Basically the error can allow low level programs to take over the kernel, with a result kind of like that scene in Raiders of the Lost Ark when they open up the ark.
There is a fix, but it involves changes to the operating system that causes a significant performance hit, and Linux developers were unamused:
2) NamespaceAs near as I can figure out, Intel's claim that this is, "Not a bug," and this appears to be true.
Several people including Linus requested to change the KAISER name.
We came up with a list of technically correct acronyms:
User Address Space Separation, prefix uass_
Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix f%$#wit_
but we are politically correct people so we settled for
Kernel Page Table Isolation, prefix kpti_
Linus, your call :))
This appears to be a direct consequence of their attempt to boost processor performance in their competition with AMD, which appears not to be vulnerable to the "KPTI" bug, also called "Meldtown".
However, it does appear that speculative execution in general creates a whole host of potential (though thankfully more difficult) exploits across a much wider range of processors. (This one is called Spectre).
I'm beginning to think that it is time for a major change in CPU architectures.
No comments:
Post a Comment