Spotted over on HN:
The mysterious case of the Linux Page Table Isolation patches (archive)
tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.
Turns out 2018 might be more interesting than first thought. So grab some popcorn and keep those systems patched!
(Score: 2, Insightful) by Anonymous Coward on Tuesday January 02 2018, @05:36AM (4 children)
So AWS, Azure etc. should be able to handle shutting down all their DRAM? I dislike single points of failure, but realistically avoiding that means avoiding standardization and really over complicates things.
(Score: 4, Interesting) by Anonymous Coward on Tuesday January 02 2018, @06:06AM (2 children)
There ought exist at least two types of memory which share an interface yet are implemented differently enough that vulnerabilities are very unlikely to be shared. If this was the case then they could literally just shut down the machines with the vulnerable kind, swap those sticks out, and bring them back up. Same interface, different internal details.
(Score: 2) by shortscreen on Tuesday January 02 2018, @10:08AM (1 child)
Oh! I know! What if they switch back to RAMBUS?
(Score: 4, Funny) by LoRdTAW on Tuesday January 02 2018, @01:39PM
Too late. They already patented the vulnerability and are working to release it in their next spec.
(Score: 0) by Anonymous Coward on Tuesday January 02 2018, @12:29PM
Yes. Yes they should. This is the cloud were talking about. Just compute around it like all their ads say they do.