'Kernel memory leaking' Intel processor -- a serious cpu bug!?!

[justin3am]

The kernel fix for macOS that works around this bug in Intel CPUs is in macOS 10.3.2. That's what I said.

Perhaps you meant 10.13.2? 10.3.2 was released before there were Intel based Macs.

[EvilDragon]

Ah right. My bad!

[justin3am]

I do the same thing all the time. 10.3.2 was the latest version of Logic not long ago, so I'm always getting the two mixed up.

[donkey tugger]

This is nuts.

[pekbro]

Oh well, perfectly good excuse to build a new system a year or two earlier than I had planned. Hopefully,
Intel loses millions and is forced to pull their head out of their ass in the area of chip design by all this.

[jdnz]

You won't be able to opt out, if you have W10 Pro you can defer the update for up to 30 days, then pause updates for 35 more days, then you'll have to update it.

In online world, security trumps performance.

and lets not forget, in terms of security KPTI is th gold standard and what the kernels should have been running all along, the current system was ONLY chosen because of the impact on speed back when these decisions were made (back when the first x64 versions of linux and windows came out - so we’re probably talking xp64 in 2002!)

Personally I see the change as a good thing and something that should have happened years ago since the impact on modern cpus is managably low.

[nIGhT-SoN]

All Intel CPUs from the last 7-8 years are affected. It's a flaw in the x86-x64 hardware that, in simpler words, could let attacker to read memory, devices connected to the computer so it could simply steal your passwords, they could see everything you type etc. From what I've read, from many sources, the performance impact will be from 5% to 30%, depending on how complex is what you want to do and this is for sure on servers, that use specific software. There has been shown some benchmarks with SQL databases and the differences can be seen clearly.

We'll see in the next days how much will affect regular users, for gaming has been said won't affect much, dunno about music production. What the patch will do is give Kernel (core of the OS) more time to handle data, with other words it increases the latency between kernel and components.

https://www.youtube.com/watch?v=sJzLsyJmu9E

[jdnz]

I hope really it is all just dramatized because when i think in a worst case i get a new macbook pro (which i wanted to buy soon) with -30% performance, it´s useless compared to my current machine.
Lol, now i believe that iPads can replace a notebook.
Intel is slowing down the whole thing since years and now they let us go 2 steps back
But i hope still it´s all more theory and just fake news.

The Register likes to spin it’s stories to both match it’s main reader base (corporate / large scale IT people like me) AND also for maximum impact (“the world is ending, your servers are doomed!”)

would have been cool if they’d bothered to add a section explaining that on ‘normal’ desktop systems the impacts will be much much less, but single user systems isn’t really their thing

[EvilDragon]

BTW guys. Passwords generally aren't stored in kernel memory.

[bmrzycki]

https://nakedsecurity.sophos.com/2018/0 ... s-patches/

Now, modern Intel and AMD CPUs support what is called speculative execution, whereby the processor figures out what the next few instructions are supposed to do, breaks them into smaller sub-instructions, and processes them in a possibly different order to how they appear in the program.
...
In other words, the cache might act as a “telltale”, known as a side channel, that could leak secret information from inside the CPU – in this case, whether the privileged value of memory location K was odd or even.

ARM also posted patches to LKML https://lwn.net/Articles/740393/ adding config option CONFIG_UNMAP_KERNEL_AT_EL0.

This isn't a flaw in any instruction set, rather it looks to be a fundamental flaw in any mico-architecture that performs out-of-order execution. This is pretty much how every modern CPU with any computational performance works.

AMD's Ryzen does this too but I don't understand yet why they are supposedly immune. Everyone online is pointing to a single LKML patch as the "proof" that AMD isn't affected: https://lkml.org/lkml/2017/12/27/2 . I am not certain yet if this truly is the case.

My recommendation is to not purchase any new computing hardware until the security embargo has lifted and we know the full extent of what's going on.

[nIGhT-SoN]

BTW guys. Passwords generally aren't stored in kernel memory.

Aren't stored, but they are passing through the Kernel so some malware could simply look at your password passing through and send it who knows where. Almost everything is passing through the Kernel.

[jdnz]

Audio drivers, though, might be. We'll need to wait for benchmarks after the fix is rolled out on Windows (for macOS, that's already in 10.3.2.)

you’d have to be talking lots of channels (as on 24+ channels input) at very high sample rates AND small buffer sizes before the interrupt rate of any audio interface became enough to even measure

for DAWs that run each plugin in it’s own process the overhead of the context switching for that is many times greater (especially when multiplied by the number of plugins a project will have vs the number of channels in/out).

[EvilDragon]

AMD's Ryzen does this too but I don't understand yet why they are supposedly immune. Everyone online is pointing to a single LKML patch as the "proof" that AMD isn't affected: https://lkml.org/lkml/2017/12/27/2 . I am not certain yet if this truly is the case.

Why wouldn't it be the case?

[AnX]

Phew, glad i've always bought AMD

[nIGhT-SoN]

AMD's Ryzen does this too but I don't understand yet why they are supposedly immune. Everyone online is pointing to a single LKML patch as the "proof" that AMD isn't affected: https://lkml.org/lkml/2017/12/27/2 . I am not certain yet if this truly is the case.

My recommendation is to not purchase any new computing hardware until the security embargo has lifted and we know the full extent of what's going on.

Because AMD has a different design. Intel has a design flaw, that's the problem. You won't get this bug on every CPU that has the x86 instruction set, the problem is in the x86-x64 hardware, as Hardware Unboxed pointed out.

You recommend not buying any new computing hardware? What about the old stuff? This affects ALL INTEL CPUs that were released in like the last decade, not just the new ones, ALL OF THEM! So even if your CPU is 6 years old, it is affected by this.