Roy
Well-known member
Bug très grave, affectera pas monsieur madame tout le monde tant que ça, mais le correctif peut imposer des pénalités de performance jusqu'à 50% pour tout ce qui demande des syscalls (bases de données, virtualisation, etc...), donc tout ce qui est entreprise va en manger une ostie, et les procs les plus récents qui sont pas affecté sont le Pentium original
Seul problème, on sait pas tout à cause du mur de NDA
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://www.bloomberg.com/news/arti...ter-rival-intel-said-to-reveal-processor-flaw
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1
https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1
Les Devs de linux ont pas l'air content, tiré de ça : https://lkml.org/lkml/2017/12/4/709
Un dev d'AMD qui en profite dans le LKML :
https://lkml.org/lkml/2017/12/27/2
Résumé sur reddit : https://www.reddit.com/r/pcmasterrace/comments/7nthay/a_quick_summary_of_the_current_intel_cpu_bug/
Seul problème, on sait pas tout à cause du mur de NDA
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
https://www.bloomberg.com/news/arti...ter-rival-intel-said-to-reveal-processor-flaw
https://www.phoronix.com/scan.php?page=article&item=linux-415-x86pti&num=1
https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1
Les Devs de linux ont pas l'air content, tiré de ça : https://lkml.org/lkml/2017/12/4/709
2) Namespace
Several people including Linus requested to change the KAISER name.
We came up with a list of technically correct acronyms:
User Address Space Separation, prefix uass_
Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix fuckwit_
but we are politically correct people so we settled for
Kernel Page Table Isolation, prefix kpti_
Linus, your call
Un dev d'AMD qui en profite dans le LKML :
https://lkml.org/lkml/2017/12/27/2
AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kernel/cpu/common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index c47de4e..7d9e3b0 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
fpu__init_system(c);
Résumé sur reddit : https://www.reddit.com/r/pcmasterrace/comments/7nthay/a_quick_summary_of_the_current_intel_cpu_bug/