Intel CPU exposes huge security vulnerabilities, Linux users will be affected __linux

Today, foreign media (the Register) reported that there was a huge design flaw in Intel's chips, and that Microsoft and Linux kernel developers were scrambling to fix it. Security vulnerabilities will eventually be fixed, but patches will slow down the PC (and MAC) chip speed.

We don't know what the speed is going to be, but one developer says a 5% spin down is common-at least on Linux-and some tasks may slow down by as much as 30%.

　　What's going on?

We do not yet know the specifics of the security breach, as it has not yet been publicly disclosed. But we can infer a lot of things from the changes made in the Linux kernel, because Linux development is open. Microsoft is also making similar changes to Windows, which is now active in the internal preview. And Apple will be forced to make a similar change to MacOS.

Programs running on your computer have different levels of security permissions. The operating system kernel--such as the Windows kernel or the Linux kernel--has the highest level of permissions because it typically runs processes and provides interprocess communication. Desktop programs have fewer permissions, and the kernel limits their functionality. The kernel uses the hardware characteristics of the processor to enforce these limitations, because it is faster to use hardware than software.

However, Intel CPUs are having problems in some ways, and the hardware that enforces these restrictions is clearly not working properly. As a result, these restrictions need to be enhanced in the software (through the aforementioned patches) to ensure that less privileged programs are unable to access the places where they are restricted and do not allow them to "see what they should not see".

So, in the worst case scenario, even JavaScript code that runs in a Web browser can go deep into the kernel and access content that it should not access. The ongoing repair work will eventually make it impossible to escape the restrictions. Unfortunately, putting these extra patches in the right place means that some of the operations will become slower than they are now.

AMD's hardware is unaffected. This change (and the likely slowdown) will only affect systems that have Intel chips installed.

We don't know all the technical details until the official post is posted.

　　how much slower will my computer be?

We don't know how much of a impact this will have on the day-to-day use of PCs. Dave Hansen, a Linux kernel developer who works at Intel, writes that changes in the Linux kernel will affect everything. Dave Hansen Most workloads, he says, have a single-digit deceleration, probably down by 5%. In the worst case scenario, the speed of network testing is reduced by 30% because the tasks performed are different. The solution slows down system calls, so many system-invoked tasks, such as compiling software and running virtual machines, can slow down. But every software will use some system calls more or less.

These are the results of Linux, so they may not apply to Windows. The impact on Windows may be different, perhaps less, perhaps more. It is not clear how much effect this will have on the day-to-day use of computers.

But one thing is clear: your computer is definitely not going to get faster after you hit this patch.

　　when will the patch affect my computer?

The register expects Microsoft to release the patch publicly next Tuesday (i.e. January 9, 2018). These changes will appear in the upcoming Linux kernel version, and Apple may also make similar changes to MacOS in the near future.

While the performance shock sounds annoying, we strongly recommend installing these patches. Operating system developers generally do not make such a big difference unless the consequences are serious.