Welp: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
> Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down.
> A spokesperson for Intel was not available for comment
Weren't they now.
@rysiek that article is so misleading and ambiguous that i literally cant even. I assume their talking about the MMU timing attack from CCC? That affects EVERY architecture tested. Table look up timing attacks are a thing
@Fuego It is not clear to me what they are referencing. Their analysis seems fine-ish to me, based on available info. I mean, the bug is under embargo, AMD claims it's not affecting their CPUs... lying about that would be a really bad idea.
What are the misleading parts?
@Fuego @rysiek The original blog post is way better written than The Reg's breathless ripoff of it.
http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table
@rysiek The patches look like they are protecting against the mmu attack only for kaslr when it is useless anyhow and not user space aslr where it is useful.
It is NOT paging out the kernel. This attack is present in amd but not across rings.
The entire article is a fuck. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf
@Fuego thanks!
@rysiek it seems like they are mistaking an attack that tells you only if a page happens to be mapped or not at a given virtual memory address with an arbitrary kernel memory peek. The attack is the former and not very severe or useful.
@rysiek I’m implying they have no idea what the consequences and probable fixes are of the bug not that they are lying. If they are referencing the MMU timing attack which much of it makes me think they are, then the misleading parts are all of it.
They way they portray it is nonsensical. They dont understand when kaslr is and is not useful....