https://www.computerbase.de/2018-01/intel-cpu-pti-sicherheitsluecke/
Intel CPU中潛在的大規模漏洞目前引起轟動,這幾年安全研究人員發現了一種新的攻擊方式,它通過測量時序旁路的攻擊方式,精確分辨出記憶體的用戶空間和內核空間,進而攻擊內核,內核被突破以
反制的方法也不難,Linux在4.15版本預計發布KPTI防禦,又稱KAISER。另外Windows已經做出了完全相同原理的修改,在Build 17035上已經開啟。但會造成性能上的損失,普通情況下會損失約3-5%性能,極端情況下會損失30%~35%性能,例如NVME跑分就是極端情況的一種。
PTI影響到虛擬記憶體等核心功能,因此會帶來極大的性能損失:i7-6700【SkyLake-S】損失29%性能;i7-3770S【IvyBridge-S】損失34%性能。
Update, 10:56 PM - 1/2/18 - As it turns out, apparently the Linux patch that is being rolled out is for ALL x86 processors including AMD, and the Linux mainline kernel will treat AMD processors as insecure as well. As a result, AMD CPUs will feel a performance hit as well, though the bug only technically affects Intel CPUs and AMD recommends specifically not to enable the patch for Linux.intel:
https://amp.hothardware.com/news/intel-cpu-bug-kernel-memory-isolation-linux-windows-macos