The detection of security vulnerabilities by Meltdown and Specter in early 2018 caused a waterfall of similarly annoying side channel attack and sync issues. The bad thing is that while they can't be abused in practice due to complexity (hackers have easier trivial vulnerabilities or social engineering to choose from), they are threatened directly at the main processor level. This breaks down the notion that it's enough to detect and troubleshoot software code to protect your computer from attack without having to watch the hardware architecture it runs on. Now to these problems is added another security hole similar to Specter. Interestingly, this time it is not common and does not refer to alternative instruction sets, but only to x86 / x86-64 architecture processors.
A new attack of this type was discovered by BitDefender researchers and named SWAPGS (CVE-2019-1125). The name is derived from the x86 instruction, which is the source of the abuse. Because it is specific to this instruction set, it does not need ARM, Power or MIPS chips, which makes it unique in its own way. The problem is caused by the speculative execution of the SWAPGS instruction, which is used to load the selected value into the segment register (this indicates compensation for the memory range used).
This instruction should be relatively new, along with the FSGSBASE-related operation, Intel added it to the Ivy Bridge kernel from 2012 for speedy context switching in certain cases. Only processors of this generation and newer, ie 22nm chips such as Core i7-3770K, i5-3750K and of course mobile variants, should be affected.
BitDefender researchers publish a document entitled "Overcoming KPTIs Using SWAPGS Instructive Behavior".
The repair will be entirely on the OS side
According to the researchers, it is not realistic to correct this error on the hardware side, or it may be best to correct it in a similar way. Specter V1 is better to refer to this layer (the formulations used vary depending on the source). Therefore, it will be solved purely by adapting operating systems. Microsoft corrected this error – possibly by changing the code using these instructions – in patches released on July 9, before it was discovered. However, the problem with SWAPGS was not mentioned at that time, the error was below the NDA. Thanks to this responsible approach, updates were widely distributed before the vulnerability was made public.
Initial reports said that only Windows could be used. On Linux, it is reported that the potentially affected site is also (when processing insoluble interruptions), but according to BitDefender it should be difficult to use in practice. However, Linux should already have patches on these potential weaknesses, for example Red Hat has the right connection for it. Therefore, even in Linux, the error will not be left, despite the minimal danger. On Apple MacOS according to BitDefender should not be used.
Little but probably no null effect on performance
According to Red Hat, repairs have a minimal but likely measurable impact on productivity. This happens when switching between user and kernel execution modes, so that in applications that run a large number of such switches (interrupts, system calls), the impact can be worse. On Linux, the fix is included in the Specter V1 security kit and can be disabled with the same parameter ("nospectre_v1"). It may have a similar effect on Windows, but there is nothing to worry about. It is generally recommended that you always have a full update to your operating system and active protection to minimize the risks.
Intel has a page error and states that the July fix for Windows addresses it completely. AMD wrote in its response that its processors were not speculating on the new user-written value of the SG registry (which Intel seems to be doing) with the SWAPGS instruction, so the processors of that brand seem a little less malleable. They are obviously not part of the attack, but the other part is.
According to the SWAPGS Register, BitDefender has four types of operations described. Depending on whether SWAPGS was not speculatively executed when it should have been applied (1) or whether it was speculatively executed when it should not have been executed (2). For both options, the attacker can either determine whether certain data already in the cache comes from a specific kernel address (a), or establish the value of the data at any address (b). Only option 2a applies to AMD processors. Patches are still needed, however, AMD recommends that you look at the vulnerable variant in the same way as Specter V1. John Masters with Red Hat on Twitter wrote that in their Linux version of the kernel obviously there are only the necessary repair shops for AMD processors, not all the ones needed for Intel, We don't know if Windows does it this way or whether it's a flat rate.
Additional resources for SWAPGS:
Gallery: Hygon Dhyana processor (Chinese x86 processor with AMD Zen license cores)