition. I'm really glad AMD is still around.

Re:The future

[sl3xd]

I'm curious how much Cannon Lake and Ice Lake CPU architectures are going to be delayed.

I'm going to go out on a limb and say "not at all"

CPU design pipelines are pretty long; generally requiring at least a year to go from "Tape Out" to fabrication.

Releasing no chip (and staying with an even slower current generation) is just not an option.

Cannon Lake and Ice lake are still an improvement on Intel's current offering, and can still compete against AMD's offering.

Intel managed to move on after the (even more dire) disasterous NetBurst architecture; there's no reason to believe they won't get past this issue.

It's nice to see that AMD is finally back in the race.

Re:The future

I was about to put down some money for a Sky Lake CPU because, old though it is, I have a reason to run Windows 7. Although you can work around Microsoft's decision to only support Windows 10 on the newer CPUs (Kaby Lake, Coffee Lake, Ryzen), I wanted to avoid that hassle.

Now I don't know what to do. Maybe buy Ryzen anyway because it is apparently immune, and circumvent Microsoft's silliness. Regardless, my hardware decision is on hold pending whatever this thing is, because a 5 to 30% performance hit is huge.

Intel CEO Sold a lot of stock...

[Nos.]

https://www.fool.com/investing...

Less than a month before we know the linux kernel was being patched for this bug.

Re:Intel CEO Sold a lot of stock...

[sl3xd]

This bug has been known and reported about since early November; the original paper was presented in July of 2017, and code has been in Github since Feburary.

Motley Fool is just noting that the Intel CEO isn't holding any more stock than he needs to.

And there are good reasons:

* AMD is back from the dead.
* Intel's GPU hasn't been that successful -- they've even teamed up with AMD to put Radeon GPU's in the same die as an Intel CPU.
* PC sales are declining as consumers shift from Intel PC's to using ARM-powered tablets & phones instead.
* ARM is making inroads into the "desktop and laptop computer" marketplace.
* ARM is powering most consumer electronics as well (TV's, Blu-ray players, Smart Speakers, etc)
* Intel is absolutely nowhere in the mobile world. Mobile has one ARM to rule them all.
* Intel missed the boat for the current generation of XBOX and PlayStation consoles.

Intel is looking more and more like a one trick pony, and its competitors are beginning to do that one trick better too.

Re:Intel CEO Sold a lot of stock...

This bug has been known and reported about since early November; the original paper was presented in July of 2017, and code has been in Github since Feburary.

Intel+Cray bid for pre-exascale supercomputer Aurora was announced delayed at September 26, so they knew what was coming by then in terms of performance/security implications. They now promise five-fold better performance with Aurora delivered three years later.

Re:Intel CEO Sold a lot of stock...

[mentil]

The stock sale likely has more to do with Intel taking more risks, which investors tend not to like when they see you as a blue-chip stock.

Re:Intel CEO Sold a lot of stock...

Much as I enjoy a good conspiracy theory for the lulz, SEC regulations would require the CEO to file a bunch of paperwork months in advance of any significant stock sale/purchase. The higher up you are in a company hierarchy, the more restrictions there are on when and how you can buy/sell stock to prevent insider trading.

So sorry to dump cold water all over the idea that the CEO is pulling the ripcord on their golden parachute, but it really is just a coincidence. Odds are the CEO had to file to sell this stock even before November when news broke about this issue. All hope of a conspiracy are not dead, however, because it's entirely possible the CEO knew about this particular bug a lot longer than the rest of us have, and was anticipating that it would break sooner or later, and so put things in motion to liquidate a lot of stock hoping to get in under the wire of the stock price collapse. But it's not like the Intel CEO saw this El Reg story, called up his broker, and told them to liquidate a bunch of stock. It doesn't work that way.

Re:Intel CEO Sold a lot of stock...

[MSG]

This bug has been known and reported about since early November

November, nothing. Theo de Raadt called Intel "a nasty x86 architecture which barely has correct page protection" in 2007. He was right.

https://marc.info/?l=openbsd-m...

https://www.theregister.co.uk/...

Re:Intel CEO Sold a lot of stock...

[thegarbz]

Not relevant. Selling of lots of stock in CEO levels isn't something that happens quickly. Heck most such sales happen at pre-set intervals and are declared MANY months in advance.

Resist the urge to be human, finding patterns that don't actually exist isn't healthy.

Re: AMD stock? Intel Stock?

[Monster_user]

Does Intel still have shares of AMD stock?

... and this is why ...

[nbvb]

This is why we run our mission critical workloads on SPARC and Power along side Linux. Solaris and AIX. Diversity -- in operating system, in processor, in manufacturer - is healthy. The SPARC T8's are blazing faster, secure, and don't have this nonsense. Neither do our POWER8's. Having all your eggs in the Intel+Linux basket could be a major shitshow here... meanwhile, we'll keep chugging along.

Re: ... and this is why ...

Just a shame SPARC is dead..

Re:... and this is why ...

I guess.. if your workload runs fine on 90s era hardware..

Re:... and this is why ...

[segedunum]

That's OK. If you'e on SPARC you've already taken the performance hit many, many times over!

Re:... and this is why ...

SPARC is EOL dude. Oracle is only putting out maintenance patches.

This has to be a troll post.

Re:... and this is why ...

[Anne+Thwacks]

If you'e on SPARC you've already taken the performance hit many, many times over!

Depends on what your workload is.

Re:... and this is why ...

you're kidding right? sparc is dead.

https://www.theregister.co.uk/2017/09/04/oracle_layoffs_solaris_sparc_teams/

Re:... and this is why ...

Could have fooled me - I thought sparc M8 was the end of the line for SPARC. There's not much innovation happening on that arch, and that should give you a *BIG* heads up as to their final destination.

And just because you're on a minority platform, with less eyes looking at it, does not mean it doesn't have similar or worse flaws (that have/haven't yet been found/disclosed)

Re:... and this is why ...

Maybe but your SPARC T8's and POWER8's have MASSIVELY less testing than anything Intel. It's very likely those chips have undiscovered flaws, or, more likely, discovered flaws that aren't disclosed and are actively being exploited.

Re:... and this is why ...

You sound like a fucking redditor. Event = > unrelated behavior => behavior attribution. That isn't why you run on SPARC and Power. This is some event that you would like to use to justify your current state.

Re:... and this is why ...

And this is why we see Slashdot corrupted moderation system... oh I see a Low ID posted a rant post that doesn't contribute in anyway...get tagged +5 ... all the other answer moderated to 0...even registered users. FUCK YOU!

Re:... and this is why ...

[nbvb]

Completely NOT unrelated. We've made a very deliberate decision to keep these platforms around - and continue to invest in them - as a hedge against monoculture.

Doesn't matter if Oracle has another SPARC chip coming or not -- Fujitsu does in the ~2020 timeframe.

Solaris 11.4 coming in 2018. Have you installed the weekly builds? I have. Will be supported till at least 2034.

Brought SPARC M8's to production? I have.

POWER - same kind of thing. POWER9 just launching, starting with AI.

Sure, this stuff isn't mainstream, but neither are our workloads. People would (literally) die if our systems went down hard. Same reason we use multiple databases - Oracle, DB2, Postgres, mySQL all have a role to play, as well as some other more esoteric ones. Same reason we use multiple network vendors, multiple power suppliers, etc. All about avoiding monoculture.

So yes -- some people actually DO think ahead of events like this.

Re:... and this is why ...

[nbvb]

... yes. At scale, yes.

Re:... and this is why ...

Words whispered among hardware engineers is that Power is also affected. It shouldn't be a surprise, as engineers often changed jobs among these companies.

interesting point.

To which I am sure will be modded down due to relevance.. But..
Why don;t we see this crap comming from the AMD side of things, or more over from the ARM Side as well..
Makes ya wonder, If Intel is such a big conglomerate, overshadowing most.. Why the hell cant they get their shit straight..
The first pentium blunder I can understand,, It was their first major Blunder Fuck, to which they should have learned from.
Now, several blinder fucks later, and now this load. Wouldn't it be funny if it turns out that INTEL killed INTEL?? due to various blunderfucks..

MacOS?

[e432776]

Have to ask, does this also affect Intel-Macs? I infer "yes", but have not read many of the detailed articles yet...

Re:MacOS?

Yes, they are impacted too.

Re:MacOS?

[Artem+S.+Tashkinov]

With 99.99% certainty unless the Mach kernel does something no other OS does in order to secure kernel memory pages.

Re:MacOS?

[Misagon]

Yes. I understand it, this Intel flaw concerns the kernel being mapped into all processes' address space at the same addresses. The kernel's memory pages are marked "Global" (present for all processes) and "Ring 0" (Kernel access only). This means that a system call does not require a context switch - only a flip of a bit inside the CPU.
Both Linux, MS Windows and macOS do/did this before the recent patches.

While macOS uses the Mach microkernel which (because it is a microkernel) had been designed to be small(ish) and run alone in Ring 0, Apple has broken the kernel's protection model and put a whole lot of other stuff in global Ring 0 pages as well to increase performance.
This makes their "kernel" almost as large as MS Windows and Linux, providing just as much memory that can be attacked through memory/timing-based attacks.
So, in effect, macOS would be just as vulnerable.

Re:MacOS?

[bruce_the_moose]

Cue the lawyers to initiate class action lawsuits against Apple once they release their patches to deliberately slow down older machines in the face of a hardware limitation.

Just use GLX instead

[Eravnrekaree]

This has long been a concern of direct rendering, giving direct access to video hardware to applications opens up a lot of possible bugs that did not exist.

It might be better to simply use GLX and send all of the OpenGL commands to the X server and have the X server handle the video card. Remember that the X server is being ported to use Mesa drivers with the Glamor project so the X server can send OpenGL commands through Mesa. I asked about this before , the geniuses that run X.org seem to be refusing to upgrade the GLX support to the latest OpenGL specifications, even though for situations like this it could really help and might be important for people that want to avoid the risks of direct rendering. or who want to use network transparency. Its quite foolish

30% Refund

Where do we apply for the refund?

Because...

CPU design is complex, that's why. Getting everything right, all the time, or even getting the testing fully comprehensive... "hard" doesn't even begin to describe the problem. The word you'd be looking for is "impossible."

--fyngyrz *

* Anon due to mod points, because Slashdot rules are stupid. Soylent News does it better. A lot better.

I fail to see how this does not turn into a class

Even a 15% performance drop, not to mention 60%, is a huge hit. This is the kind of performance increase you buy a new processor for. So everyone just paid for a performance increase they did not get. False marketing to the tune of billions.

Go ARM Go

[smist08]

Glad my latest computer is a Raspberry Pi. Glad to be on an ARM processor. Perhaps this will help more ARM based computers become more mainstream this year.

Re: Go ARM Go

Haha yes came here to say that! I'm looking forward to higher-powered arms and bigger desktop systems.

Re:Go ARM Go

[andydread]

really sorry to bust your ARM bubble. https://lwn.net/Articles/74039...

Re:Go ARM Go

Wow what a shit computer to have...yeah great comparison.

Re:Go ARM Go

What does this mean for Arm, like the Arm Cortex? This is a completely catastrophic event with many application developers who depend on the performance who now have to rethink things to how things worked 5 to 10 years ago. Lots of network switches use ARM or Intel processors. Even our wonderful famous Juniper uses Intel, taking such a huge performance hit is just mind blowing. Intel is going to take a very serious blow for this.

Re:Go ARM Go

But PPC/Power seems unaffected. Go order Talos II workstations...

Re:Go ARM Go

Has anyone found any benchmarks for performance hits on the raspberry pi?

Re:Go ARM Go

The fact that KAISER was implemented for ARM doesn't mean it's vulnerable. Read the original paper on KAISER:

...One significant difference to
x86-64 is that ARM CPUs have two registers to store physical addresses of
translation tables (TTBR0 and TTBR1). Typically, one is used to map the user
address space (lower half) whereas the other is used to map the kernel address
space (upper half). Gruss et al. [6] speculated that this might be one of the
reasons why the attack does not work on ARM processors...

We'll just live with the slowdown, pretty much.

[OFnow]

The notion that Intel even has the capability of producing new fixed CPUs to match other than the latest packaging/pin requirements seems fanciful. In which case we'll just have to live with any slowdown. As buying all new systems is just too expensive.

Re:We'll just live with the slowdown, pretty much.

I won't. It'll get patched out for the gaming box. I won't tolerate 30% hits for security I don't need. I'm not running public facing hypervisors on my personal machines.

Re:We'll just live with the slowdown, pretty much.

[CanadianMacFan]

No, but this would be one of the few times I'd love to see a class action lawsuit. Intel has been selling us CPUs with a specified amount of processing speed and for all of these years because of this bug those CPUs will no longer be able to match those specs.

Rebates should be given out automatically based on the cost of the CPU on systems and an average slowdown for the market that they used the machine for (home use, corporate desktop, server, etc).. Large companies such as Apple, Dell, etc have records of who they sold computers to and it would be a quick first step to get money to people. Others who bought from smaller shops, couldn't be reached by the big companies, or bought parts would have to submit receipts.

Intel keeps doing this and keeps getting away with this. They will still do this unless there is a huge financial penalty for them. With this they could slow down a large proportion of the world's computers and have nothing happen to them.

Re:We'll just live with the slowdown, pretty much.

[Xenx]

From what I can tell, this bug and fix greatly affects businesses. If Intel wants to keep a place in the server market, they pretty much have to fix the issue. As to the whole lawsuit, it'll be tough. Their warranty doesn't cover design defects. I would venture there is likely wording elsewhere protecting them from legal action. It'll be an uphill battle.

Re:We'll just live with the slowdown, pretty much.

Looks like the bug could be exploitable with some javascript in your browser. So unless you're isolated from external networks it most probably affects desktop/gaming usage too.

Re:We'll just live with the slowdown, pretty much.

> Their warranty doesn't cover design defects.

Huh? Think again. What do you think an EU judge would do upon hearning that claim? He would be hit by an immediate brain stroke and the replacement judge would hit Intel with a fine for a few billion euros.

Contracts deemed "immoral" are automatically null and void in the Code Napoleon (upgraded Lex Romanus) civic and criminal legal system which 99% of continental Europe and a large part of the world uses. Anglo-saxon "common law" isn't that common globally.

Re:We'll just live with the slowdown, pretty much.

[CanadianMacFan]

I didn't saw sue them to fix it under warranty. The lawsuit would be for false advertising. In order to fix the bug and have a CPU the operates properly then their products no longer meet the specifications that were promised. This impacts everyone. Just because home users may not see, some will. But they bought computers based on the speed of the processor. Plus don't forget that Intel charges based on the speed that the processor is able to give businesses and users.

Re:We'll just live with the slowdown, pretty much.

[Xenx]

I never said to sue them to fix it under warranty. I pointed out that they already have provisions in the warranty covering them if there is a design defect. If they took the time to add a line there, I would venture there is wording else were to protect them in this type of situation. As to your idea of false advertisement, it wasn't. An unknown flaw in the product was found. There might be some other course for a lawsuit, but not false advertisement.

Affected CPUs?

Are we gonna get a list of affected Intel CPUs, so we can avoid buying them?

Re:Affected CPUs?

[hcs_$reboot]

TFA: It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.

I will reclaim the security's damages.

I won't buy buggy, flawed, unsafe, expensive and slower Intel chips since the past decade.

I will decide picking the AMD options before visiting the christmas shops.

I will buy RISC-V chips if they are polished and better than AMD/Intel chips.

I hate the broken escalation prevention.

And now is the time...

Stock option time!

Make sure smugness doesn't bite you in the ass

[mykepredko]

Just because ARM processors don't have this security bug it doesn't mean that there aren't any Broadcom ARM processor hardware (or its kernel) security issues lurking out there that are as bad or worse.

Re:Make sure smugness doesn't bite you in the ass

[andydread]

But....https://lwn.net/Articles/740393/

Re:Make sure smugness doesn't bite you in the ass

[mykepredko]

Thanx for the link - it looks like there is some performance impact on the ARM64s. Noted here: http://lists.infradead.org/pip...

Never think what you are using is perfect.

Re:Make sure smugness doesn't bite you in the ass

IBM and Digital of PDP fame did not have these problems .VM/370 from 1972, although they added hardware protection, but had memory keys always.
Putting all the harm in systemd to avoid switching - is suddenly looking like a smart decision. Now to apply this to bitcoin exchanges and their ilk.

TO BIG TO FAIL

No slowdown caused by Intel because they will SELL you a new CPU.
And no slowdown on your iPhone because Apple will SELL you a new battery,
          In both cases: THESE ARE DEFECTIVE PRODUCTS.
In both cases you must pay a 2nd time for performance you already paid for.
Silicon Valley and American Quality have reached a new low.
          What a joke!!!
It's not just the banks that are TO BIG TO FAIL.

Re:TO BIG TO FAIL

[slashrio]

Yes, shouldn't they issue a new CPU for free?

Re: TO BIG TO FAIL

Replace the chip. Like Intel did with pentium big in the 90â(TM)s.

Stealing upto a third of my processing power. Yes fix it intel

Is this always worth fixing?

[lucasnate1]

Won't there be people who decide that fixing this is not worth the slowdown? After all, if it is ran on an internal machine where users can't cause a buffer overflow or provide code, why should there be a risk?

Speculative Memory References and Page Faults

[bill_mcgonigle]

From the AMD commit:

AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.

this can probably be rewritten in the inverse like:

Intel processors ... allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode, [including]
when that access would result in a page fault.

So it seems like: set up a speculative memory reference to a kernel memory structure, cause a page fault, and then get a bit of kernel memory out (and back in?). That could get you root before long. Some people have been saying this can be leveraged to get a guest into its hypervisor too.

Re:Speculative Memory References and Page Faults

[Qzukk]

That's exactly what happens.

cause a page fault, and then

Write a short little helloworld.c that causes a page fault and then prints "Hello World". Let me know what happens to "and then" when you run it as a non-root user.

There's another piece of the puzzle that is still missing/not being talked about. I suspect that this exploit *only* works meaningfully when done in a virtualized guest with a hostile admin/root exploit. My suspicion could work with a root exploit without a VM, but you're already root so why?

Re:Speculative Memory References and Page Faults

Signal handlers can trap page faults. The process doesn't automatically fall over.

Re:Speculative Memory References and Page Faults

[iamacat]

The paper actually talks about instructions that are speculatively executed and then discarded, so they don't actually cause page fault. And how, as a result, content of fetched addresses can be potentially discovered by carefully measuring timing of subsequent instructions.

Re:Speculative Memory References and Page Faults

From https://gruss.cc/files/kaiser.pdf:

Hund et al. [7] described a double page fault
attack, where an unprivileged attacker tries to access an inaccessible kernel memory
location, triggering a page fault. After the page fault interrupt is handled
by the operating system, the control is handed back to an error handler in the
user program. The attacker measures the execution time of the page fault interrupt.
If the memory location is valid, regardless of whether it is accessible or not,
address translation table entries are copied into the corresponding address translation
caches. The attacker then tries to access the same inaccessible memory
location again. If the memory location is valid, the address translation is already
cached and the page fault interrupt will take less time. Thus, the attacker learns
whether a memory location is valid or not, even if it is not accessible from the
user space.

Re:Speculative Memory References and Page Faults

[Qzukk]

mov rax, kerneladdr is the instruction that page used as the exception, which is a page fault and a memory access violation that should segfault. What I was missing is that non-root users can actually trap SIGSEGV (which I should have realized, otherwise SIGSEGV would terminate debuggers too), though the stack overflow pages on this definitely demonstrate it's not simple to come up with a trap that isn't "crash into debugger" or "exit".

Re:Speculative Memory References and Page Faults

Funny you mention that because...

https://twitter.com/brainsmoke/status/948561799875502080

FUCKWIT

[goombah99]

not you. thats's what the Linux team wanted to call this bug.

I read the El Reg article but I still don't understand what it is saying. At all levels. I don't understand if this means all intel processors or just the new ones. I don't understand if the 20% slowdown is for a tiny fraction of operations in the OS or if it means that things like e-mail, firefox or general python programming will be slowed down 20% overall. The latter would be a disaster. (could I ask intel to refund 20% of my computer costs?). And what's the consequences of not patching? Is the OS unstable or not use memory efficiently or "just" a security hole?

Re:FUCKWIT

[squiggleslash]

A question I have is is the patch optional? I'm not in the habit of running random binaries downloaded from the Internet, I suspect the chances of someone exploiting this on the computers I own is extremely low.

A 30% hit for virtually no security benefit in practice seems really bad to me.

Re:FUCKWIT

[XanC]

My understanding is that there's a boot-time kernel parameter you can set that will disable the fix.

Re: FUCKWIT

Welcome to Homeland Security, you must caught us on a good day.

Re:FUCKWIT

[Motherfucking+Shit]

I haven't yet looked at whatever bits of patch are public, but since this problem only applies to a subset of chips, there will almost certainly be an ifdef in kernel/cpu/intel.c to toggle the fix. At the very least, that means it'll be optional if you compile your own kernel.

Re:FUCKWIT

[AmiMoJo]

It's optional if you plan to never run newer kernels, or build your own with a patch to disable this fix.

Re:FUCKWIT

[Waffle+Iron]

I'm not in the habit of running random binaries downloaded from the Internet

As TFS implies, given that Javascript required to do almost anything on the web, you are most likely downloading and running random code from the internet that could potentially exploit this bug hundreds of times every day.

Re:FUCKWIT

[squiggleslash]

That's... not how Javascript works. It's only possible to run "binaries" using Javascript if there's a major flaw in the interpreter, but this is true of non-programming language parsers like HTML and even JPEG too.

Yes, I'm sure you can point at some example of a specific browser's Javascript engine that allowed someone to execute their own x86 code. Likewise I can point at similar bugs in JPEG parsers. It has nothing to do with Javascript itself. Javascript's security issues aren't related to the occasional buffer overflow in an implementation of the string class, they're more due to Javascript's ability to access browser data and send it to places you wouldn't necessarily want it sent.

And to be clear: if a browser has a Javascript, HTML, or JPEG parsing bug right now that means an attacker can download and execute binary code, that's a major security issue REGARDLESS OF THIS INTEL BUG. Period. The Intel bug isn't going to add a whole lot of insecurity.

Re:FUCKWIT

As TFS implies, given that Javascript required to do almost anything on the web, you are most likely downloading and running random code from the internet that could potentially exploit this bug hundreds of times every day.

And THIS is the problem with the web these days ... the entire security model has become "oh, in order to let lazy and incompetent web developers rely on libraries, and in order to maximize ad revenue, you should just let any old site run any old script".

Sorry, but no fucking way. Javascript should be whitelist only. Flash should be entirely disabled and the authors shot.

Stop allowing any random goddamned fucking website to run arbitrary code on your machine, and you might find you're not 'downloading and running random code from the internet that could potentially exploit this bug hundreds of times every day'.

What we need to do is stop allowing lazy and incompetent web developers, and greedy marketing assholes, to be the ones who force us to an inherently insecure web which blindly assumes the world is trustworthy. This happens because it makes their life easier or maximizes profits. Sorry, don't give a fuck.

I don't care if you want to pull in libraries from 10 sites, or that you've signed up with 20 analytics and ad companies ... if it isn't served from your site, and if I don't actually trust you enough to whitelist you, then I don't give a fuck. And all those ad companies who want to track me? Those are all summarily blocked by all of my browsers and the request doesn't even get made. There's a shockingly small number of sites I'm willing to allow to run javascript.

The problem isn't that we can't have a trusted web, it's that we're all too stupid and lazy to understand what that means, and the browser companies are all getting ad revenue and refuse to make this stuff secure by default.

"Trust Everybody By Default" is not a security model, it's a recipe for disaster ... and unfortunately, that is exactly what the web is unless you take control of your browser and block this shit.

What we need to do is reintroduce a level of security which pretty much returns to "why should I trust you" instead of "oh, hey, I don't know you but sure you can run scripts".

Re:FUCKWIT

[Waffle+Iron]

I don't know the particulars of this vulnerability, but in many similar cases they use a timing attack to infer memory contents that they can't directly access.

You don't need to have a "binary" for that to work. But as I pointed out, the article summary at the top of this page said that the issue was vulnerable to Javascript in browsers, so don't get overconfident.

Re: FUCKWIT

[mspohr]

Yes, just tell the kernel it's running on AMD which doesn't have the problem

Re:FUCKWIT

It still requires dereferencing kernel address space. How do you pull that off otherwise?

Re:FUCKWIT

[Waffle+Iron]

It still requires dereferencing kernel address space. How do you pull that off otherwise?

With a timing attack, you don't need to dereference anything. From the Wikipedia article:

Likewise, if an application is trusted, but its paging/caching is affected by branching logic, it may be possible for a second application to determine the values of the data compared to the branch condition by monitoring access time changes; in extreme examples, this can allow recovery of cryptographic key bits.

Re:FUCKWIT

[squiggleslash]

The only way this could remotely work is if you know absolutely everything about the machine state ahead of time. It might work if you've imaged your victim's PC (in which case, why bother?), or I guess if you have a huge amount of the general state information about the browser, but it's certainly not going to distribute any useful information done as a distributed attack to fish for information to random strangers.

This is paranoia several levels deep and it's going to cause more harm than good if we let it continue. Realistic attacks on people using Javascript are impossible. It's not credible that anyone is going to get an SSH private key or other critical piece of information via this hack via Javascript, or other successfully sandboxed system, except if there's a genuine flaw in the implementation. And those flaws would be significantly more worrying than this kernel memory issue is to 99% of computer users.

I can see good reasons to be concerned about this on my VPSes, and on my private server-of-servers, but it's hard to see a realistic attack on my desktops.

Irony: if your suggestion that timing attacks could work is true, then the one desktop system I can see being vulnerable would be Chromebooks.

Re:FUCKWIT

[Waffle+Iron]

Since large fractions of all systems run the exact same OS images, people DO know much of the system state ahead of time.

You also don't need to know much about leaked kernel information to make use of it. In a scattershot approach, you try whatever bits you infer to decrypt data. If you're lucky, you find a match. If you attack thousands of systems, you're likely to get lucky.

In summary, you're just way too overconfident. It only takes one really smart person to package up a hard-to-execute attack and make it conveniently available to everyone else.

Re:FUCKWIT

[higuita]

on linux, you can disable it, if you want (at boot time)... but you do run code from internet all the time, you have javascript in browsers, you install updates and several other "minor" actions that actually run something in your machine

So if you want to be safe and still keep your performance, buy AMD ;)

Re:FUCKWIT

[squiggleslash]

Since large fractions of all systems run the exact same OS images, people DO know much of the system state ahead of time.

I'm trying to think of any situation where that might happen. Even in corporate Windows environments, they moved away from identical images a long time ago (not through choice either.)

The exception, like I said, are Chromebooks, one of the few cases where you can realistically say that almost everyone with a certain User agent string will be running an almost identical environment.

You also don't need to know much about leaked kernel information to make use of it. In a scattershot approach, you try whatever bits you infer to decrypt data. If you're lucky, you find a match. If you attack thousands of systems, you're likely to get lucky.

Honestly, I think you're looking at more than thousands, I think this is a tens of millions thing (even if you know 90% of this stuff ahead of time, you're talking about timing attacks, those aren't easy, and you don't know 90% of this stuff ahead of time)

We're also looking at an attack that hasn't been done before. Most of the exploitable information that hackers are interested in has nothing to do with stuff only available via the kernel. Why have we not seen these kinds of attacks before? [Because they're f---ing almost impossible, that's why!]

That said, let's address this:

In summary, you're just way too overconfident. It only takes one really smart person to package up a hard-to-execute attack and make it conveniently available to everyone else.

I think it's reasonable to be confident that my own environment is highly unlikely to be breached by an insane timing based system that requires full knowledge of exactly what versions of everything I'm running, and has Linux's kernel address randomization to deal with too.

And that's what I was asking about. I want to know if it's possible to disable this because making web browsers or games run 30% more slowly because of an almost impossible to exploit bug is absurd.

Over confident? No. The amount of hoops someone has to jump through to create a useful Javascript-based exploit is absurd for this. There are easier ways of getting someone's SSH keys. Hollywood's magic USB drives are more realistic and practical than anything described here. It'd be a whole lot easier to send something as a .exe that downloads automatically and wait for 1% of users to click on it, than try to craft a timing attack that only affects 0.00001% of desktops.

Re:FUCKWIT

And this is the problem with security "experts" these days: they all assume that Javascript is some magical unicorn that can h4ck their 31337 Linux boxen because of a mix of rumors, long squelched bugs, design flaws that don't apply to "hacking your computer", and obscure proofs-of-concept that don't apply in the real world.

Nobody's going to attack your PC using Javascript. Don't be an idiot.

Re:FUCKWIT

[Waffle+Iron]

Think whatever you want. Just don't forget that a whole bunch of smarter people than you have determined that a 30% performance hit is a justifiable price to pay in order to avert this vulnerability.

Re: FUCKWIT

The JavaScript VM is far from perfect and the implementation varies from browser to browser. Your claim is ridiculous.

Re: FUCKWIT

The JavaScript can discern where the kernel's heap is located, which is not itself a vulnerability but it constitutes the removal of a very important safeguard. With the location of the kernel heap known, an exploit for some software vulnerability can be made to inject into the kernel's specific heapspace where it can then actually execute.

Re: FUCKWIT

It's not impossible. User memory sharing is now part of Chrome's JVM. Read the Amsterdam paper to understand the key role JS can now play in a successful attack.

Re:FUCKWIT

[lsatenstein]

What does one have to do to exploit the bug. Is it something that requires a kernel patch so that the patch can do it's thing? Is the bug so esoteric, that to make use of it would take hours or days of processing and trapping 64bit tlb values, in the hope that the hacking software catches enough info to break through?

In other words, are we using a sledge hammer to kill an ant.

Re: FUCKWIT

Letâ(TM)s see in a few months if everyone has shat the bed over this, once the novelty wears off

Cryptomining is it effected?

Does this effect cryptomining I wonder.

Re: Cryptomining is it effected?

[reanjr]

Probably not as bad as most apps. Crypto mining is all calculation and little I/O. You don't need to enter kernelspace. Since the fix's performance impact occurs during these context switches, one can assume crypto mining is largely unaffected.

idiots

[slashmydots]

I have an idea, Intel. Stop putting stupid shit INSIDE the chips. I don't need ME, I don't need whatever the hell this "feature" was, I just need it to do math and optimize stuff like multi-thread resource sharing. If you want to do some dumb shit, PUT IT IN THE CHIPSET.

Re:idiots

[Chrisq]

I have an idea, Intel. Stop putting stupid shit INSIDE the chips.

Wasn't that the idea of Itanium ... put pipelining, etc in the compiler rather than the chip?

Re:idiots

Without having a clue what it is, you declare you don't want it anyway? That's rather dumb. ME may be worse than useless for the average user, but that doesn't mean everything they put in their chips is.

No it was mal intent

In all fairness the occam's razor points to this says intel was slowing down amd. Why? because they have been caught doing this in the past with compilers and libraries that anti-optimized code for AMDs deliberately.

It's serious as it affects all Intel cpus

[hcs_$reboot]

From TFA "It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the contents of protected kernel memory.".

It could explain why Intel did put the brakes on CPUs production, and some of the 2017 are very hard to find.

Re:It's serious as it affects all Intel cpus

Massive performance hit or absolute security nightmare. This is quite catastrophic. To what extent does this problem go to? Arm as well?

Re:It's serious as it affects all Intel cpus

[Z00L00K]

It all depends on your application if this is going to be a real issue or not. For massive calculation computers already isolated from external influence this is a non-issue but for most computers used for home, office and gaming this is a considerable issue.

Re:It's serious as it affects all Intel cpus

Any idea if IBM OS/2 Warp operating system is affected by this? Lots of big banks in Europe still run on that, I believe.

Re:It's serious as it affects all Intel cpus

[Nabeel_co]

I'm guessing that this bug is in the code morphing software that's on all modern CPUs that intel stole from Transmeta.

As I underetand it, the speed bump in x86 CPUs that's happened in the last decade was by Intel going to RISC processors and running Transmetas code morphing software on their CPUs that dynamically combines multiple x86 CISC operations into fewer, larger RISC ones.

Intel stole the idea from Transmeta back in the mid '00s and got caught and successfully sued for it. They then licenced the technology and used it in every processor since the Core line of processors.

Re:It's serious as it affects all Intel cpus

How much hardware from 2008 onward runs OS/2 Warp?

Re:It's serious as it affects all Intel cpus

I won't be patching any of my systems. If this "flaw" has been around since 1995 and nobody noticed until now, I am absolutely not worried about it. I'll keep my performance and security, ditching only the tinfoil hat.

Re:It's serious as it affects all Intel cpus

I'm guessing that this bug is in the code morphing software that's on all modern CPUs that intel stole from Transmeta.

Considering this "flaw" dates back to 1995, 5 years before Transmeta's first processor, I seriously fucking doubt that.

Re:It's serious as it affects all Intel cpus

[Nabeel_co]

The article states the flaw dates back a decade, not 20 years.

Re:It's serious as it affects all Intel cpus

Critical flaws revealed to affect most Intel chips since 1995

Re:It's serious as it affects all Intel cpus

[blackpaw]

For massive calculation computers already isolated from external influence this is a non-issue

Theres a proof of concept exploit that allows a VM to access the host and other VM's. A classic breakout exploit.

Cloud providers will be shitting themselves over this.

Re:It's serious as it affects all Intel cpus

You're more than a decade off, x86 went RISC with the Pentium Pro. I know you want to find any excuse you can to blame Intel for Transmeta's failure, but you're going to have to do better than that.

Re: It's serious as it affects all Intel cpus

But now everbody noticed. I'm probably hacking you as we speak. The Linux patch comment redactions ... they did nothing It's surprising how simple it is in practice

Meanwhile you seem to prefer corporate-state-issued sand helmets, yes?

Hope the SEC is paying attention

[MTEK]

Intel CEO, Brian Krzanich, apparently sold a bunch of shares on Nov. 29. While that's not unusual in and of itself, apparently Intel corporate bylaws require its CEO to maintain a minimum number 250,000 shares, and that's exactly how many shares Mr. Krzanich has left. Despite predicting future market growth, the guy dumped his stock for some reason.

https://www.fool.com/investing...

Welp, time to get a hold of a class action lawyer

[jtrainor]

Design failure caused by negligence? Check.

The 'fix' massively reduces the utility and value of your hardware? Check.

Millions and millions of people nailed by it? Check.

Do math about numbers.

It's the great problem for the cloud servers as Amazon's, Google's, Microsoft's, etc: 30% of slowdown is equivalent to 30% of their cloud servers shutdown but consuming 30% electrical power for nothing.

It's a waste of 30% of money in electricity each year.

Temporary slow-down?

[Tablizer]

It may be that over time, more efficient work-arounds will be devised. The first pass mostly just focuses on plugging the hole, while later patches may be more efficient because they can take time to study and test more efficient fixes.

Re:Temporary slow-down?

Since it effects so many people that means many many eyes will be looking at the problem.

"Memory leak" has a specific meaning.

[nyet]

That is not a memory leak.

Re:"Memory leak" has a specific meaning.

Indeed, this is much worse. This is an information leak, exposing data that should never have been accessible in the first place. This is a very serious security issue.

Keep this off my Steam machine!

[iamacat]

I don't want a 30% slowdown to my workloads and I don't care if games hack each other to death.

Re:TO BIG TO FAILle.

[mschwanke97402]

Intel has really blown it with this bug. No argument from me there. On the other hand, Apple has not produced a defective product. Everyone’s batteries wear out. It is physics pure and simple. In Apple’s case they’ve done the riight thing by offering a very inexpensive battery replacement.

amd ryzen gen 2 will crush intel now!

[Joe_Dragon]

amd ryzen gen 2 will crush intel now!

not patching? = no other updates as well unless

[Joe_Dragon]

not patching? = no other updates as well. unless you compile your own Kernel

And the CEO sold stock on the 19th hmmmm

https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx

Intel, karma's

a bitch aint it? Artificially slow down anyone running AMD processors with your shit-tastic compiler... now you get your customers get a permanent 5-35% slow down. I hope you enjoyed your cake, what's it taste like now?

Re:Intel, karma's

Uhh, AMD isn't immune to this issue either. Almost all modern Intel, AMD and ARM CPUs are affected. Other manufacturers' CPUs might be too, but nobody uses those.

In related news

[Iamthecheese]

Intel's CEO just sold all the stock he legally could sell.

Re:In related news

And maybe he also short sold some, or isn't he allowed to do so?

Class-Action Lawsuit?

[jgheld]

Forgive me if I am being naive, but won't this mean we are now going to have a slower processor than we paid for, making Intel owners eligible for participation in a class-action lawsuit involving not getting what we paid for or false advertising or something like that? If I bought a car with X horsepower, and suddenly something was found wrong with it and it had to be modified to work, and was suddenly X - 10%, I'd expect compensation. Their flaw is essentially going to make it so people will have to upgrade to keep up with current tasks. How is this at all fair? They can be lazy, then expect more sales?

Re:Class-Action Lawsuit?

[Chrisq]

If I bought a car with X horsepower, and suddenly something was found wrong with it and it had to be modified to work, and was suddenly X - 10%, I'd expect compensation.

Funnily enough people are bringing a class action lawsuit for exactly this against Volkswagen after a fix to the emissions cheat reduced the power of their cars.

Re:Class-Action Lawsuit?

No. The speed of the processor is the same. The way your software works with it will require more cycles to do the same thing.

In other words, the speed isn't slow, the execution time is longer due to more cycles being required to ensure context security.

Re:Class-Action Lawsuit?

[stinkydog]

It's the Volkswagon of CPUs!

SD

Re:Class-Action Lawsuit?

[darkain]

However, due to this requiring more cycles to accomplish the same task, this in effect increases battery consumption due to how long the CPU needs to stay in a higher clock cycle state.

Re:Class-Action Lawsuit?

[sl3xd]

The CPUs will run just as fast as the day you bought them -- they're not changing at all, and they remain functional.

Third-party software (the Linux Kernel and Microsoft Windows) will give the CPU more work to do, not slowing down the processor.

The car analogy would be suing a car manufacturer because its performance driving uphill isn't the same as on level ground. Nothing has changed on the car -- it's the road that changed.

It's not a slam-dunk case to litigate.

Re: TO BIG TO FAILle.

For a year. Because they've fixed the battery problem right?

It's like the 4's rubber bumper thing. Band and it for a ridiculously short time for cheap or free and people like you eat it all up

I sincerely hope the last time you bought their device was over 2 years ago, so you can actually take advantage of this... Otherwise, you'll still be throttled and battery replacement will still cost you 90+

Ha ha Apple

You should've stuck with PowerPC.

Now if Linux wasn't so damn slow on my Raspberry Pi, or at least had decent 3D acceleration.

Re:Ha ha Apple

At least you can now order a Talos II workstation (https://secure.raptorcs.com/), with one or two Power9 processors. The 8 core Power9 are not especially expensive, with 2 you get 64 threads, which should give most Intel system a run for their money. And the firmware is open source!

Re:Ha ha Apple

[Megane]

Great, now fit one of those into a laptop. Oops. That's why Apple went with Intel, because the only low-power PPC CPUs were embedded CPUs from Motorola/Freescale, with low performance. And the only high-power PPC CPUs were server-class from IBM, when they really needed desktop-class.

Re:Ha ha Apple

ARM works great as a laptop, of course it has the same design flaw that makes x86 insecure.

HPC cluster

[DrYak]

I don't know, but maybe he runs an high performance computing (HPC ) cluster.

With compute nodes segregated on a separate network that might not even have internet access,
and certainly not running random javascripts downloaded from random websites.

And in these context, performance matters a lot,
while security is handled in a "perimeter" fashion.

In those cases, it makes sense to have an option to disable the fix.

Re: HPC cluster

I don't know about him but I run an HPC cluster and the problem won't be drive-by downloads off the internet. The problem is that I have several hundred of users with she'll access on all of my systems. All it takes is one of them messing around for fun or profit to really ruin my day. Many of them also have terrible security hygiene so their accounts are easy targets themselves.

This is going to be tough for us to decide on the security vs performance tradeoff.

not the *only*

[DrYak]

The OS devs patching a security hole in the CPU should not leave them open to a lawsuit when the only way to patch it slows down the performance of the system.

Well, not exactly the only way.
One way is to run the upgraded kernel, which will use the fix to circumvent the big CPU flaw, but will take a massive performance hit.
The other way, is to give "nopti" boot param to this new kernel, which will run it as-as with no fixes, which will leave the performance untouched but which is something you would definitely only do on machine that never ever run foreign untrusted code (which according to TFS, also includes javascript).

OS devs just give you a possibility to circumvent the CPU flaw and are cautious as usual to enable the fix by default (for security purpose) and give an option to disable.
It' still something which is optional, up to the choice of the user (even if by default the devs have sided on the security aspect).

On the other hand, Intel are the one who have delivered a pieces of hardware which doesn't work as advertised. (Or could be made sort-of working if you use a performance-killing circumvention).

Comment removed

[account_deleted]

Comment removed based on user account deletion

And this is why:

a) that advice "just download Ubuntu 12.04 and run it on your old PC" is not so good... even on old hardware, a new, safer Linux is best;
b) the idea of not supporting old AMD ones may backfire if a supported old Pentium 4 becomes slower than the unsupported AMD;
c) ditto for newer 64-bit CPUs losing any (small) advantage they have to an older, non-buggy 32-bit CPU (even if it's Intel).

I'd like to thank all those who work on the problem, and make Linux as wonderful as it is -- or rather, thanks to all those who make Free software (and likewise open source, too) wonderful.

These people quietly work to make the world better... that's the definition of good human beings.

Re:And this is why:

With regard to this bug, is there any advantage to running a 32-bit OS on a 64-bit CPU?

Re:And this is why:

> With regard to this bug, is there any advantage to running a 32-bit OS on a 64-bit CPU?

I don't know.

I was thinking about distributions which abandon 32-bit versions and go 64-bit only. That way, 32-bit only CPUs are left to die. Meanwhile, the chosen 64-bit CPUs, purportedly faster, might lose whatever advantage they had compared to a 32-bit CPU without that bug.

Bang goes the ...

[RabidStoat]

accreditation of those high security systems that are left. Most of the ones i worked on relied on Intel's x86 ring mechanisms to protect trusted processes from untrusted processes at the hardware level. Of course that wasn't the only means they used to ensure process isolation, but it was always part of their repertoire.

Re:Either that or a lawsuit (cue Pentium FP bug)

When there was the infamous FPU (floating point unit) problem in the original Pentium CPU, Intel provided 1-on-1 replacement to anybody who requested it for about 7 years. (Bring one faulty tile and get one good at same or higher speed. Early Pentium chip had red ceramic casing.)

We can expect the same to happen again or else Intel will be class-actioned by the seven horsemen of Apocalypse.

Capability Based Security - N/A

[ka9dgx]

For once, this has nothing to do with the current lack of capability based security....

whew

Fix the processor

[MoarSauce123]

It is rather clear that Intel screwed up. Intel should recall and replace all processors at no cost to the customers. I sure hope Microsoft and the Linux organisation send a bill to Intel for the damages caused.

Feeling pretty good about my AMD CPU.

[sabbede]

Now I can say, "Hah!" in addition to, "I don't have Intel money".

port for different processors

The first thing I thought of when seeing the headlines was "Why can't the fix be for specific processors and available as a separate port?" since Linux already has separate versions for different processors.

After reading many comments, I'm glad to see that AMD contributed a patch so their processors won't be negatively affected where unnecessary.

I can't wait to see the newer Tom's Hardware benchmarks.

Re: TO BIG TO FAILle.

It was not a battery problem. There was no battery problem. But they tried to throttle CPU to âoebalanceâ the effects of normal battery wear. But with enough shrills it created a PR nightmare so they have in.

Still hate Apple thought.... batteries should not have caused $79 in the first place. Thatâ(TM)s a bigger sin than this episode, but whatever....

Re:Welp, time to get a hold of a class action lawy

[Ash-Fox]

Design failure caused by negligence? Check.

Could you explain the exact negligence that occurred here and why it took over ten years for 3rd parties to discover and which 3rd parties should we also hold responsible for negligence?

No, 5-30% is reasonable in general

The fix is adding hundreds or even thousands of cycles of overhead to each and every crossing from user to kernel space. That means every system call, every page fault, and every interrupt.

Operating systems have gone to extraordinary lengths to optimize that system call fast path. x86 chips have added special SYSCALL/SYSENTER instructions to make this faster. I know in Linux, people count the number of cache lines touched and reorganize structures to reduce this number.

If your application does a lot of cheap system calls (such as reading from files cached in RAM), the overhead can exceed the "real work" of the system call.

If you want an extreme edge case, try calling getppid() in a loop. (That's the cheapest system call whose result can't be cached in user space.) I predict you'll find the time per iteration is more than doubled, i.e. >50% slowdown.

On the other hand, if your application is CPU-bound and makes relatively few system calls, there will be very little penalty.

I expect that once the emergency fix is released, people will search for ways to optimize it, but I doubt there are any huge gains available. Intel are quite aware that this is a serious public embarrassment and have sent it all the way back to their chip designers to see if there's a cheaper way to fix it.

Will the CPU bug affect hypervisors?

[slashcross]

Is there a chance that people running Linux in a VM will end up getting hit twice as hard due to fixes in both the Linux kernel and the hypervisor?

Re: TO BIG TO FAILle.

Uhh, throttling the phone down to the point of unusability without telling you the battery is the reason?

This is your expected behavior of design? Can't wait for the i car to come out. Your desired car with have no dash board indicators or gauges to tell if you're running out of oil or battery. The car's performance will just slow down and told it's expected behavior.

Lol

But, it's not a flaw

It's a feature.
For the NSA, etc...

Re: TO BIG TO FAILle.

[Pyramid]

There is no, "battery problem". It's simply the nature of battery chemistry that they degrade with age. All rechargeable batteries do this, just in different ways depending on the chemistry. Apple's "slow down" was an effort to make devices with marginal batteries *last longer* which is something you'd think the consumer would want. Their failing was not keeping people informed.

Thankfully the CEO sold all his stock right before

[paulpach]

I am relieved for Brian Krzanich, Intel's CEO. He was lucky enough to sell all the stock he could right before this made the news:

https://www.fool.com/investing...

Otherwise God forbid, he would have lost a lot of money.

Re:Either that or a lawsuit (cue Pentium FP bug)

We can expect the same to happen again or else Intel will be class-actioned by the seven horsemen of Apocalypse.

Pestilence, War, Famine, Death... Larry, Curly, and Moe?

Why a Software Fix?

Why is this being fixed via a software patch? Intel should be required to perform a recall and replace all affected chipsets.

Can you imagine if Takata's response to their airbag fiasco was to tell car manufacturers that they need to install bomb-sheilding in their cars between the airbag and the passengers?

No other industry gets away with fucking the public like the tech companies do. Well, except for the financial industry.

Re: TO BIG TO FAILle.

No, their failing was not designing a battery with capacity enough to offer a day's worth of use without charging after one year of normal use.

It's a design problem Apple tried to mask, and fanboys refuse to see it.

Re: TO BIG TO FAILle.

[Hamsterdan]

Takes 2 minutes to change an iPhone battery, and they don't cost 90$.

Why don't CPU chips have two contexts

[presidenteloco]

One for kernel-privilege code and one for user code, and a lightning fast way (use of a bit) that each instruction selects which of the two contexts it is using. I guess that would mean two separate caches etc.

This would enable efficient execution of true micro-kernel OSes wouldn't it?

Not sure if what I said there actually makes sense, in context of current chip architectures.

Basic idea is one particular kind of context switch, from kernel back and forth to user is not context caching/replacing but is just context selection from two.

Comments? Cure my ignorance?

AMD fix disables branch prediction

This update for kernel-firmware fixes the following issues:

      - Add microcode_amd_fam17h.bin (bsc#1068032 CVE-2017-5715)

      This new firmware disables branch prediction on AMD family 17h processor
      to mitigate a attack on the branch predictor that could lead to
      information disclosure from e.g. kernel memory (bsc#1068032 CVE-2017-5715).

Comment removed

[account_deleted]

Comment removed based on user account deletion

this is like NSA bug

[strstr]

lets them have access to us secretly whenever they want.. kind of like hidden AMD passwords, and NSA Key's, and holes put in things deliberately..

the only reason to know why this happened is if you did psychic warfare probing on the bastards that designed all these components.

DO NOT TRUST ANY AMERICAN MADE PIECES OF SHIT.

https://www.trumpsweapon.com/

Huge win for Intel

Next gen Intel CPUs will display 5-30% performance increase!!!

You do understand that a website IS

a random binary from the Internet. And so is everything Turing-complete.

So unless you never *ever* enable JavaScript/WebAssembly, or have your OSI stack parse anything like a language, maybe even anything context-sensitive, ... yes you do.

Aka Religion vs Robots.

That is already a "Battle of 'tards".

Math, sadly, is 90% religion, and 10% science. Like philosopy.
See: Goedel's incompleteness theorem, and math insisting that it is the origin and basis of reality anyway. ... In reality it is just a man-made tool to work with the patterns detected in reality ... that is massively abused in a schizophrenic (aka religious) way, to act like it *defines* those patterns, aka reality. And to play with nonsense that has no basis in reality, and is hence useless.

And engineering is robotic work destined for people with zero creativity and loads of OCD busywork.

Although math has its share if the latter too. But at least it is creative. (But so are bible stories.)

I prefer something creative that is useful in reality.

Bullshit rule is bullshit.

Every asshole ever has played the "Whoops, sorry, stoopit me" card. Because black-eyed sheep love to reinforce that anticonspiracy theory.

Stupidity is diverging. It by definition fails to reach a certain goal. It is more chaotic and random.
Evilness (and goodness) is converging. It progresses towads a goal. (And if a person is stupid, it does not matter if she is evil too, as she will be too ineffective.)
That is how you tell them apart.

In most cases I have seen, it was clearly converging. I mean all governments of the world trying to turn their countries into totalitarian surveillance states in the last ~10-15 years? If that isn't convergence, then what is?
(It does not take any backroom conspiracies or planning, for evil convergence to happen. This was exactly what pre-CIA-impostor-"Anonymous (the mindset, not a goup)" was.
Unplanned, unorganized convergence. A damn interesting concept for system theory researchers.

So never attribute to stupidity, before thourougly checking for convergence that can attribute it to malice.
(And there's more than this dichotomy!)

Comment removed

[account_deleted]

Comment removed based on user account deletion