Linus contradicts OpenBSD founder on Intel TLB issue

Linus contradicts OpenBSD founder on Intel TLB issue

Summary: OpenBSD founder Theo de Raadt has been making a lot of noise over a change in Intel's current generation Core 2 microprocessor and he goes as far as claiming that this will lead to serious security flaws.  Linus Torvalds by contrast has given a completely opposite view of the situation while other CPU analysts like David Kanter agrees that this is essentially "a mountain being made out of a mole hill".

SHARE:
TOPICS: Intel, Software
9

OpenBSD founder Theo de Raadt has been making a lot of noise over a change in Intel's current generation Core 2 microprocessor and he goes as far as claiming that this will lead to serious security flaws.  Linus Torvalds by contrast has given a completely opposite view of the situation while other CPU analysts like David Kanter agrees that this is essentially "a mountain being made out of a mole hill".  While Theo de Raadt characterizes as a serious flaw in the CPU that will “will *ASSUREDLY* be exploitable from userland code”, David Kanter says that this technically isn't even a bug.

This can't even be considered a bug because software developers were taking advantage of an undocumented behavior of the TLB in prior generations of Intel's Microprocessors.  Because this undocumented behavior was changed and now documented in the newer Core 2 processor, it has a very small chance of breaking code that used undocumented behavior though the issue hasn't really been seen in the wild.

To address this potential issue, either the software needs to be patched to no longer use the old undocumented behavior or the Motherboard BIOS can be modified to force the Core 2 based CPUs to behave just like the prior generation.  Intel has opted to give people a BIOS while Microsoft is offering a Windows patch that prevents Windows from using the old undocumented feature.  Linux isn't even affected by the TLB issue due to a little "luck" from a previous "page table handling" patch that happened to accommodate the TLB changes.  Theo de Raadt on the other hand decided to make a big stink about it that Intel is leaving out Open Source though it's clear he doesn't speak for Linus.

According to both Linus and Kanter, this "bug" is largely insignificant and that the x86 processors from AMD and Intel have far fewer flaws than the "boutique" ones.  Here's a quote from Kanter.

David Kanter: Basically, the 'bug' is totally overblown. From what I understand, it's not technically a bug at all.

Previously, certain behavior in the microprocessor's page table (which maps virtual to physical memory) was unspecified, and now Intel has specified this behavior. So rather than being a bug, it's more like a clarification of a grey area. Unfortunately, some software (mostly OS and low level stuff) made assumptions about the page table behavior in this grey area; when that behavior changed, the software in question broke.

At the end of the day, this issue isn't even a bug. It's not even serious by anyone's standards. Is it a problem for users? No - it's a problem for OS developers, and I trust them to care of it. This is really just a storm in a tea cup.

If you compare this 'bug' to other major bugs, such as the F00F bug, you'll see that it really is nothing. This isn't technically a bug, and it can be fixed by writing your software correctly, or patching older OSes.

Linus had the following to say:

Linus Torvalds: So Intel and AMD actually tend to fix the bugs a lot more aggressively than you'd see for some single-vendor thing, simply because they don't control the stack the way other architectures generally do.

I'd expect other CPU's to generally have more errata than most commodity x86 chips.

Topics: Intel, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Intel's view

    I am from Intel, and I thought I would give you our perspective. Months ago, we addressed a processor issue by providing a BIOS update for our customers that in no way affects system performance. We publicly documented this as an erratum in April. All processors from all companies have errata, and Intel has a well-known errata communication process to inform our customers and the public. Keep in mind the probability of encountering this issue is extremely low. Specification Updates for the affected processors are available at http://developer.intel.com. All errata are thoroughly investigated for issues and vulnerabilities, should they have any we fix them, usually through a microcode update. We feel we?ve resolved the issue and were open about it with customers and then publicly publishing it, but this is a good venue for ideas on how we could do better or more. I am interested in any constructive comments...
    IntelNick
  • You do have a way with words, George

    [i]Theo de Raadt on the other hand decided to make a big stink about it that Intel is leaving out Open Source though it?s clear he doesn?t speak for Linus.[/i]

    I never knew you were that heavily into understatement.
    Yagotta B. Kidding
    • Hey I was somewhat sedated sitting in a 2 hour line

      Hey I was somewhat sedated sitting in a 2 hour line at the Airport hoping to get home. Final trip time ended up being 33 hours but I'd still be in JFK at the JetBlue gate sleeping on the floor right now if I hadn't bought a different ticket with US Airways. I wrote and post this entire blog sitting on the floor in a line.
      georgeou
  • And what...

    ...does this have to do with the iPhone???
    Please explain. ;)
    D T Schmitz
    • Aren't you iSick of iPhone stories yet?

      nt
      georgeou
      • iYes!

        nt
        D T Schmitz
      • iGuess

        ;)
        Kid Icarus-21097050858087920245213802267493
  • Speed Kills

    George, I realize this is a blog and speed counts, but speed also kills. Re-read your first paragraph - some of those aren't even sentences. The few moments it would take to edit your work would pay dividends in the long run.
    waveslide
    • Sorry about that, fixed the first paragraph.

      Sorry about that, fixed the first paragraph. I wrote and posted that story while stuck at the Airport in New York.
      georgeou