Just two days into 2018 and Intel seems to have run out of luck. Reports have started emerging, suggesting that Intel processors suffer from a major security bug. To make matters worse, this is said to be a design flaw, which isn’t exactly easy to fix. And even when the fix is available, there will be an appreciable dip in performance.
A patch-fix for this architectural security bug isn’t convenient either. The report explains that the fix could tank the performance somewhere between 5 to 30 percent. The reason behind this is that the processor must change the way it dumps cached data and reloads information from memory.
These Kernel Page Table Isolation patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all. Really, this shouldn’t be needed, but clearly there is a flaw in Intel’s silicon that allows kernel access protections to be bypassed in some way.The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel’s overhead, and slows down the computer.