The mysterious case of the Linux Page Table Isolation patches
https://goo.gl/5miAKf
tl;dr: there is presently an embargoed security bug impacting apparently all
contemporary CPU architectures that implement virtual memory, requiring
hardware changes to fully resolve. Urgent development of a software
mitigation is being done in the open and recently landed in the Linux kernel,
and a similar mitigation began appearing in NT kernels in November. In the
worst case the software fix causes huge slowdowns in typical workloads. There
are hints the attack impacts common virtualization environments including
Amazon EC2 and Google Compute Engine, and additional hints the exact attack
may involve a new variant of Rowhammer.
目前有一個禁用的安全漏洞影響到所有實作虛擬記憶體的現代CPU架構,
需要硬體變更才能完全修復。
軟體的緊急補救方案正在完成,近期內將會發布在Linux Kernel上,
另外還有一個類似的補救也從11月開始出現在NT(Windows)上。
軟體補丁在最糟的情況下會造成典型工作嚴重緩慢。
這似乎也隱示了針對虛擬環境包括Amazon EC2和Google Compute Engine的攻擊,
以及新變種的Rowhammer(藉由大量存取記憶體改變半導體內的電荷分布攻擊)。
放棄 字太多了