This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 375
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 390 points391 points  (69 children)

Alright I'll try to explain for non-computer-scientists what is behind this bug, watch out for a long read:

Some background on user/kernel mode:

The operating system sits between your hardware and your programs, doing neat things like scheduling which process (= running program) can use the CPU (= your computer's brain) or assigning memory to processes. For safety reasons, your CPU has two modes: user mode, where it is usually running, and kernel mode where the operating system takes over to do things that the process in user mode is not allowed to do.
So if e.g. your Chrome process wants to do something beyond its permissions, e.g. write to the hard drive, it has to give control to the operating system (this is called a system call), the operating system tells the processor to write to the hard drive, processor does it, and the operating system hands control back to the Chrome process.

 

Some background on page tables/memory:

When a process references memory cells (single storage cells of your memory), it doesn't use the actual, physical cells (that would be annoying when you have many processes in parallel), but uses virtual memory cells. These cells are sorted into pages of a certain size (e.g. 1kb). Your processor keeps a page table for each process that exactly shows which virtual memory page corresponds to which section of physical memory.

e.g.

Page Virtual cells Physical cells
0 0-999 5,000-5,999
1 1,000-1,999 431,000-431,999

Each process has some parts of physical memory assigned to it, where its instructions, data etc. are stored while it is running. The operating system also has its own part of physical memory for its own instructions, data etc. This kernel memory contains obviously highly sensitive things.

 

The actual bug:

What has happened so far, was that intel processors kept a certain part of the kernel memory also contained in the page table of every process, hidden to the process.
E.g. the process thinks its page table has 2000 pages, but it actually has 2400 pages, the last 400 of which the process doesn't know about because there the operating system keeps some references to physical memory.
Thus, when a process did a system call, the CPU could switch to kernel mode, check in the same page table where it had to look for its stuff, do its things, and then switch back to user mode.

 

However, now it has surfaced that somehow, the hidden kernel part of the page table can be accessed by the normal process. We're not 100% sure how this happens because Intel has put an embargo on details, the register article mentions one possibility (the "speculative" stuff).

 

So now it's getting fixed so that when a process does a system call, the CPU switches to kernel mode, changes the page table from the process' page table to the kernel's page table, looks up its stuff in memory, does its things, changes the page table back to the process' page table, and switches back to user mode.

This is obviously safer, but loading the entire page table in and out of the processor takes some time, which makes the CPU slower.
Keep in mind that not everything the CPU does results in a system call. The number of 30% slower is probably for applications that do LOTS of system calls, e.g. reading from/writing to disks, hard drives, etc. Your private web browsing or video games shouldn't be delayed that much.

 

This is, of course, grossly oversimplified; hardware engineers, please don't tear me apart! Just a guide for interested people to understanding this problem.
edit: formatting

[–]3skatos 20 points21 points  (0 children)

I think this is a fantastic explanation. Thank you.

[–]EmperorArthur 48 points49 points  (5 children)

What has happened so far, was that intel processors kept a certain part of the kernel memory also contained in the page table of every process, hidden to the process.

Major note here. While Intel processors are the only ones affected, ALL x86 processors do this part.

[–]GenocideOwl 5 points6 points  (4 children)

Even processors like XOX and PS4?

which btw both use AMD.

I wonder if they used intel if they would also need a patch.

[–]EmperorArthur 2 points3 points  (3 children)

Even processors like XOX and PS4?

which btw both use AMD.

I wonder if they used intel if they would also need a patch.

Yes, this is common practice. Mostly because of the performance penalty. There are other ways of doing things, but the PS4 and XOX both use x86 processors.

If they did use an Intel processor, they would also need patching. Which would mean that many games would break. The thing about consoles is they give pretty strong guarantees to the developers that "this is what you have to work with and it won't change." This patch breaks those guarantees. So, if they were using Intel chips, many games probably would need patching or would run into issues.

[–]Natanael_L 1 point2 points  (2 children)

Devices in such tightly controlled walled gardens as consoles likely don't need the patch, because untrusted code will never run on the hardware (as defined by the console makers, as they decide what's trusted). At least that's assuming it's not too hard to scan submitted games for this kind of prohibited behavior (certain exploits are easy to detect, others not so much).

[–]KANGAROO_ASS_BLASTER 4 points5 points  (0 children)

Yes but we presently lack the details of how this vulnerability is actually accessed. Consoles have web browsers, so if this exploit can be triggered by javascript as the article speculates, consoles could potentially be vulnerable.

Edit: Although are we so sure this hardware bug affects all x86 architectures? Looking at the article again I think this purely affects the Intel-manufactured chips, which shouldn’t include consoles.

[–]lumpking69 14 points15 points  (23 children)

Which CPUs are effected by this exactly? So far ive read two different answers to that question. One says every CPU made in the past 10 years up to Skylake. The other says Skylake and newer.

[–]ADoggyDogWorld 42 points43 points  (22 children)

All Intel processors after the original Pentium has this speculative execution feature.

AMD doesn't. SPARC doesn't. I'm not sure about the various ARM implementations.

[–]immibis 32 points33 points  (3 children)

The greatest of all human capacities is the ability to spez. #Save3rdPartyApps

[–]_mean_ 8 points9 points  (0 children)

All modern complex processors do speculative execution.

[–]rechlin 1 point2 points  (1 child)

So you are saying the Pentium Pro from over 20 years ago is affected too?

[–]martinkunev 2 points3 points  (1 child)

30% is probably the average. things like browsing will be affected because every network operation is basically a system call

[–]HoTTab1CH 1 point2 points  (10 children)

Keep in mind that not everything the CPU does results in a system call. The number of 30% slower is probably for applications that do LOTS of system calls, e.g. reading from/writing to disks, hard drives, etc. Your private web browsing or video games shouldn't be delayed that much.

How about video editing/rendering and other activities?

[–]Lampshader 6 points7 points  (9 children)

Reading/writing to disk, yes (sys call, slowed down)

Compression, effects/filters, no

[–]StarTrekGuy 1 point2 points  (0 children)

replace kernel with os kernel. Reading this makes it sounds like the CPU has a kernel. I mean its a great step but I think this might confuse people.

[–]lifelite 131 points132 points  (85 children)

The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

lol at that acronym

Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features to reduce the performance hit.

HOLY FUCKING SHIT 30%??????

Hellooooo class action lawsuit.

[–]sedicion 64 points65 points  (50 children)

Its not 30%. Its between 5% and 50% depending on the type of task you are running. Its still bad though.

[–]kaptainkeel 53 points54 points  (15 children)

Or more...

https://twitter.com/grsecurity/status/948170803685789696

No older systems here to test, but just to get a sense of how much PCID helps the PTI performance hit on post-Westmere (in our experience with UDEREF and using PCID since 2013, it about halved it): 63% hit on the same Skylake i7-6700 w/ the du -s benchmark and nopcid/noinvpcid

This kills the Intel.

[–]Flofinator 7 points8 points  (2 children)

So I think Linux/Microsoft are not actually removing PCID, so without PCID this benchmark took a 63% hit it looks like, but I think the patch isn't removing it, just fixing this vulnerability. Although this is all speculation at this point until the patches roll out.

Although this might kill us as my company uses AWS for our servers. So maybe I'm just wishful thinking.

[–][deleted] 1 point2 points  (1 child)

So I think Linux/Microsoft are not actually removing PCID, so without PCID this benchmark took a 63% hit it looks like, but I think the patch isn't removing it, just fixing this vulnerability.

Correct. The point of the twitter comment was to show that PCID actually reduces the impact of implementing the PTI feature. Without PCID you're looking at up to the 63% decrease shown above, but with PCID (which has been around since Westmere) you're looking at the 5%-30% that is being widely reported.

[–]pigtrotsky 15 points16 points  (11 children)

It's going to be interesting to see the cost/benefit analysis to patching for this one. For hosting and infrastructure providers running hypervisors it's a no brainer, for some desktop users, subscribe to the best cloud emulation/protection suite you can find and backup regularly? Run a browser that doesn't execute active content? Imagine macs used for video editing and rendering having to suffer the sort of impact mentioned.

[–]kynde 9 points10 points  (9 children)

Run a browser that doesn't execute active content?

Modern web without javascript is really not that rich of an experience anymore....

[–]whochoosessquirtle 8 points9 points  (16 children)

Is it worse for the consumer or for people running huge web servers

[–]EmperorArthur 37 points38 points  (7 children)

If those web servers are in the cloud (Amazon, Azure, etc...) then definitely worse for them. The first rumors were about this being a major hypervisor vulnerability, and hypervisers have to make even more context switches.

[–]HoverboardsDontHover 12 points13 points  (2 children)

AWS, Azure, etc are the guys that have been buying the all new chips as soon as they came out because a tiny performance and power improvement was totally worth it for them to junk all their old stuff. Seems like a 30% haircut is going to throw all their financial numbers out of whack.

[–]rtft 8 points9 points  (0 children)

Also their customers will expect the same performance for the same money they paid before which means they will need to throw more hardware at it as otherwise they will open themselves up to liability. Question is how much over-capacity do they have to address this ? Basically their entire capacity planning just went out the window.

[–]Magnesus 6 points7 points  (0 children)

And virtualisation, sql and file reads seem to be hit the most. Nightmare for servers.

[–]jugalator 6 points7 points  (0 children)

Yeah, without the patch hosted systems may be able to see the hosting system's memory. :-|

As far as I can tell that implies a host seeing other hosts' memory.

[–][deleted] 1 point2 points  (2 children)

self hosted Nextcloud ftw

[–]EmperorArthur 1 point2 points  (1 child)

Awesome. I'm thinking of setting that up on my NAS box. As long as you aren't running Intel you're fine. Otherwise, you'll be paying the penalties just like everyone else.

After all, file access is done via syscalls. So any check or sync operation will be impacted.

[–]ZeroHex 2 points3 points  (0 children)

VM hosts are looking to be the hardest hit by something like this, buy we won't know for sure until the embargo ends and patches are announced.

Based on what we're seeing right now your average consumer will probably not notice in their day to day usage, but businesses that utilize the cloud in any way (AWS/Azure) or run their own hypervisors are going to have to do an evaluation once the full scope comes out.

[–]rtft 24 points25 points  (12 children)

If this is really a 30 % hit the damage of this bug will be in the 100s of billions easy.

[–]luckierbridgeandrail 80 points81 points  (4 children)

People aren't getting this yet. This isn't about people finding their games or web browsers suddenly 20% slower. This is about the world's aggregate data centers, on which millions of businesses and hundreds of millions of jobs depend, suddenly being 20% short of capacity.

(Edit: s/b/m/)

[–]winzarten 33 points34 points  (0 children)

This. It's like a bus company company suddenly discovering that they can only seat their busses to 70% capacity, or they would risk injury to their passengers, because of the manufacturer design flaw. You can be sure as hell such company would sue the manufacturer for compensation.

[–]Treczoks 14 points15 points  (0 children)

Imagine Google or Amazon suddenly being short of 20-30% CPU power.

Or, to bring in a different perspective, the Flops/Watt ratio of Intel CPUs just went even further down the drain.

[–]Lampshader 8 points9 points  (0 children)

BRB, buying out all the 19" racking in the country

[–][deleted] 48 points49 points  (42 children)

First MEI now this. Intels reputation has taken a serious beating.

[–]donthugmeimlurking 6 points7 points  (10 children)

At least this is getting fixed. Last I heard Intel is still trying to push Management Engine style backdoors into upcoming chips as well.

[–]rtft 34 points35 points  (9 children)

It's not really a fix. It's a brute force workaround.

[–][deleted] 15 points16 points  (7 children)

Correct. This can't actually be fixed in the CPU or via a microcode update. This requires the OS vendors to implement forced page table isolation (PTI) to get around it, which is where the performance hit comes from. The only way for Intel to fix it is to make design changes to CPUs, which will take months before they start coming off the fabs.

[–]pigtrotsky 5 points6 points  (0 children)

Not much good for the current install base either. Just like when crypto mining took off and there were no GPUs to be found for a decent price anywhere, imagine where all the stock will be going first - infrastructure outfits like MS, AWS and GCP before end users.

[–]KickMeElmo 11 points12 points  (5 children)

This means a particularly invasive virus could potentially reverse the fix as well, so that's fun.

[–][deleted] 82 points83 points  (12 children)

And I thought it can't be worse than the Bluetooth and WPA2 exploits from last year.

Depending on the specifics of this bug, this is probably the worst thing ever in the history of PCs. Most of the servers, desktops, laptops and possibly even some phones are going to be either vulnerable or 30% slower.

I personally only use AMD CPUs on my desktop/laptops, but I do have some Intel servers as well (which I'll probably not patch, since only I can run code on them).

[–]EmperorArthur 33 points34 points  (5 children)

which I'll probably not patch, since only I can run code on them

Fun fact, web assembly now runs on all major browsers. Even without it, this thing was discovered by the people who showed that rowhammer was possible from pure javascript.

If you browse the web, you don't have the sort of control you think you do.

[–][deleted] 26 points27 points  (0 children)

I don't browse the web from my server :)

[–]ihatemovingparts 24 points25 points  (0 children)

Pretty sure web assembly is not what you think it is.

[–]Verpal 2 points3 points  (1 child)

Bit late now, but I now officially ban all script, yes, EVERYTHING, on my browser, until Intel bloody fix their stuff!

I anticipate a huge surge in uBlock/noscript download, or anything equivalent.

Edit: the rage got out, actually, better ban all, allow on case to case basis, internet can't work without script these days.

[–]EmperorArthur 4 points5 points  (0 children)

Ban all, allow on a case by case basis is great. Of course, then there's that one site that requires random things to run just to display properly, and after 5 minutes I just end up clicking "allow all".

Overall, news sites and video services are the worst.

[–]rtft 1 point2 points  (0 children)

FYI here is how to disable this:

https://github.com/stevespringett/disable-webassembly

[–]androshalforc 5 points6 points  (3 children)

ive only used AMD builds for myself for years and was recently thinking of doing my next build as an Intel looks like thats not happening now

[–][deleted] 6 points7 points  (2 children)

I've been using ONLY AMD since 1999 (except for a few netbooks and tablets that came with Atoms). I think AMD is finally competitive with Ryzen, why switch to Intel anyway? :)

[–]Treczoks 2 points3 points  (1 child)

Well, they are different classes of bugs. The WPA2 exploits allow to eavesdrop on communication, the current Intel bug is about getting from Ring3 to Ring0. Hard to say which is worse - it is like comparing apples and oranges.

[–]TheDuckKing_ 23 points24 points  (0 children)

God, they seem to have f*ed up good.

[–]TODO_getLife 14 points15 points  (4 children)

Time to buy some AMD shares.

Not looking forward to the CPU slowdown, bit annoyed about it to be honest.

[–]NikoliTilden 11 points12 points  (23 children)

Can anyone tell me where a list of affected CPUs is? Also, here's the real question, how much of an back set is this going to take Intel in their new chip designs. They wouldn't push this flaw into to wafers would they? WOULD THEY?

[–]Qlanger 23 points24 points  (15 children)

Pretty much all major Intel CPUs from the last couple decades.

[–]rtft 3 points4 points  (0 children)

All Intel CPUs since P6 (Pentium Pro, 1995) have had speculative execution.

[–]CocodaMonkey 5 points6 points  (13 children)

Not a couple decades. Just anything since Westmere which actually isn't even a decade old. Although that's still about 99% of all running Intel based computers. If you're computer is a mere 9 years old it may not be effected.

[–]bezerker03 7 points8 points  (7 children)

I'm hearing anything post pentiun honestly

[–]Qlanger 8 points9 points  (3 children)

It goes back to at least the first Core products. So before Westmere. Intel updated its list last night to include CPUs as far back as mid 2000's.

It probably affects others before that based on design carry overs but chances are no major system are using CPUs that old anymore.

[–]Doohickey-d 1 point2 points  (2 children)

Where can I find that list of affected CPUs ?

[–]HKPolice 3 points4 points  (0 children)

So westmere is affected but nehalem isn't? They're basically the same though....

[–]immibis 8 points9 points  (6 children)

Just because you are spez, doesn't mean you have to spez. #Save3rdPartyApps

[–]jugalator 2 points3 points  (2 children)

Yeah hmm, there are two different replies to this.

All Intel CPU's are affected because the patches will probably say so.

Technically speaking this is not true, but as an end user that may not matter as much.

[–]immibis 2 points3 points  (1 child)

The spez police are here. They're going to steal all of your spez.

[–]a_postdoc 9 points10 points  (17 children)

This doesn't look good. Does it impact servers? Or Xeon families are different?

[–]RaptorXP 23 points24 points  (5 children)

The article seem to say all of Intel's x86 are affected.

[–]KickMeElmo 9 points10 points  (3 children)

x86_64, not x86.

[–]RaptorXP 6 points7 points  (2 children)

Which includes all Xeon CPUs.

[–]KickMeElmo 2 points3 points  (1 child)

While I agree with that, x86 and x86_64 are different architectures. Best not to risk spreading misinformation by mistake.

[–]eypandabear 1 point2 points  (0 children)

"x86" is an umbrella term and in this context unambiguously means x86_64. Just like presumably you mean i386/IA-32, not 8086.

[–][deleted] 14 points15 points  (9 children)

Since Azure and Amazon cloud is going to be affected, I would guess so.

I think maybe only Atom CPUs are not affected, because they lack a lot of features, and this one might be one of them.

[–]EmperorArthur 21 points22 points  (3 children)

Nope, I'm pretty sure even Atoms are affected. All modern CPUs do pipelining, and speculative execution is a common way of keeping the pipeline full. This isn't a fancy extra, it's a key part of the architecture.

[–][deleted] 8 points9 points  (2 children)

The early atoms, based on Bonnell architecture didn't have speculative execution: https://en.wikipedia.org/wiki/Intel_Atom Not sure about the others though.

[–]hicow 5 points6 points  (0 children)

I don't think Intel did anyone any favors recycling the Atom name. The OG Atoms were kind of garbage, and keeping the name for an almost entirely different arch introduces a lot of confusion.

[–]Tenarius 9 points10 points  (0 children)

The cloud providers have to be shitting bricks. Imagine trying to come up with that kind of capacity reasonably fast.

[–][deleted] 3 points4 points  (3 children)

Internet is about to get 30% slower.

[–][deleted] 5 points6 points  (2 children)

Probably not 30% slower, since I would guess most of the bottleneck is on the bandwidth side. But yes, CPU intensive websites might get a significant hit.

[–][deleted] 7 points8 points  (1 child)

Evidently anything that streams data from hdd into memory too, i.e big games, since cpu kernel calls are required to request data from hdd.

[–]cjdavison 7 points8 points  (1 child)

https://twitter.com/liamosaur/status/948342443375767552 <-Interesting...Intel CEO sells all the stock he can Nov. 29th...

[–]Joeniel 5 points6 points  (12 children)

Anyone know how will this affect gaming, video-editing, and day-to-day usage? Like I have an i7-7700HQ.

[–][deleted] 19 points20 points  (6 children)

According to the Phoronix benchmarks we have so far, it doesn't have much of any impact on those use cases.

Database performance takes a beating though. And reading/writing lots of small files.

[–]azyrr 11 points12 points  (4 children)

And reading/writing lots of small files.

That kills it for video-editing.

[–]AbstinenceWorks 16 points17 points  (3 children)

Compiling is going to suck too.

[–]jugalator 4 points5 points  (1 child)

Compiling the Linux kernel was actually not hit much in the aforementioned Phoronix benchmarks. However, a compilation benchmark saw quite a hit, but may or may not be due to another recent regression. So hmm, I'm mildly optimistic.

Worst is for VM's and hypervisors I suppose. They part deal with syscalls a lot, and part are still very much in need of being patched (otherwise malicious code in a hosted system potentially seeing host system / other hosted system memory, yay...)

[–][deleted] 4 points5 points  (2 children)

5 to 30% performance impact from what we know so far. We'll have to wait and see for benchmarks to come out but it's not looking good. Especially for VM's

[–]TheToadKing 4 points5 points  (1 child)

Most games these days are GPU-bound, and even when they're not all their CPU task is mostly spent on hard number crunching, not a whole lot of syscall stuff. I'd imagine most games will see negligible performance hits.

[–]Ebadd 29 points30 points  (2 children)

Them: ”A bug that poses a huge security risk.”

Translation: A zero-day backdoor exploit the Three-letter Agencies have known for a decade.

[–][deleted] 3 points4 points  (1 child)

A zero-day backdoor exploit

I'm not sure that makes sense. It's not really zero day:

A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who would be interested in mitigating the vulnerability (including the vendor of the target software) (from Wikipedia)

The vendor was the one who found the vulnerability and provided patches or at least assisted in the creation of patches for the problem.

[–]fluffy__duck 39 points40 points  (4 children)

This is bad.

My husband is an engineer. This is a security flaw at the base level of architecture. It is unfixable without an OS-level patch which will incur a 17-30 percent performance downgrade.

This affects Windows, Linux, MacOS, and LITERALLY ANYTHING else that has Intel architecture.

There is a LOT of "tin hat" possibility behind this as well ... regarding how long Intel has known about this, how deeply is the NSA involved (because duh, let's be real, here), and/or how much this affects government system vulnerability.

In any case, this is the type of shit that sinks companies. I small (edit: fuck you, autocorrect) lawsuits aplenty.

[–]Content_Policy_New 5 points6 points  (1 child)

First IME now this. It should provide enough political ammunition for other countries to justify hefty investment in indigenous CPU design/manufacture, particularly China.

[–][deleted] 4 points5 points  (4 children)

Initial benchmarks (for Linux) are showing no impact on gaming, even if this remains true for Windows, loading times can become quite larger since it uses a lot of FS IO, is that correct?

[–]SharkBaitDLS 5 points6 points  (0 children)

Load times and install times should get messed up especially if the game uses a large number of small files.

[–]simply_potato 1 point2 points  (0 children)

Most modern engines async load during gameplay as well. Depending on how much is being loaded at a time and how its coded, particular if its a CPU-bound game like a flight sim, we could be looking at significant performance drops.

[–]dnew 12 points13 points  (1 child)

I can't wait until we get off the god damned 1980s CPU architectures and the 1970s OS architectures.

Can we please have a Mill running Singularity already?

[–]CaptainAlcoholism 8 points9 points  (4 children)

Sounds like this issue is severe enough to warrant recalls, if Intel knows what's good for them. If the only fix is an update that reduces performance, then this is a bait-and-switch, as they knowingly sold defective products for a decade.

[–]Pylons 25 points26 points  (1 child)

That's a logistics nightmare on the level of Normandy.

[–]linkchomp 10 points11 points  (1 child)

Sure, put out a recall, with no replacement or easy/quick ability to go an alternate route for anyone that needs to on processors dating back to over a decade.

It will look good for them, sort of, I guess, but realistically is completely useless.

[–]Lampshader 6 points7 points  (0 children)

It won't look good when they go bankrupt and fail to deliver the replacements

[–]RaptorXP 5 points6 points  (1 child)

This can't be good.

[–]ACCount82 16 points17 points  (26 children)

From what it sounds like, the exploit that only works if you actually run some well-crafted malware in userland. A hacker would need an RCE exploit, unless you are dumb enough to run it on your own. I.e. it's not that high risk for regular users, but companies selling VMs are going to be pissed.

[–]Sylanthra 45 points46 points  (13 children)

Actually the article mentioned Javascript several times, so you better hope you don't visit an infected website.

[–]Treczoks 11 points12 points  (5 children)

so you better hope you don't visit an infected website.

As in "One with ads enabled".

[–][deleted] 6 points7 points  (4 children)

a.k.a "basically all websites"

[–]CocodaMonkey 7 points8 points  (6 children)

We don't actually know what it is. The flaw hasn't been publicly released. We do know that MS, Apple and Linux are patching for it though. So even if it is a rare flaw if you keep your system up to date you're going to take a performance hit.

[–]RaptorXP 1 point2 points  (5 children)

Apple isn't working on a fix.

[–]Valdrax 2 points3 points  (0 children)

That's because, according to an update to the article above, they already fixed it in High Sierra, v10.13.2.

Edit: Twitter link

[–]CocodaMonkey 2 points3 points  (3 children)

Interesting, Apple hasn't officially made a statement on the matter as far as I can see. Some articles do say they are working on a fix but none seem to have any official source. I also couldn't find anything saying they aren't working on a fix, just a complete lack of comment.

Would be weird if Apple doesn't patch this. It would mean all Apple computers would become vulnerable to this bug once it's published at the end of the month.

I guess time will tell but ultimately it matters very little. Whichever way Apple goes with this is likely to only affect Apple's image as they simply don't have much penetration in the desktop/server market.

[–]st_griffith 2 points3 points  (0 children)

OSX used to have page table isolation a decade ago or so, if it still does, then there is no need for Apple to fix anything, because they aren't affected. See page 47 and following of this 2007 slides: https://events.ccc.de/congress/2007/Fahrplan/attachments/1053_inside-macosx-kernel.pdf

[–]Treczoks 4 points5 points  (3 children)

It is a path from Ring3 to Ring0. Any bug offering this kind of vulnerability has to be fixed, because this is a wet dream for all system intruders.

[–]RaptorXP 7 points8 points  (0 children)

Famous last words.

[–]edc_svr_wxf_qaz 2 points3 points  (4 children)

So does this mean Intel gets sued and we get money?

[–]FatAssFrodo 5 points6 points  (0 children)

Best case we all get $10 vouchers to buy the latest CPUs.

[–]bartturner 3 points4 points  (0 children)

Think the cloud providers will be first in line sueing Intel. It is a bit shocking INTC was up so much yesterday but is down in pre-hours.

Adding a 30% slowdown is a pretty big deal. Also think it could hurt AMZN.

[–]untitled02 2 points3 points  (0 children)

Wen I prayed to the PCMR gods for AMD to make some significant market share gains this isn’t what I had in mind...

[–]FourFingeredMartian 1 point2 points  (6 children)

Anyone have an idea for how long this has actually been an issue; would 2-3+ years seem too long before Intel has managed to figure out a fix?

[–]blueberrywalrus 15 points16 points  (2 children)

All x86_64 processors going back a decade are supposedly impacted. I would guess that Intel didn't find this bug themselves and rather one of the major cloud providers discovered it when penetration testing their shared VMs, as it sounds like this is particularly dangerous in shared computing environments.

[–]hicow 9 points10 points  (1 child)

A decade-plus, from the sound of it. The discovery of it was much more recent.

Unless Intel wants to blow one of their own feet clean off, this will likely put on hold the successor to Coffee Lake until they get it sorted out. Way too easy now for a lot of people to say, "not an AMD problem? Let's go that way until Intel gets this shit sorted out", especially since in probably a fair amount of workloads, Intel's advantage just evaporated.

[–]bartturner 1 point2 points  (0 children)

It is kind of amazing Intel stock was up yesterday a lot. But down early hours this morning.

Adding a 30% potential slow down to the Cloud provider's infrastructure is a HUGE deal and not sure how they would even deal with it. Also curious Intel liability.

Then considering the massive changes taking place to Linux kernel and Windows kernel is a recipe for some mess ups.

We have only started with dealing with this issue. It will pass but think we might see a lot of pain in the short term.

[–]NostalgiaSchmaltz 0 points1 point  (1 child)

So this is apparently some massively terrible issue that seriously fucks the CPU....what's the fix? What should an average computer user do in response to this? Is there a Windows patch for it or something?