'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

[zappaDPJ]

A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features – such as PCID – to reduce the performance hit. Your mileage may vary.

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

I regularly run processes that take well over 48 hours to complete. A 30% slowdown there would be somewhat noticeable. 5% I can live with.

 

[LeadCrow]

A stark reminder of why a single vendor's defacto monopoly leads to stagnation.
Processors are already fast enough for every use, software and videogames needs to slim up instead of masking inefficient code paths behind raw processing power demands.

 

[Klaatu]

A stark reminder of why a single vendor's defacto monopoly leads to stagnation.
Processors are already fast enough for every use, software and videogames needs to slim up instead of masking inefficient code paths behind raw processing power demands.

Apparently AMD and ARM processors are also vulnerable to this. I recently built a new computer, I went with Ryzen and I was patting myself on the back this morning for my decision after reading the Intel news, but now it seems like I might be screwed as well.

https://www.cnet.com/how-to/how-to-...roid-ios/?ftag=COS-05-10aaa0b&linkId=46552942

 

[eva2000]

Spectre and Meltdown https://spectreattack.com/

 

[zappaDPJ]

What I find slightly concerning about these vulnerabilities apart from the possibility of losing computing power to a fix is a) this information was not supposed to be public domain until fixes were made available to affected systems and b) now that it is in the public domain and exploitable there appears to be no way of knowing if a system has been compromised.

 

[eva2000]

Apparently Google discovered the flaws last year and there was a planned news announcement on Jan 9th, 2018 but it was leaked earlier than planned https://techcrunch.com/2018/01/03/googles-project-zero-team-discovered-critical-cpu-flaw-last-year/

The Google Security team wrote that they began taking steps to protect Google services from the flaw as soon as they learned about it. If you’re wondering why they didn’t tell the public about it as soon as they learned about it, it’s because there was supposed to be a coordinated release coming up next week (on January 9th). When the news leaked, Google, Intel and other interested parties decided to release the information to end speculation.

 

[zappaDPJ]

The Financial Times which I can't link because it sits behind a pay-wall has the following main headline on today's front page; 'Companies warned to replace all hardware or risk 'Spectre' attack.'

 

[dethfire]

So all of our servers could take a 30% performance hit just to patch Meltdown? How are people not freaking out about this? Intel stock not being affected. AMD is a little bit. But what other choice do we have?

 

[LeadCrow]

our servers could take a 30% performance hit just to patch Meltdown? How are people not freaking out about this?

Patching a major security vulnerability waiting to be exploited is worth the hit.
After it's resolved, the only issue is that you'll be getting less bang for your buck or overpaying, but I assume cloud providers will adapt their pricing globally after the longterm impact is quantified.

what other choice do we have?

ARM servers perhaps. Theyre not as powerful as x86 machines, but consume much less energy in general.

 

[dethfire]

ARM servers perhaps. Theyre not as powerful as x86 machines, but consume much less energy in general.

ARM processors aren't immune from what I gather. Have you read differently?

 

[LeadCrow]

Meltdown and the fix's performance hit appear limited to x86/Intel chips.

If the cost efficiency of x86-based servers is drastically affected, lower-power ARM chips will make sense for special workloads. The more likely outcome is vendors adapting their prices to the situation and passing down lesser savings from their operating cost.

 

[zappaDPJ]

Patching a major security vulnerability waiting to be exploited is worth the hit.

Having seen a couple of people (one apparently working for Google) pulling sensitive data from a server via one of these vulnerabilities I agree. It certainly didn't seem to take much effort. I've just had a Windows 10 update so hopefully the patches are already being rolled out.

 

[Joeychgo]

 

[Joeychgo]

I didn't think this would take long...

Intel facing class-action lawsuits over Meltdown and Spectre bugs

 

[Karll]

ARM processors aren't immune from what I gather. Have you read differently?

Meltdown and the fix's performance hit appear limited to x86/Intel chips.

The way I read the news articles was that while Meltdown was limited to Intel, the Spectre flaw/vulnerability was present in ARM as well as Intel and AMD.

Edited to add:

Which systems are affected by Meltdown?
[...] At the moment, it is unclear whether ARM and AMD processors are also affected by Meltdown.

Which systems are affected by Spectre?
[...] In particular, we have verified Spectre on Intel, AMD, and ARM processors.

From: https://spectreattack.com/

 

[Alpha1]

My hosting company has updated/patched the OS on my servers on the 4th. I wonder how fast other hosting companies are taking action.

 

[Paul M]

My VPS instances on Ramnode were rebooted yesterday because of the host servers being patched.

 

[Paul M]

The microsoft fix for Spectre seems to have badly affected some machines with AMD processors.

https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/

 

[Alpha1]

KB4056892 is not your friend if you run an Athlon

 

[Matthew S]

My VPS hosts have applied patches.

Has there been any word on hardware releases from Intel et al, or at least what is safe to buy new at the moment?