Infinisearch
Veteran
Does anybody know which CPU generation PCID and INVPCID were introduced? Those are the things needed to reduce the hit of the an KPTI implementation.
The AMD guy is pretty adamant.
His suggested code is literally IF Vendor ID != AMD THEN Force 'CPU Insecure mode'
Potentially most of them, although the broadness of the checks may be to hide the full range. Some of the proof of concept work in the papers over the last year or so included Nehalem and Sandy Bridge. TSX attacks are limited to Haswell and beyond.Which Intel CPU generations are affected by this?
P6 and onwards.Which Intel CPU generations are affected by this?
What's the source?P6 and onwards.
No-one has been able to reproduce any of the issues with AMD CPUs so far (not sure if they even tried, but I'd be surprised if they didn't)Page faults may not be required, is AMD CPU really immune to this?
Maybe?Page faults may not be required, is AMD CPU really immune to this?
Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed. Intel believes these exploits do not have the potential to corrupt, modify or delete data.
Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems — are susceptible to these exploits.
Basically this:https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
What are they talking about?
Several people including Linus requested to change the KAISER name.
We came up with a list of technically correct acronyms:
User Address Space Separation, prefix uass_
Forcefully Unmap Complete Kernel With Interrupt Trampolines, prefix fuckwit_
but we are politically correct people so we settled for
Kernel Page Table Isolation, prefix kpti_
Linus, your call
To be clear, the security research team identified three variants targeting speculative execution. The threat and the response to the three variants differ by microprocessor company, and AMD is not susceptible to all three variants. Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time.