Monday, January 2nd 2017

Intel Secretly Firefighting a Major CPU Bug Affecting Datacenters?

There are ominous signs that Intel may be secretly fixing a major security vulnerability affecting its processors, which threatens to severely damage its brand equity among datacenter and cloud-computing customers. The vulnerability lets users of a virtual machine (VM) access data of another VM on the same physical machine (a memory leak). Amazon, Google, and Microsoft are among the big three cloud providers affected by this vulnerability, and Intel is reportedly in embargoed communications with engineers from the three, to release a software patch that fixes the bug. Trouble is, the patch inflicts an unavoidable performance penalty ranging between 30-35%, impacting the economics of using Intel processors versus AMD ones.

Signs of Intel secretly fixing the bug surfaced with rapid changes to the Linux kernel without proper public-visibility of the documentation. The bulk of the changes involve "kernel page table isolation," a feature that prevents VMs from reading each other's data, but at performance costs. Developers note that these changes are being introduced "very fast" by Linux kernel update standards, and even being backported to older kernel versions (something that's extremely rare). Since this is a hardware vulnerability, Linux isn't the only vulnerable software platform. Microsoft has been working on a Windows kernel patch for this issue since November 2017. AMD x86 processors (such as Opteron, Ryzen, EPYC, etc.,) are immune to this vulnerability.
Source: Reddit
Add your own comment

53 Comments on Intel Secretly Firefighting a Major CPU Bug Affecting Datacenters?

R0H1T said:
What's interesting is how this potentially disastrous flaw could affect old OS, ATM's anyone? Unpatched systems like win7 or older (govt)infrastructure & the much bigger financial sector could be at serious risk!
If someone is running vm code or uploading exes to atms, you need to work on a different kind of security.
Posted on Reply
Blo3der-Kuh said:
The german website Computer Base just posted some benchmarks including Assassin's Creed: Origins which is said to be quite CPU hungry because of it's "interesting" copy protection.

They are using the latest Win10 Insider build which has the fix enabled. The test system consists of an i7-7700K and an Asus GeForce GTX 1080 Ti Strix.

See screenshot below or this link for all benchmarks. As expected performance in AC only decreases when the CPU is the limiting factor (low details, high framerates). This could mean that the impact is a lot higher on lower performing systems (e.g. i3 or Pentium processors) where the CPU is the bottleneck.

Not really, the gap you see here is of no relevance and could be a dozen other things too. Its equal or 126 vs 122 FPS. I do not see the relation to AC Origins at all, either...

It would surprise me if there is a noticeable loss for gaming. This will hardly hit the consumer space.
Posted on Reply
As far as I can tell, it's not much of a secret at all, but I don't want to draw unwanted attention to something "under embargo". I made a private pastebin that I can point to later, that is time stamped today, for proof that I knew. ;-)
Posted on Reply
Add your own comment