The mysterious case of the Linux Page Table Isolation patches
https://goo.gl/5miAKf
tl;dr: there is presently an embargoed security bug impacting apparently all
contemporary CPU architectures that implement virtual memory, requiring
hardware changes to fully resolve. Urgent development of a software
mitigation is being done in the open and recently landed in the Linux kernel,
and a similar mitigation began appearing in NT kernels in November. In the
worst case the software fix causes huge slowdowns in typical workloads. There
are hints the attack impacts common virtualization environments including
Amazon EC2 and Google Compute Engine, and additional hints the exact attack
may involve a new variant of Rowhammer.
目前有一个禁用的安全漏洞影响到所有实作虚拟内存的现代CPU架构,
需要硬件变更才能完全修复。
软件的紧急补救方案正在完成,近期内将会发布在Linux Kernel上,
另外还有一个类似的补救也从11月开始出现在NT(Windows)上。
软件补丁在最糟的情况下会造成典型工作严重缓慢。
这似乎也隐示了针对虚拟环境包括Amazon EC2和Google Compute Engine的攻击,
以及新变种的Rowhammer(借由大量存取内存改变半导体内的电荷分布攻击)。
放弃 字太多了