Microsoft Windows Update Disrupts Linux on Intel CPUs, Impacting AMD Users

Microsoft Windows Update Disrupts Linux on Intel CPUs, Impacting AMD Users

Linus Torvalds Offers Guitar Pedal Amidst Kernel Controversy

In an unexpected yet delightful turn of events, Linus Torvalds shared his festive mood earlier today, expressing his willingness to craft a customized guitar pedal for a fortunate Linux developer. This gesture comes at a time when the development community is celebrating the advancement of the Linux kernel version 6.13, amidst a generally positive holiday season.

Kernel Change Sparks Controversy

However, Torvalds’ cheerful demeanor faced a setback due to a recently proposed change by Microsoft, which threatened to derail progress. Fortunately, swift interventions from Intel and AMD managed to mitigate the issue just in time.

Details of the Controversial Change

The problematic change involved a kernel configuration known as ARCH_HAS_EXECMEM_ROX. This setting aimed to enhance performance by enabling caching of executable memory (EXECMEM) with read-only execute (ROX) permissions, specifically for x86_64 and AMD64 architectures—essentially targeting 64-bit processors from AMD and Intel.

Technical Concerns Arise

Regrettably, this change was submitted without proper acknowledgment from an x86 kernel maintainer, leading to significant issues with Control Flow Integrity (CFI) on affected CPUs. Intel’s Peter Zijlstra urgently issued a request today to revert the changes associated with EXECMEM_ROX support, citing that the implementation remains unfinished and problematic.

x86: Disable EXECMEM_ROX support

The whole module_writable_address() nonsense made a giant mess of alternative.c, not to mention it still contains bugs — notable some of the CFI variants crash and burn.

Mike has been working on patches to clean all this up again, but given the current state of things, this stuff just isn’t ready.

Disable for now, let’s try again next cycle.

Industry Reactions

AMD’s Borislav Petkov also voiced his frustrations, highlighting the oversight in the process:

I just love it how this went in without a single x86 maintainer Ack, it broke a bunch of things and then it is still there instead of getting reverted. Let’s not do this again please.

— Regard/Grus, Boris.

Understanding Control-flow Enforcement Technology (CET)

For those who might not be aware, Control-flow Enforcement Technology (CET) represents a crucial security enhancement in modern computing. It incorporates two major components: Shadow Stack and Indirect Branch Targeting (IBT). The Shadow Stack acts as a defense against Return Oriented Programming (ROP) attacks, while IBT protects systems from Call or Jump Oriented Programming (COP/JOP) threats.

CET achieves this security by comparing the traditional program stack with a hardware-stored backup copy known as the Shadow Stack, thereby ensuring the accuracy of return addresses. In essence, the Shadow Stack plays a vital role in preventing malware from hijacking the execution flow of legitimate software, effectively flagging any potentially compromised programs.

For further insights and detailed analysis, you can read more here.

Related Articles:

Microsoft launches new AI organization led by former Meta executive
Monk and Psych: The Essential Crossover We’ve Been Missing

Leave a Reply

Your email address will not be published. Required fields are marked *