Intel’s kernel memory leak flaw forces Microsoft, others to apply performance-slowing patch
What better way to ring in 2018 than forcing your software partners to scramble and fix a ten-year-old security flaw in the processors you’ve been peddling?
According to a report from the Register, there is a kernel memory leak in Intel processors design that now put Windows and Linux users in harms ways as programmers rush to apply patches as quickly as possible.
A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
As if that wasn’t bad enough, the advances in performance gained over the years in both Windows and Linux are about to be undermined by the very fixes necessary to protect users. Since the processor flaw is a hardware issue affecting chips over the last ten years, the patches that will be issued will be attempting to MacGyver a solution that separates kernel memory from user processing which will ultimately slow down machines.
PostgreSQL SELECT 1 with the KPTI workaround for Intel CPU vulnerability https://t.co/N9gSvML2Fo
Best case: 17% slowdown
Worst case: 23%
— The Register (@TheRegister) January 2, 2018
Here is John Leyden and Chris Williams really good explanation of the process and solution:
Think of the kernel as God sitting on a cloud, looking down on Earth. It’s there, and no normal being can see it, yet they can pray to it.
These KPTI patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.
The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.
Your Intel-powered machine will run slower as a result.
Before you Mac and Chrome users begin snickering, it appears that 64-bit OS’s will need to be updated as well since the flaw is vulnerable on x86-64 hardware.
The specific details of the flaw are under NDA but industry sources believe that Microsoft should have a fix rolling out in its upcoming Patch Tuesday release. The fix has been beta tested in recent Windows 10 Insider releases since November of 2017.
As for Linux users, there are patches for the Linux kernel available now.
Obviously, this puts a damper on Intel’s presence in hardware ahead of CES as well as its battles against AMD and Qualcomm going into 2018.
For the conspiracy theorist in you, it’s also interesting to note that Intel CEO Brian Krzanich sold a heap of stock as recently as November 29th, just ahead of this big security flaw. Just saying.Further reading: AMD, Intel, Linux, Mac, Microsoft, Qualcomm