'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk)

← Back to Stories (view on slashdot.org)

'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk)

Posted by BeauHD on Tuesday January 2, 2018 @10:40AM from the update-required dept.

According to The Register, "A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug." From the report: Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in this month's Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December. Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- specifically, PCID -- to reduce the performance hit. Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated -- the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder. Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue. The report goes on to share some details of the flaw that have surfaced. "It is understood the bug is present in modern Intel processors produced in the past decade," reports The Register. "It allows normal user programs -- from database applications to JavaScript in web browsers -- to discern to some extent the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI."

74 of 416 comments (clear)

Min score:

Reason:

Sort:

Don't know if serious. by Anonymous Coward · 2018-01-02 10:44 · Score: 3, Funny

At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
1. Re:Don't know if serious. by Hal_Porter · 2018-01-02 12:51 · Score: 5, Funny
  
  https://www.mail-archive.com/l...
  
  2) Namespace
  Several people including Linus requested to change the KAISER name.
  We came up with a list of technically correct acronyms:
  User Address Space Separation, prefix uass_
  Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix fuckwit_
  but we are politically correct people so we settled for
  Kernel Page Table Isolation, prefix kpti_
  Linus, your call :)
  LOL!
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
2. Re:Don't know if serious. by Pseudonym · 2018-01-02 18:51 · Score: 2
  
  At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
  Someone on LKML using the word "fuckwit" is what Linux developers call "a normal Wednesday".
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
FOOF by OverlordQ · 2018-01-02 10:44 · Score: 5, Insightful

About par for Intel's course. Make it fast at the expense of horrible bugs.

--
Your hair look like poop, Bob! - Wanker.
1. Re:FOOF by sjames · 2018-01-02 11:24 · Score: 4, Informative
  
  Actually, it's a reference to a hex value that could trigger a nasty Pentium bug.
2. Re:FOOF by Anonymous Coward · 2018-01-02 11:33 · Score: 5, Informative
  
  F00F
3. Re:FOOF by TheRaven64 · 2018-01-02 18:04 · Score: 4, Interesting
  
  Having done a fair amount of both, I would disagree. The things that make software complex are dynamic: you can dynamically create threads and you can dynamically allocate memory, which makes the number of possible interactions almost impossible to statically reason about. In a CPU, all of these things are bounded and (very) finite, to the extent that it is actually possible to apply formal methods to the design (Centaur in collaboration with UT Austin do some amazing work in this area).
  The difference is that a bug in software can usually[1] be fixed after you ship, whereas a bug in silicon usually can't (though if you've got a lot of microcode you can sometimes work around it). ARM has a nice chart of the cost of fixing a bug at each stage in development, which becomes more and more terrifying, whereas for software that cost is roughly flat, so you can get away with spending a lot less effort on correctness.
  [1] Though not always easily. A colleague of mine released his first CVE a couple of years ago for a small library he wrote a couple of decades back. It turns out that most deployments of this library are in fax machines and printers, with no software update mechanism.
  
  --
  I am TheRaven on Soylent News
In all fairness... by Anonymous Coward · 2018-01-02 10:45 · Score: 3, Insightful

Intel guys are doing the bulk of the work for the linux kernel changes, and I'm sure to be fair they'll equally cripple all processors with the changes not just their own.
1. Re:In all fairness... by scumdamn · 2018-01-02 10:56 · Score: 5, Informative
  
  Looks like you missed this commit from Tom Lendacky at AMD.
2. Re:In all fairness... by nemequ · 2018-01-02 11:15 · Score: 4, Informative
  
  What are you talking about? That patch says AMD CPU's aren't vulnerable:
  
  AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.
  The (trivial) patch essential disables the work-around on AMD CPUs. I'm not going to comment on how fair GP's criticism of Intel is in general, but that link definitely isn't evidence in Intel's favor
3. Re:In all fairness... by sjames · 2018-01-02 11:33 · Score: 5, Insightful
  
  That bolster's AC's point. It looks like the Intel guys were going to cripple performance for everyone until the patch from AMD removed the unnecessary crippling from AMD processors.
4. Re:In all fairness... by ColaMan · 2018-01-02 12:13 · Score: 3, Funny
  
  Well, I'm guessing the approach was more along the lines of "an abundance of caution with the X86 ISA" as opposed to deliberate malice towards AMD.
  Whilst no doubt there's some Intel guys with a very good working knowledge of AMD CPU internals, you'd really want to get direct confirmation from the actual AMD hardware guys that their hardware is immune to this.
  
  --
  
  You are in a twisty maze of processor lines, all alike.
  There is a lot of hype here.
5. Re:In all fairness... by sexconker · 2018-01-02 12:31 · Score: 5, Insightful
  
  Well, I'm guessing the approach was more along the lines of "an abundance of caution with the X86 ISA" as opposed to deliberate malice towards AMD.
  Hi. Have you met Intel?
6. Re:In all fairness... by scumdamn · 2018-01-02 15:16 · Score: 5, Informative
  
  I'm saying that Intel tried to cripple all processors but the dude from AMD told him their products weren't vulnerable and didn't need to be slowed down.
7. Re: In all fairness... by viperidaenz · 2018-01-02 15:21 · Score: 3, Insightful
  
  They didn't explicitly create a patch for AMD CPU's. They made changes that patch ALL x86 CPU's, regardless of vendor.
  AMD submitted a vendor check to disable the patch for AMD CPU's
8. Re: In all fairness... by Anonymous Coward · 2018-01-02 16:32 · Score: 3, Informative
  
  When it comes to intel C compiler, optimizations that would work on AMD chips are left out when compiling for that CPU, because "we wouldn't presume to know what would work and what wouldn't on a competitor's chip!"
  Yet in this case, they presumed to know what was best for a competitor's chip.
  Funny how the error always falls to Intel's favor. One might think it wasn't an error at all.
9. Re: In all fairness... by TheRaven64 · 2018-01-02 18:10 · Score: 3, Interesting
  
  When it comes to the C compiler, Intel puts some things behind microarchitecture tests because in the past they didn't and people complained. They enabled fast paths after doing feature checks and it turned out that a bunch of x86 chips implemented certain instructions, but in microcoded slow paths and the optimised icc version that used them ran a lot slower than the version that didn't. As a result, they only enable certain instructions on chips that they have tested and which run faster when those instructions are used. And then people complained that they weren't doing optimisations on their competitors chips...
  In this case, there is a vulnerability affecting a bunch of x86 processors, they issued a patch for x86 processors. This is exactly the right thing to do for a security issue: blanket enable and then whitelist safe CPUs.
  
  --
  I am TheRaven on Soylent News
10. Re:In all fairness... by nnull · 2018-01-02 20:35 · Score: 3, Interesting
  
  This, I don't completely understand the reasoning for crippling all processors, including non-intel. It seems Intel is trying to use its political clout to reduce everyone's performance with a bunch of fear and scare tactics which just tops the charts for 2017 and 2018, just so they don't lose their edge. This is just an utter catastrophe for Intel and they're trying to drag the rest of us with them.
11. Re: In all fairness... by Zocalo · 2018-01-02 21:37 · Score: 2
  
  This. Without being privy to the closed discussions about how to engineer the patch (which AMD was clearly a part of) we have no way of knowing whether this wasn't the agreed approach. It's not like AMD would really want Intel making the decision over whether or not each of their CPU SKUs were vulnerable, and I doubt Intel would want to make that call either - they've got more pressing matters than trying to exploit AMD CPUs to deal with and they'd have to assume AMD would eat their lunch in court if they got one wrong. Time will tell though, I'm expecting some more details to come out on this aspect of it once the embargo lifts, and I doubt AMD will be shy about it if they think Intel tried to stiff them when they do.
  
  --
  UNIX? They're not even circumcised! Savages!
12. Re:In all fairness... by zifn4b · 2018-01-03 00:40 · Score: 2
  
  Hanlon's Razor: Never attribute to malice that which can be adequately explained by stupidity
  
  --
  We'll make great pets
How could this be abused? by jader3rd · 2018-01-02 10:46 · Score: 4, Interesting

Sorry for the lack of imagination, but if the user space process can only read kernel memory, and can't write to it, how could one make use of this?
1. Re:How could this be abused? by OverlordQ · 2018-01-02 10:48 · Score: 5, Insightful
  
  You're running in EC2 on shared hardware. Your instance can read the memory of other instances running on the same physical hardware.
  
  --
  Your hair look like poop, Bob! - Wanker.
2. Re:How could this be abused? by pereric · 2018-01-02 11:00 · Score: 5, Interesting
  
  Cryptographic keys, information on other processes (making other attacks feasible), perhaps random number generator seeds and status, for example ...
  And the principle in general that there could be information the process is not supposed to reach.
3. Re:How could this be abused? by EndlessNameless · 2018-01-02 11:09 · Score: 5, Interesting
  
  Private keys for system-level crypto and user credentials are stored in kernel space. You want everyone on the system to be reading those? If you can read a private key or a Kerberos token, you can become that daemon/system/user.
  This bug essentially destroys local security and severely compromises network security, subject to any limitations on where/when data can be read.
  I'm not a microarchitecture guru who can dig through the details and figure out the limitations of potential attacks. Perhaps only a small portion of kernel memory can be exposed via this bug. I don't really know. The naive, simple scenario where all kernel memory is exposed, though---that is pretty damned bad. Infosec doomsday bad.
  
  --
  
  ---
  According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
4. Re:How could this be abused? by Anonymous Coward · 2018-01-02 12:33 · Score: 2, Interesting
  
  You're running in EC2 on shared hardware. Your instance can read the memory of other instances running on the same physical hardware.
  Yep, "the cloud" bites again.
  When are you supposedly "technically sophisticated" people going to learn that security inherently means running on your own hardware?
  When you cheap out, you lose. Performance, security, integrity, reliability - everything.
  VM specifically: For most local-system applications, VM is a long in the tooth, unneeded hangover that drops performance. I have 64 GB of RAM. I killed VM long ago (under OS X, it's fairly easy to do) and gained substantially in performance. I run a lot of big, hungry apps, too. Zero problems, faster. It's not the 1990's any longer. Memory is crazy cheap these days compared to your time and security and energy and wallet thickness; you should have lots and lots. If you don't, then there's your error.
  If you really need a cloud (well, you probably don't, but there are exceptions) then you should build your own cloud. The software's out there. Sharing hardware is not a good idea.
  If you won't, or can't, run your own system(s) then you're walking in dogshit. Some of it will eventually stick to your shoes. While the cloud people will be LOL'ing on your dime, suckers.
5. Re:How could this be abused? by LordKronos · 2018-01-02 13:30 · Score: 3, Informative
  
  He confused me at first with the mention of VMs as, like you, I initially thought he was talking about Virtual Machines (especially given the context of cloud computing and hardware sharing). But he was actually talking about Virtual Memory. Not sure how he got from one topic to the other, but it's pretty clear:
  "Memory is crazy cheap these days compared to your time and security and energy and wallet thickness; you should have lots and lots. If you don't, then there's your error."
6. Re:How could this be abused? by Mad+Merlin · 2018-01-02 13:31 · Score: 3, Insightful
  
  When you cheap out, you lose.
  You're assuming that the cloud works out cheaper. Sometimes it does, but for many cases it does not (and it's not even close).
  
  --
  Game! - Where the stick is mightier than the sword!
7. Re:How could this be abused? by viperidaenz · 2018-01-02 15:23 · Score: 3, Informative
  
  You've confused virtual address space for swap.
five to 30 per cent slow down by rwven · 2018-01-02 10:46 · Score: 2

I find it hard to believe that a virtual memory change will result in a 5-30% slowdown for Intel processors. Maybe for a few extremely specific (likely edge-case) tasks, but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.
1. Re:five to 30 per cent slow down by jonwil · 2018-01-02 10:52 · Score: 2
  
  If the choice is a 30% slowdown or a massive highly dangerous security flaw, the developers will pick the 30% slowdown. Especially if that flaw is a big problem for people using VMs (there are suggestions in some places that the flaw would be a HUGE problem for cloud providers like Amazon). That said, if you are running Linux and dont care about the security flaw but do care about the slowdown, you can always compile your own kernel without the relavent bits in there :)
2. Re:five to 30 per cent slow down by Carewolf · 2018-01-02 10:56 · Score: 4, Informative
  
  I find it hard to believe that a virtual memory change will result in a 5-30% slowdown for Intel processors. Maybe for a few extremely specific (likely edge-case) tasks, but if there was a legitimate 5-30% performance decrease, you can bet there would be a far different solution in the works that would suitably fix the problem.
  Virtual memory access is used in every single memory access cached or not. 5% would be lucky for trying to work around a broken system. I am guessing the flaw is probably in the TLB which is meant to accelerate these things.
3. Re:five to 30 per cent slow down by gravewax · 2018-01-02 10:58 · Score: 2
  
  I can see it being a problem for shared providers etc. HOWEVER, I know a lot of cases in the customer I am working with they will happily accept the risk rather than take an even 5% performance hit as they use the machines for dedicated tasks so if rogue code was somehow on their they would have already been seriously compromised. So I seriously hope regardless of OS that their is a way to disable the fix easily while staying in a supported state if the performance hits are more than just FUD.
4. Re:five to 30 per cent slow down by Zocalo · 2018-01-02 11:20 · Score: 4, Informative
  
  Linux users don't even need to compile a custom kernel (although if performance *really* matters you should probably be doing so as a matter of course) as there's a boot time option in the that can be set to disable the new Page Table Isolation mode, "nopti". Without knowing the performance hit for a specific usage case and the nature of the flaw its currently impossible to say whether using it is going to be a good idea or not, but it's nice that they at least thought to include the option. Pretty sure BSD will do the same, but feel free to place your bets on commercial operating system vendors...
  
  --
  UNIX? They're not even circumcised! Savages!
5. Re:five to 30 per cent slow down by LinuxIsGarbage · 2018-01-02 11:26 · Score: 2, Insightful
  
  If the choice is a 30% slowdown or a massive highly dangerous security flaw, the developers will pick the 30% slowdown.
  
  As it is it seems a lot of developers choose "30% slowdown" over "spend some time to write not shit code".
  "Premature optimization is the root of all evil" gets turned to "Do no optimization whatsoever, have no understanding of underlying hardware, and pick the latest trendiest framework that runs on top of 5 layers of framework to provide 6502 performance from an i7."
6. Re:five to 30 per cent slow down by sjames · 2018-01-02 12:11 · Score: 3, Insightful
  
  They don't have a choice. The cost is quite believable since the workaround involves mapping the kernel in and out of the process space for every system call. Keeping it mapped in and keeping the page tables hot in the cache helps performance a lot.
  The real fix involves new silicon.
7. Re: five to 30 per cent slow down by Anonymous Coward · 2018-01-02 12:12 · Score: 2, Interesting
  
  By "virtual memory" are we talking Page Files and swap space? Disk space as memory?
  No. On modern processor running in protected mode, all memory is virtual. Memory pages that appear contiguous could be backed up by NON-contiguous areas of physical memory, device i/o space, numa, swap, etc. This bug may affect any memory access in userspace.
  
  So an almost unusuable computer becomes completely unusable.
  OK about the second part. The first part is a matter of opinion ;-)
8. Re:five to 30 per cent slow down by sjames · 2018-01-02 12:16 · Score: 2
  
  This is a good point. If the machine lives in a protected environment where only approved software is used by authorized users, disabling the fix to avoid the slowdown might be the right thing.
  But I'm pretty sure the slowdown in this case isn't FUD. Otherwise we'd hear Intel loudly denying it by now.
9. Re:five to 30 per cent slow down by dryeo · 2018-01-02 12:58 · Score: 2
  
  provide 6502 performance from an i7
  Good, it's a step in the direction of improving latency. Next, replace the rest of the computer with an Apple //E and we'll have something responsive.
  Article measuring latency of various computers that finds the Apple //E to have the least latency in displaying a character, https://danluu.com/input-lag/
  
  --
  https://en.wikipedia.org/wiki/Inverted_totalitarianism
10. Re:five to 30 per cent slow down by grimr · 2018-01-02 12:58 · Score: 5, Informative
  
  I don't think you understand how drastic this fix is. Every time a user mode to kernel mode transition happens and every time a hardware interrupt happens, the entire page table directory layout has to be switched. This means all the TLB caches are flushed as well and that's where the main performance hit comes from.
  So if you're doing something like crypto currency mining you're not going to see much of a hit. But if you're doing a lot of I/O (file servers, database servers, web servers, etc.) you're going to see that 25-35% performance hit.
  And that's why hardware bugs are so serious. Sometimes you get lucky and it's a microcode update with no penalty. Sometimes it's a simple fix with barely any performance penalty. But sometimes you get unlucky and the fix hurts a lot and the only way to get the performance back is to swap out the hardware.
11. Re: five to 30 per cent slow down by grimr · 2018-01-02 13:02 · Score: 2
  
  Virtual memory is just the mapping of a virtual address space to a physical address space. Paging is the swapping out of memory to disk so you can allocate more than you physically have. Virtual memory is what's commonly used to implement paging.
  This bug is a flaw with the virtual memory protection mechanism that stops user code from reading kernel data.
12. Re:five to 30 per cent slow down by Anonymous Coward · 2018-01-02 14:25 · Score: 3, Informative
  
  Every process runs in virtual address space--EVERY process. Low level device drivers on X86 might need to map to physical, but nearly everything is virtual. Certainly everything in user-mode.
  This is why process 1 memory location 10000 is a different piece of physical ram from process 5 memory location 10000. Different virtual address spaces. Each such mapping between each virtual address space and physical space is stored in a "page table". (Pages might also not currently exist in physical ram and the OS handles that, e.g., load from disc, make up from scratch or whatever, but that's a separate discussion.)
  The main cost of a context switch between processes is flushing the "TLB" (translation lookaside buffer) - it's essentially a cache of "for the current process, what virtual addresses map to what physical addresses".
  Traditionally, OS's separated the virtual address space into 'Kernel' and 'User' portions. (Those of you that remember /3GB switch on NT know all about this.) This way, jumping into the Kernel is might lighter-weight than jumping between processes because the TLB is still valid and thus doesn't need flushing. The TLB's data about kernel address space is correct.
  The performance hit is this turns every transition from user-to-kernel from "a quick update of the current privilege level" into a full "load new page table and full TLB flush" as the kernel no longer lives in the same virtual address space. This is a huge hit on every kernel call.
  The only OS's that wouldn't be affected by this are ones that use a single address space; or already separate everything including their kernel into separate virtual address spaces. Maybe a microkernel OS isn't affected, and single-address-space things like Unikernels and (Microsoft Research's) Singularity wouldn't be. Non-protecting operating systems also wouldn't be affected as they don't have security to begin with--for example, FreeDOS which aims to still run on 8088 chips, doesn't have any kernel protection or multitasking so it cannot be affected.
13. Re: five to 30 per cent slow down by MrKaos · 2018-01-02 16:46 · Score: 4, Interesting
  
  By "virtual memory" are we talking Page Files and swap space?
  
  Almost. The difference is a minor or major page fault. From swap space to ram to CPU cache is a major page fault whereas a memory transfer is between the CPU cache (L1,L2 or L3) and system RAM is a minor page fault.
  
  Disk space as memory?
  
  No. Between CPU cache and system RAM. In this case the issue relates to minor page faults which occur when the CPU scheduler is switching tasks, called "context switching", between processes, threads and lwt running on the system.
  The kernel maintains a summary page of the process when it switches tasks so that it doesn't have to recreate details of the process and is more efficient when it switches tasks. It is this summary page that can be attacked and IIUC addresses can be changed to access memory the process does not have permission to access.
  This means that a process running in the userspace of Ring 3 of the CPU it can modify it's summary table to access data in Ring 0, where the kernel is. Which is obviously bad because now that process can access all the memory.
  
  So an almost unusuable computer becomes completely unusable. Unless you're on solid state, then you get the performance of a mechanical hdd.
  Maybe, but not how you would expect. The CPU scheduler *may* make it possible to hide some of the latency created by the now crippled context switching in mechanical disk latency that you can't do with ssd because of the way IO determines *when* the scheduler will context switch. Still early days and it depends on what techniques can be devised. It depends on where the summary tables are maintained and I would expect that to be in CPU cache, which is much faster than system RAM, which is why it is a tough bug to get around.
  With that in mind it's plain to see why the Linux kernel devs want to call the patch fuckwit_ because Intel screwed up badly on this.
  
  --
  My ism, it's full of beliefs.
14. Re:five to 30 per cent slow down by TheRaven64 · 2018-01-02 18:34 · Score: 2
  
  Note that this wouldn't be the first time that Linux has done this. RedHat kernels used to support a 4GB/4GB address split on i386 PAE systems. Conventionally, on 32-bit systems, the kernel reserves the top 2GB of the address space and userspace gets the bottom 2GB. When this started to get cramped, the was an option to reserve the top 1GB for the kernel and make the bottom 3GB available for userspace. Sometimes, even that wasn't enough, so with a 4GB/4GB address split both get completely separate page tables and you do a page table swap on every kernel entry and exit. I remember it came with a performance hit, but I vaguely remember that it was closer to 5-10% back then (which some people were willing to pay if it meant that their code that needed 3.5GB of RAM actually ran, with the kernel using 3GB of RAM). It was fairly short lived, because most people who had a real use for it bought x86-64 hardware.
  
  --
  I am TheRaven on Soylent News
This could be massive by Artem+S.+Tashkinov · 2018-01-02 10:47 · Score: 5, Interesting

The developers behind the GRSecurity project measured up to 63% performance loss. If most common tasks are equally affected, Intel is sure fucked. Home users might not need to bother, but large cloud providers might be seriously affected.
Meanwhile the Linux kernel has received the largest incremental minor patch in its history (229KiB) - perhaps kernel 4.14.11 already contains all the required fixes.
I have a sneaking suspicion Intel shares will fall through the floor in the next few weeks because Intel CPUs might have suddenly become quite slower than their AMD Zen based counterparts.
1. Re:This could be massive by Artem+S.+Tashkinov · 2018-01-02 10:52 · Score: 5, Informative
  
  Some PostgreSQL results have just been released: up to 23% performance loss. This is indeed huge.
2. Re:This could be massive by scumdamn · 2018-01-02 10:57 · Score: 5, Informative
  
  Doesn't look like it's everybody. https://lkml.org/lkml/2017/12/...
3. Re:This could be massive by grimr · 2018-01-02 12:42 · Score: 4, Informative
  
  Nope. Page Table Isolation is the fix and not the fault. But isolating the userland and kernel page tables means you have to switch between them each time you go from user mode to kernel mode and back. This slows things down.
  AMD CPUs don't have the bug where user mode can read kernel pages so does not require this isolation and the performance hit caused by enabling it. From the AMD email: "The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault."
4. Re:This could be massive by Qzukk · 2018-01-02 14:44 · Score: 4, Interesting
  
  Based on this link from Hacker News: https://cyber.wtf/2017/07/28/n... and the linked email/patch from AMD, it looks like what happens is that AMD checks memory permissions up front before allowing an instruction into the pipeline, while Intel made the memory permission check as a later part of the pipeline, apparently after the memory was accessed and inserted into the cache.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
5. Re:This could be massive by Motherfucking+Shit · 2018-01-02 15:40 · Score: 4, Interesting
  
  I have a sneaking suspicion Intel shares will fall through the floor
  Intel's CEO agrees; a couple weeks ago he sold all the Intel stock he can. If he'd dumped any more shares, he would have had to forfeit his job. That isn't a man who's confident about the future of his company...
  
  --
  "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
6. Re:This could be massive by Zocalo · 2018-01-02 22:18 · Score: 3, Interesting
  
  This flaw has been known about since at least October, and probably even sooner since early code to fix it starting coming out in November, which makes it seem *highly* likely that he was aware of the it and the potential impact when he took the decision to commit to the November sale. Also, as CEO, there's no way that he can plausibly claim "I didn't know about it" like the two Equifax execs who executed a stock sale just before their breach announcement did without coming across as completely incompetent and unfit for the CEO role. This reeks of insider trading, and after the outcry over the Equifax execs I can't imagine that the SEC isn't going to want to take a good hard look at this stock sale as well.
  
  I'm sure his vested options will pay for some really good lawyers but, even so, forfeiting his job could be the least of his problems.
  
  --
  UNIX? They're not even circumcised! Savages!
Obligitory LWN link (Also affects ARM64) by sl3xd · 2018-01-02 10:52 · Score: 5, Informative

Linux Weekly News has been covering this for quite a while.
5% slowdown on average, with up to 30% for some particularly bad network operations.
ARM64 is also affected, so it's not just intel

--
-- Sometimes you have to turn the lights off in order to see.
And, time for AMD to shine again by NuclearCat · 2018-01-02 10:57 · Score: 5, Informative

And what is interesting, AMD is immune to that, proof: https://lkml.org/lkml/2017/12/...
AMD is safe by TeknoHog · 2018-01-02 11:00 · Score: 5, Informative

The summary is not fully explicit: this is not a flaw in Intel x86 ISA, but specific to CPUs made by Intel. AMD processors don't have the problem, so they should not need the patch.
https://lkml.org/lkml/2017/12/...
This could be a huge win for AMD, because the patch incurs a measurable slowdown. At the moment, though, the Linux fix doesn't seem to distinguish between manufacturers. I expect the distinction will appear later -- better safe than sorry.

--
Escher was the first MC and Giger invented the HR department.
More info on the subject by trybywrench · 2018-01-02 11:02 · Score: 4, Informative

some of my sys admin friends posted this on a slack channel i'm in, apparently it's a big deal

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

--
I came to the datacenter drunk with a fake ID, don't you want to be just like me?
Re:tanenbaum's revenge? by mikael · 2018-01-02 11:16 · Score: 3, Insightful

And this comment. Someone could feel the storm coming.
KAISER: hiding the kernel from user space
Posted Nov 16, 2017 7:21 UTC (Thu) by alkbyby (subscriber, #61687) [Link]
Looks like something bad is coming. Such as mega-hole maybe in hardware that can be mitigated by hiding kernel addresses.
Otherwise I cannot see why simply hiding kernel addresses better, suddenly becomes important enough to spend massive amount of cpu on it.
- This isn't the first time. There was a problem a decade ago with Intel CPU's, when separate process threads could access each others data through cache memory.

--
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Re:Deja Vu by Artem+S.+Tashkinov · 2018-01-02 11:30 · Score: 3, Informative

Results varied. Some workflows experienced a very significant performance loss however, e.g. Firefox became twice as slow, WinRAR four times as slow.
The future by Artem+S.+Tashkinov · 2018-01-02 11:44 · Score: 4, Interesting

I'm curious how much Cannon Lake and Ice Lake CPU architectures are going to be delayed. Since Cannon Lake is basically SkyLake on a 10nm node, Intel cannot release it with such a glaring hole which causes such a significant performance loss.
I've been running a Sandy Bridge CPU for seven years now, and now I'm really looking forward to the second gen Zen CPUs. Viva, competition. I'm really glad AMD is still around.
1. Re:The future by sl3xd · 2018-01-02 12:12 · Score: 2
  
  I'm curious how much Cannon Lake and Ice Lake CPU architectures are going to be delayed.
  
  I'm going to go out on a limb and say "not at all"
  CPU design pipelines are pretty long; generally requiring at least a year to go from "Tape Out" to fabrication.
  Releasing no chip (and staying with an even slower current generation) is just not an option.
  Cannon Lake and Ice lake are still an improvement on Intel's current offering, and can still compete against AMD's offering.
  Intel managed to move on after the (even more dire) disasterous NetBurst architecture; there's no reason to believe they won't get past this issue.
  It's nice to see that AMD is finally back in the race.
  
  --
  -- Sometimes you have to turn the lights off in order to see.
Intel CEO Sold a lot of stock... by Nos. · 2018-01-02 11:56 · Score: 5, Interesting

https://www.fool.com/investing...
Less than a month before we know the linux kernel was being patched for this bug.
1. Re:Intel CEO Sold a lot of stock... by sl3xd · 2018-01-02 12:27 · Score: 5, Informative
  
  This bug has been known and reported about since early November; the original paper was presented in July of 2017, and code has been in Github since Feburary.
  Motley Fool is just noting that the Intel CEO isn't holding any more stock than he needs to.
  And there are good reasons:
  * AMD is back from the dead.
  * Intel's GPU hasn't been that successful -- they've even teamed up with AMD to put Radeon GPU's in the same die as an Intel CPU.
  * PC sales are declining as consumers shift from Intel PC's to using ARM-powered tablets & phones instead.
  * ARM is making inroads into the "desktop and laptop computer" marketplace.
  * ARM is powering most consumer electronics as well (TV's, Blu-ray players, Smart Speakers, etc)
  * Intel is absolutely nowhere in the mobile world. Mobile has one ARM to rule them all.
  * Intel missed the boat for the current generation of XBOX and PlayStation consoles.
  Intel is looking more and more like a one trick pony, and its competitors are beginning to do that one trick better too.
  
  --
  -- Sometimes you have to turn the lights off in order to see.
... and this is why ... by nbvb · 2018-01-02 12:08 · Score: 5, Interesting

This is why we run our mission critical workloads on SPARC and Power along side Linux. Solaris and AIX. Diversity -- in operating system, in processor, in manufacturer - is healthy. The SPARC T8's are blazing faster, secure, and don't have this nonsense. Neither do our POWER8's. Having all your eggs in the Intel+Linux basket could be a major shitshow here... meanwhile, we'll keep chugging along.
Re:Go ARM Go by andydread · 2018-01-02 13:36 · Score: 5, Informative

really sorry to bust your ARM bubble. https://lwn.net/Articles/74039...
Speculative Memory References and Page Faults by bill_mcgonigle · 2018-01-02 13:42 · Score: 5, Interesting

From the AMD commit:

AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
this can probably be rewritten in the inverse like:
Intel processors ... allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode, [including]
when that access would result in a page fault.
So it seems like: set up a speculative memory reference to a kernel memory structure, cause a page fault, and then get a bit of kernel memory out (and back in?). That could get you root before long. Some people have been saying this can be leveraged to get a guest into its hypervisor too.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
FUCKWIT by goombah99 · 2018-01-02 13:45 · Score: 2

not you. thats's what the Linux team wanted to call this bug.
I read the El Reg article but I still don't understand what it is saying. At all levels. I don't understand if this means all intel processors or just the new ones. I don't understand if the 20% slowdown is for a tiny fraction of operations in the OS or if it means that things like e-mail, firefox or general python programming will be slowed down 20% overall. The latter would be a disaster. (could I ask intel to refund 20% of my computer costs?). And what's the consequences of not patching? Is the OS unstable or not use memory efficiently or "just" a security hole?

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:FUCKWIT by Waffle+Iron · 2018-01-02 17:09 · Score: 4, Insightful
  
  I'm not in the habit of running random binaries downloaded from the Internet
  As TFS implies, given that Javascript required to do almost anything on the web, you are most likely downloading and running random code from the internet that could potentially exploit this bug hundreds of times every day.
2. Re:FUCKWIT by Waffle+Iron · 2018-01-03 04:11 · Score: 2
  
  It still requires dereferencing kernel address space. How do you pull that off otherwise?
  With a timing attack, you don't need to dereference anything. From the Wikipedia article:
  
  Likewise, if an application is trusted, but its paging/caching is affected by branching logic, it may be possible for a second application to determine the values of the data compared to the branch condition by monitoring access time changes; in extreme examples, this can allow recovery of cryptographic key bits.
3. Re:FUCKWIT by Waffle+Iron · 2018-01-03 04:50 · Score: 2
  
  Since large fractions of all systems run the exact same OS images, people DO know much of the system state ahead of time.
  You also don't need to know much about leaked kernel information to make use of it. In a scattershot approach, you try whatever bits you infer to decrypt data. If you're lucky, you find a match. If you attack thousands of systems, you're likely to get lucky.
  In summary, you're just way too overconfident. It only takes one really smart person to package up a hard-to-execute attack and make it conveniently available to everyone else.
Re:What about games? by Xenx · 2018-01-02 14:27 · Score: 2

You're over generalizing. You're also assuming people are playing games that are console ports. I play a few games that are already CPU limited. There are also a few popular titles that are cpu intensive. PUBG being a big one right now. I'm not saying this fix is going to make it worse, as I don't know. But, a huge hit to CPU performance would make a huge impact on those games.
Re:Either that or a lawsuit by Xenx · 2018-01-02 16:00 · Score: 2

If you're provided three options, and only three options, you're forced to pick one. Inaction is a choice that would force at least one of the options.
Re:MacOS? by bruce_the_moose · 2018-01-02 16:22 · Score: 2

Cue the lawyers to initiate class action lawsuits against Apple once they release their patches to deliberately slow down older machines in the face of a hardware limitation.

--
To reduce crime, make fewer things against the law.
Re:Caching is what makes CPUs fast by TheRaven64 · 2018-01-02 18:30 · Score: 4, Interesting

Leaving stale ones is often fine. FreeBSD does this intentionally in the transparent superpage promotion. When it condenses adjacent pages into a single superpage in the page tables, it doesn't invalidate the TLB entries. The exact behaviour of this varies between CPUs. When you get a TLB miss in an adjacent address range, it's filled from the superpage entry and now you have two TLB entries for the same virtual address[1]. Intel will just discard the smaller one, Centaur will note the mismatch, invalidate both, and refill from the page table, gem5 will crash (I think we've upstreamed the fix for this), and I'm not sure what AMD does.
Your example is highly unlikely, because the kernel typically reserves the top half of the address space for itself and an attempt by userspace to map anything in this range will fail. On x86 chips, there's a huge gap in the middle of the address space (it actually makes more sense to think of virtual addresses as signed values, with userspace ones being positive, kernel ones being negative, and the size of the number somewhat less than 64 bits [microarchitecture specific]). The kernel map, by default, will include the entire userspace portion of the address space for the current process, so that copies between kernel and userspace are cheap.
This kind of TLB invalidate is actually cheap on AMD, because they implement a tagged TLB with the cr3 value as the tag, so swapping cr3 values implicitly invalidates the TLB, but the entries become valid again when you reset the entry. The PCID feature, which is apparently the cause of this vulnerability, is largely a result of the fact that AMD patented this technique and so Intel doesn't use it.
[1] Some old SPARC chips would literally catch fire if you did this: the TCAMs would run hot enough to burn.

--
I am TheRaven on Soylent News
Re:Class-Action Lawsuit? by Chrisq · 2018-01-02 20:43 · Score: 2

If I bought a car with X horsepower, and suddenly something was found wrong with it and it had to be modified to work, and was suddenly X - 10%, I'd expect compensation.
Funnily enough people are bringing a class action lawsuit for exactly this against Volkswagen after a fix to the emissions cheat reduced the power of their cars.
HPC cluster by DrYak · 2018-01-02 21:41 · Score: 2

I don't know, but maybe he runs an high performance computing (HPC ) cluster.
With compute nodes segregated on a separate network that might not even have internet access,
and certainly not running random javascripts downloaded from random websites.
And in these context, performance matters a lot,
while security is handled in a "perimeter" fashion.
In those cases, it makes sense to have an option to disable the fix.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Re:Either that or a lawsuit by Pyramid · 2018-01-03 06:23 · Score: 2

"you cut 30% off the performance of my CPU expect to hear about it.
--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-..."
I can't be the only person who sees the irony of a person complaining about performance degradation and that they make Firefox plug-ins in the same post.

--
~Any apparent grammatical or typographic errors are caused by defects in your display device.