Posted on Wednesday, January 03 2018 @ 10:13 CET by Thomas De Maesschalck
The hardware bug requires a software workaround and Intel is cooperating with Microsoft, Apple and Linux developers to address the exploit in upcoming patches. The fix for Windows is expected to arrive on Patch Tuesday, here's a bit of info about how the exploit works:
In a nutshell, the bug allows everyday programs to "illegally" access certain contents in protected kernel memory. The "fix", so to speak, is to implement Kernel Page Table Isolation (PTI), which, for all intents and purposes, makes the kernel invisible to running processes.The exploit is dangerous for companies and especially those that use virtualized environment and offer shared hosting services are at huge risk.
And now the bad news. It appears the extra mitigation layers may have a major impact on performance. As explained above, everything is still under tight wraps but especially things like IO-intensive workloads are expected to see a big drop in performance. Think a performance handicap of 17-18 percent, or even as high as 30 percent in some use cases.
HotHardware reports the patch may, at least initially, also impact the performance on AMD-based systems. AMD processors are not vulnerable but the Linux implementation of the patch treats all processors the same:
As it turns out, apparently the Linux patch that is being rolled out is for ALL x86 processors including AMD, and the Linux mainline kernel will treat AMD processors as insecure as well. As a result, AMD CPUs will feel a performance hit as well, though the bug only technically affects Intel CPUs and AMD recommends specifically not to enable the patch for Linux. How Microsoft specifically will address the issue with the Windows operating system remains unclear until the company's formal Patch Tuesday update is made known, hopefully soon.Perhaps Intel will be able to further optimize the code, but at the moment this looks pretty bad.
