Originally posted by phoronix
View Post
Announcement
Collapse
No announcement yet.
Linux Will End Up Disabling x86 PTI For AMD Processors - Update: Now Disabled
Collapse
X
-
Originally posted by Gerii View PostYou're mixing things up - although most coverage hasn't been clear on this either. PTI was initially developed to fix the side-channels which leak kernel address information (as discussed in the Blackhat talk) and thus make KASLR useless. These side-channels are possible on any CPU.
Originally posted by Gerii View PostKASLR in general is designed to make it harder for an attacker to exploit bugs in the kernel. The Blackhat talk you linked to only shortly discusses PTI without any optimizations as far as I can tell and talks about a performance hit of ~30%. I don't think Linus would have taken this massive performance hit just to save KASLR. A patch set with multiple optimizations has only been made public in October of 2017.
The bug we are talking about now however only affects Intel CPUs but seems to be much worse. According to reports it allows writing to kernel memory due to some bug in the CPU when doing speculative execution. There is no information on when it has been found, but I suppose it has been much later than Blackhat USA 2016.
Realy PTI is KASLR. So the PTI patches are KASLR fixed and fixing KASLR fixes the problem of userspace programs accessing kernel working memory on intel x86 processes that may or may not be properly read only. AMD MMU design does not have this issue since it automatically forbids lower ring levels accessing high ring level memory without assignment.
So this is the 2016 flaw that the PTI patches fix. How bad that 2016 flaw was missed because working memory turning read/write in kernel space had been overlooked.
According to reports it allows writing to kernel memory due to some bug in the CPU when doing speculative execution.
Yes there was a problem in 2016 of that only beats KASLR not considering that in the process of beating KASLR it was touching kernel space memory from userspace and that kind of sweep and mapping could be used to locate where DMA buffers and other items that change between read only to read write.
Basically 2017 it was worked out how bad that 2016 KASLR breaching bug really was. Yes the PTI patches are doing everything that is required to fix that 2016 bug not in fact fixing where the cpu set kernel space memory read/write instead of read only. If userspace can no longer access those blocks of memory the threat is neutralised. AMD MMU userspace code cannot do those attacks.
So the 30 percent performance hit that was talking about in that blackhat Intel cpu are having to take now and optimisations done to attempt claw back that performance loss.
- Likes 4
Comment
-
It seems NVidia users can't run the patched kernel. The patch changes a previously non-GPL symbol to a GPL one, and the nvidia module build fails:
FATAL: modpost: GPL-incompatible module nvidia.ko uses GPL-only symbol 'cpu_tlbstate'
Good times
- Likes 4
Comment
-
Originally posted by bsp2020 View Post
That SOB already sold all the shares he can possibly sell. https://www.fool.com/investing/2017/...-of-stock.aspx
Comment
-
Originally posted by MartinN View Post
Don't worry, if he knew of this crap, there's all kinds of claw back provisions for avoiding responsibility... I would think Intel's board is smarter than to let anyone, including Krzanich get away with any crap.
Have the Equifax execs that sold stock before the recent breach been charged with insider trading? I know DOJ said they'd investigate, but is anyone aware of any charges? (Even if Equifax ex-execs are charged, lots of other people in the past have been let off for lack of proof of something obvious - obviousness isn't legal proof)
That said, I hope he does get held legally responsible. Oh so bad.
- Likes 2
Comment
-
That is interesting Apple is usually slow with these fixes. It would be interesting to see if they have a work around that resolves the performance hit.
Originally posted by Awesome Donkey View PostLooks like Apple already fixed this (the first vendor to, actually) in macOS High Sierra 10.13.2 with more stuff added in 10.13.3 according to Alex Ionescu. If you can, you might want to try benchmarking macOS 10.13.1 to 10.13.2 to 10.13.3 beta and see what the performance hit is on macOS.
https://twitter.com/aionescu/status/948610973987831809
- Likes 1
Comment
Comment