Roger Oberholtzer wrote:
http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
* Affects all "modern" 64-bit Intel processors, though some newer "modern" chips might have some instruction to further limit potential impact * Fix in kernel software (Apple, Linux; Windows) instead of HW results in a 5-30% or 17-23% slowdown on EVERY system call * Not exploitable in itself, but could allow easier exploits against other kernel features like the library address space randomization. * need to be have a hostile program running on system to be abusable, including processes running in VM's, including many or most Cloud implementations (ex. Amazon EC2 and Google Compute Engine) ** side note: It doesn't appear developers are considering a "don't care" fix applicable where someone doesn't want a ~20% speed slowdown on syscalls and isn't running hostile code, even in a VM. This would apply to most non-cloud, end-user systems. * For good measure, similar software protections will be included on 64-bit ARM kernels as well; While AMD chips aren't affected by this bug, it's hard to see an update physically-splitting (instead of just virtually-splitting) all kernel & user code, only being applied against Intel and ARM (i.e. AMD chip-based systems may likely be affected by the slowdown due to the fix being applied across 64-bit kernels. -------- Of course, Intel hasn't stepped up to say they'll replace the faulty chips, which seem to be related mostly to Intel-specific chip speedups not in other chips (like Intel's "speculative execution" feature that pre-executes multiple branches of a conditional ahead of knowing which branch will be taken). Intel has a history of offering replacing HW or compensation for their chips being hit by a 20% perf-penalty in the field. Lovely... -l -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org