SoylentNews is people
SoylentNews
Submission Preview
Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35%
Previously: Major Hardware Bug Quietly Being Patched in the Open [soylentnews.org]
A bug that affects Intel processors requires Kernel Page Table Isolation in order to be mitigated [theregister.co.uk]:
It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.
The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
The fix could dramatically lower performance [siliconangle.com] for some workloads:
The Python Sweetness blog, which first reported on the bug, said the vulnerability was first identified by developers working on the Linux kernel, though it also affects Windows operating systems. It added that a number of major security patches [kernel.org] for the Linux kernel have been pushed out over the Christmas and New Year holidays, which are likely to be an attempt to fix the new bug. These kernel updates have provided a workaround that can prevent attackers from exploiting the bug, but the problem is that doing so comes at a heavy cost. In technical terms, the fix involves using Kernel Page-Table Isolation or PTI to restrict processes so they can only access their own memory area. However, PTI also affects low-level features in the hardware, resulting in a performance hit of up to 35 percent for older Intel processors.
[...] "Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November," the Python Sweetness blog reported [tumblr.com] Monday. "In the worst case the software fix causes huge slowdowns in typical workloads." These slowdowns were highlighted by Brad Spengler, lead developer of grsecurity, which is a set of patches for the Linux kernel which emphasize security enhancements. According to HotHardWare [hothardware.com], Spengler said an Intel Core i7-3770S GPU will take a 34 percent performance hit, while the new Intel Core i7-6700 will run 29 percent slower.
The Linux fix can be disabled [iu.edu], which you will likely want to do if you use an AMD processor.
December 19, 2017: Intel's CEO Just Sold a Lot of Stock [fool.com]
Did Krzanich use that money to buy AMD stock?
