Intel chips have a huge security flaw, and the fix will slow down Windows and Linux machines , II Severe Intel security issue may impact all Macs and Windows PCs , II AMD Faces Brutal Road in Early 2018 With Strategic Moves by Nvidia, Intel

A design flaw has been discovered in Intel chips that will require major changes to be made to the Windows and Linux kernels. While patches are being worked on -- and in the case of Windows Insiders, have already rolled out -- users of both operating systems can expect to experience something of a performance hit. macOS machines running on Intel chips are also affected.

Intel is -- for the moment -- remaining tight-lipped about the specifics of the flaw that has been unearthed, but it is believed to affected processors produced in the past decade. Developers are currently estimating that systems could experience slow downs of between 5 and 30 percent.

For Linux, work is underway in the open source community to patch the problem which affects the kernel's virtual memory system. Some patches have already been produced, but there's currently an embargo in place that means precise details of what's being patched are not being discussed. The embargo is due to lift this month, and there is speculation that it could come before, or coincide with, Microsoft's Patch Tuesday for January.

Although we don't know very much about the problem, we know that it is certainly something that could be exploited. The Register has been able to piece together a few snippets to give something of an overview:

[The bug] allows normal user programs -- from database applications to JavaScript in web browsers -- to discern to some extent the layout or contents of protected kernel memory areas.

The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.

Whenever a running program needs to do anything useful – such as write to a file or open a network connection – it has to temporarily hand control of the processor to the kernel to carry out the job. To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes' virtual memory address spaces, although it is invisible to these programs. When the kernel is needed, the program makes a system call, the processor switches to kernel mode and enters the kernel. When it is done, the CPU is told to switch back to user mode, and reenter the process. While in user mode, the kernel's code and data remains out of sight but present in the process's page tables.

Think of the kernel as God sitting on a cloud, looking down on Earth. It's there, and no normal being can see it, yet they can pray to it.

These KPTI patches move the kernel into a completely separate address space, so it's not just invisible to a running process, it's not even there at all. Really, this shouldn't be needed, but clearly there is a flaw in Intel's silicon that allows kernel access protections to be bypassed in some way.

The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel's overhead, and slows down the computer.

Your Intel-powered machine will run slower as a result.

AMD chips are, it seems, not affected. Tom Lendacky from the chip-maker said in an email:

AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.  The AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault.

Disable page table isolation by default on AMD processors by not setting the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI is set.

But the impact of the flaw is going to be widespread, as noted by software developer Python Sweetness:

There is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.

For now, though, all we can do is sit back and wait for more details to emerge.

AMD (AMD - Get Report) surged in late 2016 and early 2017 amid a wave of excitement about pending chip launches, only to see its shares then slump amid a giant tech rally as rivals launched counterattacks and some of its launches failed to live up to the hype.

Something resembling the opposite storyline could play out in 2018, at least as far as AMD's performance goes. However, much depends on the company's execution.

After rising over 400% in 2016 -- putting an end to bankruptcy fears and halting major revenue declines can do that for you -- AMD's shares continued rallying in early 2017 on enthusiasm about the pending launch of its Ryzen desktop CPU line, the first products based on AMD's next-gen Zen CPU core architecture. There was also some enthusiasm for the expected summer launches of AMD's Vega desktop GPU line and Epyc server CPU line.

Ryzen was hardly a dud: It left AMD on much better mid-range and high-end desktop footing than it has been in years, and the follow-up launch of the company's Ryzen Threadripper CPUs for enthusiast and workstation users also went well. However, there was a measure of disappointment over Ryzen's performance in gaming benchmarks. And on the notebook side, the respectable CPU performance and strong GPU performance of AMD's Ryzen Mobile processors (they launched this fall) was partly offset by mediocre battery life.

Perhaps more importantly, Intel (INTC - Get Report) countered AMD's launches by starting the rollout of 8th-gen desktop and notebook processors -- some are based on the Kaby Lake architecture launched in 2017, and others on the newer Coffee Lake architecture -- that often deliver 30%-plus performance gains in benchmarks relative to comparable 7th-gen chips. Reports and leaked roadmaps indicate quite a few additional Coffee Lake parts are on the way, with the breadth of Intel's Coffee Lake desktop lineup exceeding that of either its 6th or 7th-gen lineups.

On the GPU side of things, AMD's Vega 64 and 56 desktop chips did make its lineup more competitive with Nvidia's (NVDA - Get Report) high-end Pascal-architecture GPUs But their performance didn't match that of Nvidia's two most powerful gaming GPUs, the GeForce GTX 1080 Ti and Titan Xp, and they were considerably more power-hungry than rival Nvidia parts. And we'll soon see the launch of the first gaming GPUs based on Nvidia's next-gen Volta architecture.

AMD CEO Lisa Su.

As for Epyc, it managed to impress: The server CPUs (also relying on Zen cores) deliver solid performance, support a lot of memory bandwidth and I/O connectivity, and come with several novel features, including support for features on single-CPU servers that Intel has traditionally reserved for dual-CPU servers. But competitively, this was always the AMD product line facing the toughest fight, given the big advantages Intel wields in areas such as enterprise/cloud mindshare, product line breadth, complementary solutions and developer support.

In addition, it wasn't long after Epyc launched that Intel rolled out a major refresh to its Xeon server CPU line (the Xeon Scalable family, based on the company's Skylake architecture) that was well-received and promptly sparked a fresh server upgrade cycle. Epyc can still succeed, given its price/performance and feature set, but winning over big enterprises and cloud giants is far from an overnight process.

Thanks to Intel and Nvidia's competitive positioning, the first few months of 2018 could be rocky for AMD. Upcoming Coffee Lake launches will add to the competitive pressure placed on Ryzen by Intel's 8th-gen lineup, and Volta will increase Nvidia's high-end gaming GPU lead while giving it more leeway to undercut AMD by slashing Pascal prices.

AMD is expected to counter Intel's 8th-gen launches in a couple of months by launching Ryzen CPUs based on a 12-nanometer process (more advanced than the 14-nanometer process it currently uses). But this is expected to be an incremental upgrade, and it might not be long after it arrives that Intel finally launches CPUs based on its much-delayed Cannonlake architecture, its first to be based on a 10-nanometer process (arguably competitive with 7-nanometer processes from rivals).

On the other hand, the expected early-2019 launch of the first AMD PC CPUs based on a 7-nanometer process from partner Globalfoundries could very well be a game-changer. Both due to the manufacturing process used, as well as the reliance of the chips, codenamed Matisse, on second-gen Zen CPU cores. Though plenty of what-ifs still exist, Intel's 10-nanometer delays do appear to provide AMD with an opening.

.

And ahead of Matisse's launch, AMD is expected to launch GPUs based on its next-gen Navi architecture, which also relies on a 7-nanometer process. It's probably best not to expect miracles from Navi for now, given the size of Nvidia's current performance lead and GPU R&D budget edge, but it should certainly boost AMD's competitive standing.

Meanwhile, though it won't eat Intel's lunch, Epyc should gradually make some headway with major enterprise and cloud server buyers, given its selling points. And it, too, is due to see a 7-nanometer refresh in 2019.

Markets are forward-looking. Should it become clear by late 2018 that AMD's 7-nanometer CPUs are likely to provide major sales and market share lifts, the news will begin to be priced into shares long before shipments ramp. And any success for Navi could be priced in sooner.

Just be aware that AMD still has to make good on its 7-nanometer promises. And that even if it does, the ride could be bumpy until then

launching Ryzen CPUs,(AMD - Get Report),Zen CPU,Ryzen's , Nvidia,AMD CEO Lisa Su.,the Xeon Scalable family,launching Ryzen CPU,CPUs,7-nanometer

Intel chips have a huge security flaw, and the fix will slow down Windows and Linux machines , II Severe Intel security issue may impact all Macs and Windows PCs , II AMD Faces Brutal Road in Early 2018 With Strategic Moves by Nvidia, Intel