Slashdot Mirror
'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk)
According to The Register, "A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug." From the report: Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in this month's Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December. Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- specifically, PCID -- to reduce the performance hit. Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated -- the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder. Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue. The report goes on to share some details of the flaw that have surfaced. "It is understood the bug is present in modern Intel processors produced in the past decade," reports The Register. "It allows normal user programs -- from database applications to JavaScript in web browsers -- to discern to some extent the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI."
At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
About par for Intel's course. Make it fast at the expense of horrible bugs.
Your hair look like poop, Bob! - Wanker.
Intel guys are doing the bulk of the work for the linux kernel changes, and I'm sure to be fair they'll equally cripple all processors with the changes not just their own.
Sorry for the lack of imagination, but if the user space process can only read kernel memory, and can't write to it, how could one make use of this?
I find it hard to believe that a virtual memory change will result in a 5-30% slowdown for Intel processors. Maybe for a few extremely specific (likely edge-case) tasks, but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.
The developers behind the GRSecurity project measured up to 63% performance loss. If most common tasks are equally affected, Intel is sure fucked. Home users might not need to bother, but large cloud providers might be seriously affected.
Meanwhile the Linux kernel has received the largest incremental minor patch in its history (229KiB) - perhaps kernel 4.14.11 already contains all the required fixes.
I have a sneaking suspicion Intel shares will fall through the floor in the next few weeks because Intel CPUs might have suddenly become quite slower than their AMD Zen based counterparts.
Linux Weekly News has been covering this for quite a while.
5% slowdown on average, with up to 30% for some particularly bad network operations.
ARM64 is also affected, so it's not just intel
-- Sometimes you have to turn the lights off in order to see.
And what is interesting, AMD is immune to that, proof: https://lkml.org/lkml/2017/12/...
If you read one of the original articles about the KAISER patch set: a commenter asked about microkernels, and the reply is that since it's a hardware issue, both microkernels & monolithic kernels have to pay the same price.
-- Sometimes you have to turn the lights off in order to see.
Have you just hit infamous bug 12309? It's ostensibly fixed however people keep reproducing it (just google for heavy I/O operations slow down my PC).
The summary is not fully explicit: this is not a flaw in Intel x86 ISA, but specific to CPUs made by Intel. AMD processors don't have the problem, so they should not need the patch.
https://lkml.org/lkml/2017/12/...
This could be a huge win for AMD, because the patch incurs a measurable slowdown. At the moment, though, the Linux fix doesn't seem to distinguish between manufacturers. I expect the distinction will appear later -- better safe than sorry.
Escher was the first MC and Giger invented the HR department.
you cut 30% off the performance of my CPU expect to hear about it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
or heck if you've just got a low end laptop?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
some of my sys admin friends posted this on a slack channel i'm in, apparently it's a big deal
http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
And this comment. Someone could feel the storm coming.
KAISER: hiding the kernel from user space
Posted Nov 16, 2017 7:21 UTC (Thu) by alkbyby (subscriber, #61687) [Link]
Looks like something bad is coming. Such as mega-hole maybe in hardware that can be mitigated by hiding kernel addresses.
Otherwise I cannot see why simply hiding kernel addresses better, suddenly becomes important enough to spend massive amount of cpu on it.
- This isn't the first time. There was a problem a decade ago with Intel CPU's, when separate process threads could access each others data through cache memory.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Nah, GP didn't configure the kernel's settings properly.
There's more to running without swap than not enabling a swap file/partition. You have to configure swappiness, the oom_adj_score for what to kill when memory runs out, and so on.
-- Sometimes you have to turn the lights off in order to see.
Anyone remember the TLB bug that also resulted in huge performance penalties in the first generation Phenoms? Guess it's Intel's turn.
An older link, about the KAISER patch set
-- Sometimes you have to turn the lights off in order to see.
The fix separates the memory layout in kernel mode from the memory layout in user mode. The page tables used to be the same, but there appears to be an access method that bypasses the CPU protections, so the kernel no longer keeps the kernel pages mapped when a process leaves kernel mode. This means that every time a program calls into the kernel (to read a file, send a packet, etc.), the memory layout changes and the CPU has to flush the Translation Lookaside Buffer twice per syscall, once when the process enters kernel mode and once when it leaves kernel mode. This is what causes the slowdown. It is more severe for loads that use many system calls, but unless you have highly computationally intensive loads that rarely use system calls, you will see significant slowdowns.
I'm curious how much Cannon Lake and Ice Lake CPU architectures are going to be delayed. Since Cannon Lake is basically SkyLake on a 10nm node, Intel cannot release it with such a glaring hole which causes such a significant performance loss.
I've been running a Sandy Bridge CPU for seven years now, and now I'm really looking forward to the second gen Zen CPUs. Viva, competition. I'm really glad AMD is still around.
https://www.fool.com/investing...
Less than a month before we know the linux kernel was being patched for this bug.
Does Intel still have shares of AMD stock?
This is why we run our mission critical workloads on SPARC and Power along side Linux. Solaris and AIX. Diversity -- in operating system, in processor, in manufacturer - is healthy. The SPARC T8's are blazing faster, secure, and don't have this nonsense. Neither do our POWER8's. Having all your eggs in the Intel+Linux basket could be a major shitshow here... meanwhile, we'll keep chugging along.
Have to ask, does this also affect Intel-Macs? I infer "yes", but have not read many of the detailed articles yet...
Glad my latest computer is a Raspberry Pi. Glad to be on an ARM processor. Perhaps this will help more ARM based computers become more mainstream this year.
The notion that Intel even has the capability of producing new fixed CPUs to match other than the latest packaging/pin requirements seems fanciful. In which case we'll just have to live with any slowdown. As buying all new systems is just too expensive.
Just because ARM processors don't have this security bug it doesn't mean that there aren't any Broadcom ARM processor hardware (or its kernel) security issues lurking out there that are as bad or worse.
Mimetics Inc. Twitter
Won't there be people who decide that fixing this is not worth the slowdown? After all, if it is ran on an internal machine where users can't cause a buffer overflow or provide code, why should there be a risk?
Avantgarde Hebrew science fiction
From the AMD commit:
this can probably be rewritten in the inverse like:
Intel processors ... allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode, [including]
when that access would result in a page fault.
So it seems like: set up a speculative memory reference to a kernel memory structure, cause a page fault, and then get a bit of kernel memory out (and back in?). That could get you root before long. Some people have been saying this can be leveraged to get a guest into its hypervisor too.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
not you. thats's what the Linux team wanted to call this bug.
I read the El Reg article but I still don't understand what it is saying. At all levels. I don't understand if this means all intel processors or just the new ones. I don't understand if the 20% slowdown is for a tiny fraction of operations in the OS or if it means that things like e-mail, firefox or general python programming will be slowed down 20% overall. The latter would be a disaster. (could I ask intel to refund 20% of my computer costs?). And what's the consequences of not patching? Is the OS unstable or not use memory efficiently or "just" a security hole?
Some drink at the fountain of knowledge. Others just gargle.
From TFA "It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the contents of protected kernel memory.".
It could explain why Intel did put the brakes on CPUs production, and some of the 2017 are very hard to find.
Slashdot, fix the reply notifications... You won't get away with it...
Intel CEO, Brian Krzanich, apparently sold a bunch of shares on Nov. 29. While that's not unusual in and of itself, apparently Intel corporate bylaws require its CEO to maintain a minimum number 250,000 shares, and that's exactly how many shares Mr. Krzanich has left. Despite predicting future market growth, the guy dumped his stock for some reason.
https://www.fool.com/investing...
Design failure caused by negligence? Check.
The 'fix' massively reduces the utility and value of your hardware? Check.
Millions and millions of people nailed by it? Check.
It may be that over time, more efficient work-arounds will be devised. The first pass mostly just focuses on plugging the hole, while later patches may be more efficient because they can take time to study and test more efficient fixes.
Table-ized A.I.
That is not a memory leak.
I don't want a 30% slowdown to my workloads and I don't care if games hack each other to death.
Intel has really blown it with this bug. No argument from me there. On the other hand, Apple has not produced a defective product. Everyone’s batteries wear out. It is physics pure and simple. In Apple’s case they’ve done the riight thing by offering a very inexpensive battery replacement.
amd ryzen gen 2 will crush intel now!
not patching? = no other updates as well. unless you compile your own Kernel
Intel's CEO just sold all the stock he legally could sell.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
Forgive me if I am being naive, but won't this mean we are now going to have a slower processor than we paid for, making Intel owners eligible for participation in a class-action lawsuit involving not getting what we paid for or false advertising or something like that? If I bought a car with X horsepower, and suddenly something was found wrong with it and it had to be modified to work, and was suddenly X - 10%, I'd expect compensation. Their flaw is essentially going to make it so people will have to upgrade to keep up with current tasks. How is this at all fair? They can be lazy, then expect more sales?
Yes, shouldn't they issue a new CPU for free?
"Trump!!", the new Godwin.
For a year. Because they've fixed the battery problem right?
It's like the 4's rubber bumper thing. Band and it for a ridiculously short time for cheap or free and people like you eat it all up
I sincerely hope the last time you bought their device was over 2 years ago, so you can actually take advantage of this... Otherwise, you'll still be throttled and battery replacement will still cost you 90+
I have an idea, Intel. Stop putting stupid shit INSIDE the chips.
Wasn't that the idea of Itanium ... put pipelining, etc in the compiler rather than the chip?
I don't know, but maybe he runs an high performance computing (HPC ) cluster.
With compute nodes segregated on a separate network that might not even have internet access,
and certainly not running random javascripts downloaded from random websites.
And in these context, performance matters a lot,
while security is handled in a "perimeter" fashion.
In those cases, it makes sense to have an option to disable the fix.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
The OS devs patching a security hole in the CPU should not leave them open to a lawsuit when the only way to patch it slows down the performance of the system.
Well, not exactly the only way.
One way is to run the upgraded kernel, which will use the fix to circumvent the big CPU flaw, but will take a massive performance hit.
The other way, is to give "nopti" boot param to this new kernel, which will run it as-as with no fixes, which will leave the performance untouched but which is something you would definitely only do on machine that never ever run foreign untrusted code (which according to TFS, also includes javascript).
OS devs just give you a possibility to circumvent the CPU flaw and are cautious as usual to enable the fix by default (for security purpose) and give an option to disable.
It' still something which is optional, up to the choice of the user (even if by default the devs have sided on the security aspect).
On the other hand, Intel are the one who have delivered a pieces of hardware which doesn't work as advertised. (Or could be made sort-of working if you use a performance-killing circumvention).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Comment removed based on user account deletion
accreditation of those high security systems that are left. Most of the ones i worked on relied on Intel's x86 ring mechanisms to protect trusted processes from untrusted processes at the hardware level. Of course that wasn't the only means they used to ensure process isolation, but it was always part of their repertoire.
For once, this has nothing to do with the current lack of capability based security....
whew
It is rather clear that Intel screwed up. Intel should recall and replace all processors at no cost to the customers. I sure hope Microsoft and the Linux organisation send a bill to Intel for the damages caused.
Now I can say, "Hah!" in addition to, "I don't have Intel money".
Could you explain the exact negligence that occurred here and why it took over ten years for 3rd parties to discover and which 3rd parties should we also hold responsible for negligence?
Change is certain; progress is not obligatory.
Probably not as bad as most apps. Crypto mining is all calculation and little I/O. You don't need to enter kernelspace. Since the fix's performance impact occurs during these context switches, one can assume crypto mining is largely unaffected.
Is there a chance that people running Linux in a VM will end up getting hit twice as hard due to fixes in both the Linux kernel and the hypervisor?
Slashdot your i and slashcross your t.
There is no, "battery problem". It's simply the nature of battery chemistry that they degrade with age. All rechargeable batteries do this, just in different ways depending on the chemistry. Apple's "slow down" was an effort to make devices with marginal batteries *last longer* which is something you'd think the consumer would want. Their failing was not keeping people informed.
~Any apparent grammatical or typographic errors are caused by defects in your display device.
I am relieved for Brian Krzanich, Intel's CEO. He was lucky enough to sell all the stock he could right before this made the news:
https://www.fool.com/investing...
Otherwise God forbid, he would have lost a lot of money.
Takes 2 minutes to change an iPhone battery, and they don't cost 90$.
I've got better things to do tonight than die.
What if the microkernel doesn't share the same address space as the userspace processes? My understanding is that Linux shares the space to make lots of kernel services convenient (e.g. they can do things to userspace memory, as part of their job). But on a microkernel there's less incentive to do that (whoever is doing things for you, is more likely to be doing things in its own userspace). And if you're not doing that, then there's less to defend against.
I'm probably missing something.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
One for kernel-privilege code and one for user code, and a lightning fast way (use of a bit) that each instruction selects which of the two contexts it is using. I guess that would mean two separate caches etc.
This would enable efficient execution of true micro-kernel OSes wouldn't it?
Not sure if what I said there actually makes sense, in context of current chip architectures.
Basic idea is one particular kind of context switch, from kernel back and forth to user is not context caching/replacing but is just context selection from two.
Comments? Cure my ignorance?
Where are we going and why are we in a handbasket?
Great, now fit one of those into a laptop. Oops. That's why Apple went with Intel, because the only low-power PPC CPUs were embedded CPUs from Motorola/Freescale, with low performance. And the only high-power PPC CPUs were server-class from IBM, when they really needed desktop-class.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Comment removed based on user account deletion
lets them have access to us secretly whenever they want.. kind of like hidden AMD passwords, and NSA Key's, and holes put in things deliberately..
the only reason to know why this happened is if you did psychic warfare probing on the bastards that designed all these components.
DO NOT TRUST ANY AMERICAN MADE PIECES OF SHIT.
https://www.trumpsweapon.com/
What if the microkernel doesn't share the same address space as the userspace processes?
Before PCID (and in a sense, before 64-bit), microkernel OSes on x86 pretty much had to. L4 famously mapped commonly-used servers into everyone's address space for performance reasons.
My understanding is that Linux shares the space to make lots of kernel services convenient (e.g. they can do things to userspace memory, as part of their job).
Yes. There is always a tradeoff between security and programmer convenience. And by that I mean kernel programmer convenience, not user-space programmer convenience.
Microkernels certainly do have to mess with user space to implement anything interesting with virtual memory, for example. The difference is that microkernels only typically have to implement this once.
For example, consider the case where a user program needs a large block of data from somewhere else. The kernel could copy this into user space, or if it really cares about performance, it could just memory-map it and save having to copy it. Memory-mapped files are one common example; the kernel is maintaining a buffer cache anyway, so why not just map it into the address space of anyone who needs it?
Now suppose you had a microkernel that did this with IPC. It carefully looks at an IPC request, and if it seems more efficient and just as safe to do so, it could share pages between a server and a client instead of copying data.
Now you also have memory-mapped pipe I/O, and memory-mapped networking... all for essentially free.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Comment removed based on user account deletion