[Beowulf] Intel CPU design bug & security flaw - kernel fix imposes performance penalty

Lachlan Musicman datakid at gmail.com
Wed Jan 3 00:59:39 PST 2018


The origin of the story is from here

http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table

L.

------
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor should we panic
about it. It is a shared consciousness that our institutions have failed
and our ecosystem is collapsing, yet we are still here — and we are
creative agents who can shape our destinies. Apocalyptic civics is the
conviction that the only way out is through, and the only way through is
together. "

*Greg Bloom* @greggish
https://twitter.com/greggish/status/873177525903609857

On 3 January 2018 at 19:46, John Hearns via Beowulf <beowulf at beowulf.org>
wrote:

> Thanks Chris.  In the past there have been Intel CPU 'bugs' trumpeted, but
> generally these are fixed with a microcode update.
> This looks different, as it is a fundamental part of the chips
> architecture.
> However the Register article says: "It allows normal user programs – to
> discern to some extent the layout or contents of protected kernel memory
> areas"
>
> I guess the phrase "to some extent" is the vital one here. Are there any
> security exploits which use this information? I guess it is inevitable that
> one will be engineered now that this is known about. The question I am
> really asking is should we worry about this for real world systems. And I
> guess tha answer is that if the kernel developers are worried enough then
> yes we should be too. Comments please.
>
>
>
>
> On 3 January 2018 at 06:56, Greg Lindahl <lindahl at pbm.com> wrote:
>
>> On Wed, Jan 03, 2018 at 02:46:07PM +1100, Christopher Samuel wrote:
>>
>> > There appears to be no microcode fix possible and the kernel fix will
>> > incur a significant performance penalty, people are talking about in the
>> > range of 5%-30% depending on the generation of the CPU. :-(
>>
>> The performance hit (at least for the current patches) is related to
>> system calls, which HPC programs using networking gear like OmniPath
>> or Infiniband don't do much of.
>>
>> -- greg
>>
>>
>> _______________________________________________
>> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
>> To change your subscription (digest mode or unsubscribe) visit
>> http://www.beowulf.org/mailman/listinfo/beowulf
>>
>
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20180103/378cdd31/attachment.html>


More information about the Beowulf mailing list