This site may earn affiliate commissions from the links on this page. Terms of use.

Intel Kaby Lake

Intel's CPU security took some whacks a few months ago, with well-publicized problems with the Intel Direction Engine. If rumors are to believed, 2022 could boot off on an even worse year for the company. At that place'due south growing speculation that at that place's a major bug in Intel CPUs that requires a wholesale change in how Linux, Windows, and macOS map folio tables, with the apparent goal of preventing Intel x86 CPUs from disclosing the layout of the kernel address space to an aggressor. A similar patch is in the works for ARM systems as well; AMD CPUs are (every bit of this writing) not affected past this issue.

Here's what we know and so far: An initial article at LWN.Net lays out a new set of patches for the Linux kernel that began in late October and have continued through the nowadays day. These efforts focus on implementing kernel page-table isolation, or KPTI, which splits folio tables (currently shared between kernel space and user space) into 2 sets of data, one for each side. Microsoft is plainly prepping its own set and is expected to launch it in the not-likewise-distant time to come.

We don't know how attackers exploit the hardware bug in Intel and apparently ARM CPUs notwithstanding. All nosotros know is that it's apparently possible to discern the contents of protected kernel retentiveness past leveraging this exploit. There may exist some conceptual similarities to Rowhammer, the DDR retentiveness attack technique that nosotros've discussed before, in how this attack is carried out. Rowhammer can be used to alter the data stored in sure memory locations past "hammering" adjacent rows of DRAM until the electrical accuse in the target cells flips.

The blog Python Sweetness has published a fairly proficient discussion of what we know and don't know almost this security consequence, though the author of the post also links to an erroneous written report suggesting that AMD CPUs take a 50 percent performance hit when the software solution for the set is enabled (AMD CPUs, as of this writing, are non expected to need patching). The solution to the problem is to enable a capability known as page table isolation (PTI), but this plainly causes meaning operation degradation in some Intel CPUs running some workloads. Postgre SQL tests suggest slowdowns of 7 percentage to 23 pct, depending on which Intel CPU you lot examination.

Recent Intel CPUs may not be affected by this issue to the aforementioned extent every bit older fries, but I haven't been able to confirm that personally. At that place are references to using the "nopcid" instruction to disable other features Intel built into its Core microarchitecture to mitigate the functioning hit from separating the kernel and user memory space, but no clear demarcation on when those mitigating features were themselves introduced. The nopcid instruction was added with AVX2 support when Haswell was new, which would seem to imply that Intel CPUs pre-Haswell might confront larger penalties than fries post-Hawell.

Right at present, the list of what we don't know is longer than what we do. There are implications for cloud vendors and developers beyond the entire spectrum where ARM and x86 are deployed, just until nosotros know more virtually the security flaw and at-risk systems, we'd counsel confronting any quick conclusions. Chapeau-tip to Hot Hardware, where we kickoff saw the story.