Intel processor bug leads to Windows and Linux kernel updates and possible performance hits

[Hairy Weasel]

'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

"A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.""

"Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features to reduce the performance hit.

Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated – the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder."

[pipnina]

First IME is found to be vulnerable & unfixable, then someone gets their hands on an Intel JTAG, and now this.

 

Intel's processors sure are a security mess right now...

[Princess Luna]

That kind of thing people make a tempest in the cup of water but in the end it has affected like nobody outside Microsoft having to use some money they earn from selling Windows keys into fixing it.

[mynameisjuan]

"ballpark of 5-30%"....Thats one hell of a ballpark. 

[TheGlenlivet]

Any idea what CPUs are affected by this yet? The article doesn't seem to list any other saying Intel or AMD.

[Guest]

4 minutes ago, TheGlenlivet said:

Any idea what CPUs are affected by this yet? The article doesn't seem to list any other saying Intel or AMD.

All intel cpus from 4th gen onwards, no amd cpus.

[Dabombinable]

5 minutes ago, TheGlenlivet said:

Any idea what CPUs are affected by this yet? The article doesn't seem to list any other saying Intel or AMD.

Anything produced in the last decade.

Quote

Impact

It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the contents of protected kernel memory.

 

[TheGlenlivet]

Just now, Dabombinable said:

Anything produced in the last decade.

OOOOF.  That's a lot.

 

[TorqueS]

Okay, so this is a pretty big deal for devs, but before the flame war starts, someone with a bit more knowledge can tell us how this affects the normal user if at all. Anyone?

[Bananasplit_00]

4 minutes ago, Dabombinable said:

Anything produced in the last decade.

 

So... Literally all of Core I? Wow... 

[Hairy Weasel]

Well, after a Windows update in the coming weeks your Intel PC might suddenly be noticeably slower. The article says older Intel CPU's are hit harder than the more recent ones.

[Dabombinable]

3 minutes ago, TorqueS said:

Okay, so this is a pretty big deal for devs, but before the flame war starts, someone with a bit more knowledge can tell us how this affects the normal user if at all. Anyone?

This is where I recommend that you read the article.

[TheGlenlivet]

9 minutes ago, Hairy Weasel said:

Well, after a Windows update in the coming weeks your Intel PC might suddenly be noticeably slower. The article says older Intel CPU's are hit harder than the more recent ones.

-Puts on foil hat- 

Intel is intentionally degrading the performance of their older CPUs so you'll buy a new one!

-Removes hat_

Ok probably not.  This can't be good for PR or shareholders...

[Bit_Guardian]

48 minutes ago, pipnina said:

First IME is found to be vulnerable & unfixable, then someone gets their hands on an Intel JTAG, and now this.

 

Intel's processors sure are a security mess right now...

As if to say no one else's are. ARM TrustZone and MIPS Security Center have had tons of critical bugs filed against them in the last year (which also affects Zen for those paying attention). With hardware this complicated, security bugs are bound to come into the design, and security researchers are tenacious to say the least. You can find tons of "Breaking x86" type videos on YouTube from the Grey Hat conferences.

[Taf the Ghost]

2 minutes ago, TheGlenlivet said:

-Puts on foil hat- 

Intel is intentionally degrading the performance of their older CPUs so you'll buy a new one!

-Removes hat_

Ok probably not.  This can't be good for PR or shareholders...

We'll see how bad it's going to be, but it's going to effect Virtual Servers. That's going to hurt the Datacenter market.

[Bit_Guardian]

15 minutes ago, Bananasplit_00 said:

So... Literally all of Core I? Wow... 

Everything Gen 6 on down actually.

[TheGlenlivet]

3 minutes ago, Bit_Guardian said:

Everything Gen 6 on down actually.

Where is this info coming from?  Does anyone have a link to a list of effected processors?

[Bit_Guardian]

1 minute ago, TheGlenlivet said:

Where is this info coming from?  Does anyone have a link to a list of effected processors?

That's what I've seen come up in the Tom's and PCPer articles about this.

[Hairy Weasel]

3 minutes ago, Bit_Guardian said:

As if to say no one else's are. ARM TrustZone and MIPS Security Center have had tons of critical bugs filed against them in the last year (which also affects Zen for those paying attention). With hardware this complicated, security bugs are bound to come into the design, and security researchers are tenacious to say the least. You can find tons of "Breaking x86" type videos on YouTube from the Grey Hat conferences.

I agree, but this one stands out because the solution appears to be very costly in terms of performance. The 30% mentioned is probably a worst case scenario, but even 10% is a lot.

[mrkaru]

I wonder if there's anything anybody could do about getting refunds or something. a potential 30% decrease in performance is a pretty substantial loss. Especially since it's all down to manufacturing errors and the consumer is in no way to blame. 

[captain cactus]

48 minutes ago, mynameisjuan said:

"ballpark of 5-30%"....Thats one hell of a ballpark. 

Add a 60%+ performance hit for Skylake to that.

 

Would also like to point out AMD CPUs aren't hit with this bug at all, as stated here by AMD engineer Tom Lendacky: https://lkml.org/lkml/2017/12/27/2

 

[TheGlenlivet]

1 minute ago, Hairy Weasel said:

I agree, but this one stands out because the solution appears to be very costly in terms of performance. The 30% mentioned is probably a worst case scenario, but even 10% is a lot.

 

2 minutes ago, lots of unexplainable lag said:

Add a 60%+ performance hit for Skylake to that.

 

Would also like to point out AMD CPUs aren't hit with this bug at all, as stated here by AMD engineer Tom Lendacky: https://lkml.org/lkml/2017/12/27/2

 

I was just about to say even 5% would be bad in the enthusiast marketplace when the 63%  post came in.... yipes.........

[Dabombinable]

This also means that my laptop's A8 4555M looks a tad less mediocre.

[Bit_Guardian]

4 minutes ago, lots of unexplainable lag said:

Add a 60%+ performance hit for Skylake to that.

 

Would also like to point out AMD CPUs aren't hit with this bug at all, as stated here by AMD engineer Tom Lendacky: https://lkml.org/lkml/2017/12/27/2

 

I think Lendacky doth protest too much, as everything Excavator and below is still vulnerable to the APIC shift bug that used to affect Westmere on down (Intel patched, and AMD has yet to).

[Bit_Guardian]

And this bug should by all rights be microcode fixable. Microcode fixed the APIC bug, which is also a privileged memory access type exploitable by user space programs.