Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

C

clam1952

Welsh Narrow Gauge nut.
Just picked this up on Ten Forums https://www.tenforums.com/windows-1...mory-leaking-intel-processor-design-flaw.html

Original article on the register here https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/


A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.
Click to expand...

Ouch! 30% slowdown!
 
Oh joy. Another Windows update to screw up my 3DS Max licences. Thanks Intel.

I read as much of The Register article as I could stand. The quote that stays with me is this;

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka F*CKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."
:hehe:
 
Last edited:
If you use virtual machines ie data centre the impact is greater. Currently its expected that ordinary users won't see any major impact.

Cheerio John
 
Seems to be a lot of misleading information being circulated about this.

Patch is already out from the Update Catalogue, Microsoft have brought forward the cumulative update that contains the kernel patch.

Installed it and TANE still running OK, no noticeable slower problem here in TANE.
 
clam1952 said:
...
Patch is already out from the Update Catalogue, Microsoft have brought forward the cumulative update that contains the kernel patch.

Installed it and TANE still running OK, no noticeable slower problem here in TANE.
Click to expand...

Which patch?

Don't think the processor speed was ever a problem for TANE but rather I/O and GPU.

Suddenly, AMD processors seem a bit more attractive for my next PC. :D
 
pcas1986 said:
Which patch?

Don't think the processor speed was ever a problem for TANE but rather I/O and GPU.

Suddenly, AMD processors seem a bit more attractive for my next PC. :D
Click to expand...

Included in January 3, 2018 - KB4056892 (OS Build 16299.192)

Apparently Insiders got it in November.....
[h=2][/h]
 
Hi everybody.
Google have released a statement this morning advising that this security flaw is incumbent to processers made not only by Intel but also AMD and ARM chipsets. The foregoing means that not only desktop PCs and laptops are at risk but also many millions (if not billions) of mobile devices worldwide can be severely compromised.

According to Google the problem has been known of for several months but solutions have not come forward in that time to secure users devises. However, it would seem that “now the cat is out of the bag” that at least temporary upgrades and patches are now suddenly available.

In the above and in regard to to same problem,Amazon has put out a strange statement advising that this problem has been known about for the last “twenty years” Really?

However, Microsoft, Google and Amazon are advising business users that their cloud database servers are secure by way of Azure, Drive and Amazon Web Services but security could be compromised on desktops, laptops and phones while data is being processed within those devices.

As users we can only now wait and see how this whole thing now pans out. However, it is worth thinking on that if the patches and upgrades now being rushed out slowdown such systems as the world’s major banks by 30% just what impact that may have.

First day back at the office from my Christmas and New Year break to find everyone talking and worrying on this one (LOL)

Bill
 
Might want to check what AMD are saying before believing anything that Google announce.
See AMD's latest update https://www.amd.com/en/corporate/speculative-execution

Anyway all seems to be well here, having run some benchmarks, some are slightly better than before the patch some slightly worse only talking tiny differences here, so don't think it's likely to affect home users or TANE. No difference on my AMD system either after the patch.
 
pcas1986 said:
Suddenly, AMD processors seem a bit more attractive for my next PC. :D
Click to expand...
The same team found a similar problem in a bunch of AMD chips. The article in which I learned this points to the website of that team:
https://meltdownattack.com/

Which systems are affected by Spectre?
Almost every system is affected by Spectre: Desktops, Laptops, Cloud Servers, as well as Smartphones. More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. In particular, we have verified Spectre on Intel, AMD, and ARM processors.
Click to expand...
 
oknotsen said:
The same team found a similar problem in a bunch of AMD chips. The article in which I learned this points to the website of that team:
https://meltdownattack.com/
Click to expand...

That would be an unlikely to happen issue in AMD chips according to AMD, afraid I don't have much faith in these so called security experts and their must tell the world and create hysteria every time they find a never used and unheard of by anyone possible exploit.

A bit like seeing your next door neighbour has gone out and left the door open and posting the fact on Facebook so all the burglars can pay a visit instead of keeping quiet and informing only the neighbour and shutting the door.

Performance wise seems to have been pretty much a non event.
 
The Google OS desktops that are ARM based here in the office have received an update this morning I have just been told. That will be rolling out to all users over the next 48 hours. So at least someone is getting the ball rolling in regard to ARM processers.

Better late than never I suppose in regard to the billions of phones running on ARM worldwide.
Bill
 
Last edited:
There are TWO bugs being patched urgently.

One called Meltdown , the other Spectre.

Meltdown is the Intel only one and that is the one which has the projected upto 35% slowdown. It affects
every Intel processor since 1995 that implements out-of-order execution is potentially affected by Meltdown – except Itanium, and the Atom before 2013.
Click to expand...
https://www.theregister.co.uk/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/

Spectre affects Intel, AMD, ARM cpus and is a flaw in branch prediction.

More info about the technicals at https://www.techrepublic.com/articl...he-technical-details-of-meltdown-and-spectre/
 
wholbr said:
The Google OS desktops that are ARM based here in the office have received an update this morning I have just been told. That will be rolling out to all users over the next 48 hours. So at least someone is getting the ball rolling in regard to ARM processers.

Better late than never I suppose in regard to the billions of phones running on ARM worldwide.
Bill
Click to expand...

Microsoft had the ARM updates available today as well.
 
clam1952 said:
Included in January 3, 2018 - KB4056892 (OS Build 16299.192)
...
Click to expand...

Thanks. I had to do a complete reinstall of Win10 after a crash and I think that update is included. The settings history is a bit vague and if you ask for more information, it goes on and waffles about some new feature. The web information on that KB says there were no changes to the O/S but MS might be playing with words.


The questions I have now are:

1. Is it the O/S that has to manage this?
2. Can it be fixed within the processor logic?
3. Do we have to wait for new processors before buying a new PC?

My first Pentium based PC had the maths coprocessor bug. Don't recall Windows being affected by it but the version of Linux I ran used to put some smart remark about it during the boot up process.
 
Latest Win 10 update and ASUS AI Suite 3.

Posting this in case it saves anyone else (Asus motherboard owners) from the grief I just endured.
Last night I received the Windows 10 emergency patch. After my PC updated and restarted, my Asus AI Suite 3 software (and possibly the GPU tweak fan service) would not load in - lots of Windows error reports. Ok, I thought, I'll remove and re-install the Asus utilities. Big mistake!

Doing this completely disabled all my USB devices, including the mouse and keyboard, rendering me unable to log in to Windows. I managed to get into Safe mode, but the USB devices remained disabled even on a Safe mode startup.

Thank goodness for system restore. I was able to go back to a state just before the Windows update and, as you can see, am now able to use my PC again. A quick Google search revealed that others have had a similar issue. This time around, AI Suite will remain uninstalled until such time as Asus issue a fix - if they ever do.
John
 
Vostrail - thanks for the heads up on the AI Suite 'fiasco'. I uninstalled mine earlier too due to incompatibilities with one of my earlier Windows Insiders Builds - and never bothered to reinstate it, as I didn't actually see the point afterwards. The fan service controller was the culprit back then too...
 
Gets worse, it appears we need bios updates and firmware updates as well now. https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in


Warning
Customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer.

Note Surface customers will receive a microcode update via Windows update.
Click to expand...

Needless to say have run the powershell script and non of my systems are fully protected, probably need to change the Executionpolicy to run it though as scripts are blocked.

I can see a lot of the non technical users ending up with a bricked bios.
 
Last edited:
You must log in or register to reply here.
Back
Top