X
Business

Linus contradicts OpenBSD founder on Intel TLB issue

OpenBSD founder Theo de Raadt has been making a lot of noise over a change in Intel's current generation Core 2 microprocessor and he goes as far as claiming that this will lead to serious security flaws.  Linus Torvalds by contrast has given a completely opposite view of the situation while other CPU analysts like David Kanter agrees that this is essentially "a mountain being made out of a mole hill".
Written by George Ou, Contributor

OpenBSD founder Theo de Raadt has been making a lot of noise over a change in Intel's current generation Core 2 microprocessor and he goes as far as claiming that this will lead to serious security flaws.  Linus Torvalds by contrast has given a completely opposite view of the situation while other CPU analysts like David Kanter agrees that this is essentially "a mountain being made out of a mole hill".  While Theo de Raadt characterizes as a serious flaw in the CPU that will “will *ASSUREDLY* be exploitable from userland code”, David Kanter says that this technically isn't even a bug.

This can't even be considered a bug because software developers were taking advantage of an undocumented behavior of the TLB in prior generations of Intel's Microprocessors.  Because this undocumented behavior was changed and now documented in the newer Core 2 processor, it has a very small chance of breaking code that used undocumented behavior though the issue hasn't really been seen in the wild.

To address this potential issue, either the software needs to be patched to no longer use the old undocumented behavior or the Motherboard BIOS can be modified to force the Core 2 based CPUs to behave just like the prior generation.  Intel has opted to give people a BIOS while Microsoft is offering a Windows patch that prevents Windows from using the old undocumented feature.  Linux isn't even affected by the TLB issue due to a little "luck" from a previous "page table handling" patch that happened to accommodate the TLB changes.  Theo de Raadt on the other hand decided to make a big stink about it that Intel is leaving out Open Source though it's clear he doesn't speak for Linus.

According to both Linus and Kanter, this "bug" is largely insignificant and that the x86 processors from AMD and Intel have far fewer flaws than the "boutique" ones.  Here's a quote from Kanter.

David Kanter: Basically, the 'bug' is totally overblown. From what I understand, it's not technically a bug at all.

Previously, certain behavior in the microprocessor's page table (which maps virtual to physical memory) was unspecified, and now Intel has specified this behavior. So rather than being a bug, it's more like a clarification of a grey area. Unfortunately, some software (mostly OS and low level stuff) made assumptions about the page table behavior in this grey area; when that behavior changed, the software in question broke.

At the end of the day, this issue isn't even a bug. It's not even serious by anyone's standards. Is it a problem for users? No - it's a problem for OS developers, and I trust them to care of it. This is really just a storm in a tea cup.

If you compare this 'bug' to other major bugs, such as the F00F bug, you'll see that it really is nothing. This isn't technically a bug, and it can be fixed by writing your software correctly, or patching older OSes.

Linus had the following to say:

Linus Torvalds: So Intel and AMD actually tend to fix the bugs a lot more aggressively than you'd see for some single-vendor thing, simply because they don't control the stack the way other architectures generally do.

I'd expect other CPU's to generally have more errata than most commodity x86 chips.

Editorial standards