tl;dr: There is evidence of a massive Intel CPU hardware bug (currently under embargo) that directly affects big cloud providers like Amazon and Google. The fix will introduce notable performance penalties on Intel machines (30-35%).
People have noticed a recent development in the Linux kernel: a rather massive, important redesign (page table isolation) is being introduced very fast for kernel standards... and being backported! The "official" reason is to incorporate a mitigation called KASLR... which most security experts consider almost useless. There's also some unusual, suspicious stuff going on: the documentation is missing, some of the comments are redacted (twitter.com/grsecurity/status/947147105684123649) and people with Intel, Amazon and Google emails are CC'd.
According to one of the people working on it, PTI is only needed for Intel CPUs, AMD is not affected by whatever it protects against (lkml.org/lkml/2017/12/27/2). PTI affects a core low-level feature (virtual memory) and has severe performance penalties: 29% for an i7-6700 and 34% for an i7-3770S, according to Brad Spengler from grsecurity. PTI is simply not active for AMD CPUs. The kernel flag is named X86_BUG_CPU_INSECURE and its description is "CPU is insecure and needs kernel page table isolation".
People are speculating on a possible massive Intel CPU hardware bug that directly opens up serious vulnerabilities on big cloud providers which offer shared hosting (several VMs on a single host), for example by letting a VM read from or write to another one.
Ha ha looks like chinks smelled it ages ago and are busy stockpiling on EBYN.
Ayden Jones
>Intel lets VMs freely snoop each other What in the name of fuck. What. The fuck.
Dylan Wilson
So does this impact home users in any way? I run VMs for testing out my software and I'm using Fedora as the host OS. What now? Am I going to take a massive performance hit when using these VMs? I use them locally and I don't have any remote access to them set up. Does this impact the overall performance when using the host OS?
Really, what the hell? I'm about to buy one of those POWER9 workstations. They're expensive but I'm willing to pay more for shit that works.
Joseph Gomez
You won't be affected as long as your VMs are isolated. But anyway, buy AMD.
Jaxson Nguyen
>as long as your VMs are isolated And what does unisolated means ? How do you check that ?
Jaxson Price
>buying Intel which has hardware backdoors and now hardware bugs in them
Should've bought AMD instead son
Jace Myers
AMD also has backdoors (though it's a TrustZone implementation, aka not designed by retards at Intel).
