Spotted over on HN:
The mysterious case of the Linux Page Table Isolation patches (archive)
tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.
Turns out 2018 might be more interesting than first thought. So grab some popcorn and keep those systems patched!
(Score: 2) by Wootery on Tuesday January 02 2018, @11:25AM (5 children)
Way to ignore the way imperfections scale in computer systems.
An imperfection in the design of a shovel, causes some percentage of your customers to (rightly) ask for a refund when their shovel breaks.
CPUs are not like shovels. Your position appears to be that unless the CPU is perfect, all customers are entitled to a refund. This is clearly absurd.
Want a screw that will never rust or fail unexpectedly? You can get those, they're called medical-grade, and they cost vastly more than ordinary screws. Want a monitor with a guarantee of zero dead pixels or stuck pixels? The same thing applies.
You seem to want to hold consumer CPUs to the medical grade standard, without trading off against performance or cost. That just isn't realistic. If you regulate consumer-grade CPUs the way you regulate medical equipment, you kill the consumer CPU industry overnight. Formally-verified CPUs can indeed be made... at incredible expense.
(Score: 2) by Wootery on Tuesday January 02 2018, @11:28AM (2 children)
Oops, forgive the double reply: my example at the end there doesn't hold, as formal verification doesn't tend to help with side-channel issues like this. Real-world CPU perfection is even harder than that!
(Score: 2) by arcz on Wednesday January 03 2018, @05:11AM (1 child)
(Score: 1, Informative) by Anonymous Coward on Wednesday January 03 2018, @04:06PM
This is the specific issue we're discussing...
It seems they actually discovered a bug not in the x86 prefetch instructions (which could be fixed with microcode) but in Intel's speculative execution.
As to side-channel attacks, you should at least read up on anc [vusec.net] if not all 10 of the papers in the guys PHD thesis - "Software-based Microarchitectural Attacks". [gruss.cc]
(Score: 2) by arcz on Wednesday January 03 2018, @05:05AM (1 child)
(Score: 2) by Wootery on Wednesday January 03 2018, @10:23AM
That pricepoint still doesn't justify an expectation of flawless perfection, and they aren't being sold as critical-systems CPUs.
If you want a CPU appropriate for critical systems, there's a market for them. Most CPUs don't qualify, as they make different tradeoffs.