The Kernel Page Table Isolation Fix
The fix, that will reportedly impact performance, is to isolate the kernel’s memory from the user-based processes using the “Kernel Page Table Isolation” fix. The Kernel is a piece of software that is central to all Operating Systems. It has full control and plays a part in translating software requests into data-processing instructions for the CPU. The kernel’s code is usually loaded into a protected area of memory that prevents apps from overwriting or changing this code. These tasks take place in what is referred to as “kernel space” whereas everything the user does, happens in the “user space”. Having this isolation prevents user data and kernel data from interfering with each other. More information about kernels can be found here.
Basically, when a program needs to perform some action – it will give control of the processor to the kernel to accomplish the action. The switching between kernel space and user space takes time so in order to make it faster, software developers have made the kernel present in the virtual memory address spaces of all processes. When the app requires the kernel, the processor is switched to kernel space mode then reverts back to the user space when complete so it can re-enter the process originally requested by the app. Once the CPU jumps back into the user space, the kernel’s code and data remains present in the process’s page tables. This is the root of the flaw since Intel’s chips are somehow allowing kernel access protections to be bypassed.
The KPTI patches move the kernel into a completely separate ‘space’, thus removing the kernel from the virtual memory address spaces of these processes. This is why developers are stating that the fix to Intel’s hardware will cause performance hits. The time it takes to switch between the user space to the kernel space, then back to the user space will negatively impact performance but will mean that kernel code isn’t left visible, meaning vulnerable. These address space changes also require the CPU to delete its cache and reload information from memory. This results in a slower PC because processes take longer to, well…process.
While AMD processors are not subjected to this issue, they might have hinted at the root cause in their statement yesterday,
“AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against. The AMD microarchitecture does not allow memory references, including speculative references, that access higher priviledged data when running in a lesser priviledged mode when that access would result in a page fault.”
The Impact of The Intel Processor Flaw
Since the kernel’s memory contains all the secrets that the PC uses to operate – like passwords, login keys, cached files from the disk, etc. – this flaw means that the potential exists for a malicious software to garner sensitive kernel-protected data. This also would allow malware to further exploit a targeted PC by knowing where the kernel code is executing from, and injecting or modifying the code’s execution.
The fix would also impact cloud hosting environments the most (AWS, Amazon, and all the major cloud players) and will result in reduced performance which is further compounded by the shared server environments.