ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Re: ATTN!...Intel CPU owners
That 30% will be very, very much worst case though and only experienced by tasks that constantly call into the kernel; usermode code just doing usermode things is not affected; general loads would be expected to have a perhaps 5% performance hit. More authoritatively than either me or The Register: https://lkml.org/lkml/2018/1/2/703.
I'd hate to have the fact that this problem is likely exceedingly hard to exploit in a useful manner in the first place drop from the thread so please consider that remarked upon again also...
I'd hate to have the fact that this problem is likely exceedingly hard to exploit in a useful manner in the first place drop from the thread so please consider that remarked upon again also...
Re: ATTN!...Intel CPU owners
For the probable % of performance hit, please refer to ... https://www.reddit.com/r/sysadmin/comme ... _incoming/
Re: ATTN!...Intel CPU owners
Note wrt. the immediately above: Intel ME is completely unrelated to what is being discussed in this thread.
Re: ATTN!...Intel CPU owners
Good podcast (Security Now) where this issue is explained - it starts about at 33:30 although the first topic about browser security is also worth listening to.
https://twit.tv/shows/security-now/epis ... tart=false
AMD has taken a few hits here at times, unfairly IMHO, but I have never had any issues with either my AMD CPU or graphics card and at the moment glad I run AMD on my rig.
https://twit.tv/shows/security-now/epis ... tart=false
AMD has taken a few hits here at times, unfairly IMHO, but I have never had any issues with either my AMD CPU or graphics card and at the moment glad I run AMD on my rig.
Re: ATTN!...Intel CPU owners
i do not know if this is applicable or not but my main driver for everyday use is an AMD APU/CPU...if i am thinking clearly and correctly, might i assume that when the kernel fix for INTELs stupidity does come through the pipeline, will that kernel be a "one size fits all" solution?...in other words, will the kernel security update that is rumoured to slow down INTEL chips also have the same effect on AMDs chip even though AMD is not affected by INTELs stupidity nor is at fault here and thus also suffer the same slow down scenario?...DAMIEN
-
- Level 3
- Posts: 128
- Joined: Fri Oct 14, 2016 2:22 pm
Re: ATTN!...Intel CPU owners
Tom's Hardware on the issues. Claiming 30% performance loss overblown for most apps...
http://www.tomshardware.com/news/intel- ... 36208.html
Postgres and Redis most impacted.
Nevertheless, a good opportunity for AMD to gain some momentum.
http://www.tomshardware.com/news/intel- ... 36208.html
Postgres and Redis most impacted.
Nevertheless, a good opportunity for AMD to gain some momentum.
Re: ATTN!...Intel CPU owners
What the Linux Mint position on that? When will we receive that update?
Re: ATTN!...Intel CPU owners
i do notice that the toms hardware article in the above post is based on INTELs response to the uproar and do i trust INTELs response? oh yea...just like i trust a Microsoft response...what i DO expect is that these folks, in order to protect their own self interests as well as their own piggy bank, is that they will continue to apply lipstick to their pig along with a little maybeline makeup and then pronounce the pig as being "pretty"...my personal opinion? its still a pig no matter how much you try to pretty it up...DAMIEN
Re: ATTN!...Intel CPU owners
Some information just been published here, gives some more info on 2 vulnerabilities found (meltdown & spectre). It was published around 1hr ago from posting this and says most intel CPU’s since 1995 probably affected and some ARM chips
http://www.zdnet.com/article/security-f ... ulnerable/
http://www.zdnet.com/article/security-f ... ulnerable/
Re: ATTN!...Intel CPU owners
No you're fine; it is going to be a runtime check.DAMIEN1307 wrote:will the kernel security update that is rumoured to slow down INTEL chips also have the same effect on AMDs chip even though AMD is not affected [ ... ]
Although with a disclaimer. The relevant submission from AMD regarding this would be https://lkml.org/lkml/2017/12/27/2 which turns the fix from being enabled unconditionally to being enabled on anything but AMD -- but although posted on 26-12 it is not in fact part of the 31-12 released 4.15-rc6 which still enables the fix unconditionally it seems.
More people have noticed, and for example Phoronix reports that that patch currently lives in the tip tree: https://www.phoronix.com/scan.php?page= ... le-x86-PTI. That article isn't sure about the patch making it in in time for 4.15 but I rather am: this is a big news thing and it would be utterly irresponsible to release 4.15 with the fix affecting AMD after they themselves confirmed to not be affected by the problem itsef. Also rather trust AMD will be on top of that...
Keep an eye on https://git.kernel.org/pub/scm/linux/ke ... mon.c#n926.
[EDIT] The exception for AMD was just now integrated as per the above link; 4.15 will therefore indeed perform without penalty on AMD.
Last edited by rene on Wed Jan 03, 2018 10:26 pm, edited 2 times in total.
Re: ATTN!...Intel CPU owners
Basically all technical information now available from https://googleprojectzero.blogspot.nl/2 ... -side.html.
Note that while it specifically names two AMD CPU's for variant 1, that one is not in fact an issue; is only proof-of-concept code wrt. the speculative execution but remains firmly in user space; is not a security issue. Variants 2, 3 and 4 are the issue and indeed AMD is not affected -- in variant 2 unless "the kernel's BPF's JIT is enabled" and on AMD PRO only, or rather, not on AMD FX at least. I'll leave it up to the reader to google for the B(erkeley) P(acket) F(ilter) since I had to do so as well but note the Mint kernel to in fact enable it:
If you're on AMD PRO you should therefore still pay a bit of attention it seems.
Fair amount of fun. Also, Linus weighing in on the Intel press release that DAMIEN also commented on above: https://lkml.org/lkml/2018/1/3/797.
Note that while it specifically names two AMD CPU's for variant 1, that one is not in fact an issue; is only proof-of-concept code wrt. the speculative execution but remains firmly in user space; is not a security issue. Variants 2, 3 and 4 are the issue and indeed AMD is not affected -- in variant 2 unless "the kernel's BPF's JIT is enabled" and on AMD PRO only, or rather, not on AMD FX at least. I'll leave it up to the reader to google for the B(erkeley) P(acket) F(ilter) since I had to do so as well but note the Mint kernel to in fact enable it:
Code: Select all
rene@hp8k ~ $ grep BPF_JIT /boot/config-$(uname -r)
CONFIG_BPF_JIT=y
CONFIG_HAVE_BPF_JIT=y
Fair amount of fun. Also, Linus weighing in on the Intel press release that DAMIEN also commented on above: https://lkml.org/lkml/2018/1/3/797.
Re: ATTN!...Intel CPU owners
Everyone with an Intel CPU should upgrade their kernel ASAP. It pains me that people in this thread are saying they won't update. Most tasks won't be affected by the performance penalties. Do you honestly care about performance more than security? You could literally visit a website and have your computer compromised rootkit level. I'm running the kernel with the security fix already (4.14.11) from mainline ppa installed using UKUU.
we fedora kde now
Re: ATTN!...Intel CPU owners
intel cpus are affectedHouchou wrote:The patches are already included in the latest ubuntu/mint kernels?
which CPUs are affected?
amd not affected
if you want a fix before ubuntu devs push an update:
install ukuu from ( ppa:teejee2008/ppa )
open ukuu
install 4.14.11
???
profit!
then check /proc/cpuinfo and check if it says:
bugs : cpu_insecure
we fedora kde now
- Arch_Enemy
- Level 6
- Posts: 1491
- Joined: Tue Apr 26, 2016 3:28 pm
Re: ATTN!...Intel CPU owners
Shoot, there have been memory leaks since I started in 1986. Some just don't know how to access or release memory when writing a program. Didn't matter what the CPU was as long as it was in the 808X family.
I have travelled 37629424162.9 miles in my lifetime
One thing I would suggest, create a partition as a 50G partition as /. Partition the rest as /Home. IF the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
One thing I would suggest, create a partition as a 50G partition as /. Partition the rest as /Home. IF the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
Re: ATTN!...Intel CPU owners
FYI, .......
.
.
.AMD wrote:AMD later clarified that it believes there is "near zero risk" to its processors.
.Google Project Zero wrote:Enabling the kernel's BPF JIT compiler permits for the same attack to work on an AMD PRO A8-9600 R7.
Wikipedia wrote:The Berkeley Packet Filter (BPF) provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received. It is available on most Unix-like operating systems.
... Linux includes a BPF JIT compiler which is disabled by default.
Re: ATTN!...Intel CPU owners
What will happen to this OS bug fix when we buy a non-vulnerable new 9th-gen Intel-based computer one or two years from now.?
Re: ATTN!...Intel CPU owners
@ pizzadude, .......
I think what has been happening is that Linus Torvald has included this KPTI bug fix in the latest Linux kernels, ie from kernel 4.14.11 onward, which are mostly meant for Alpha-testers and Beta-testers. The Linux distro developers will follow suit by releasing the bug fix to their users, likely as a Level 1 security update through Update Manager, ie there is no need for the users to upgrade their kernels to 4.14.11 or above, in order to receive this bug fix.
... This is likely because some old computers cannot run on Linux kernel 4.14 or above. There is a report by MrT on this forum that Intel Kabylake crashes on kernel 4.14.9 or above ... viewtopic.php?f=47&t=260775
.pizzadude wrote:Everyone with an Intel CPU should upgrade their kernel ASAP. It pains me that people in this thread are saying they won't update. Most tasks won't be affected by the performance penalties. Do you honestly care about performance more than security? You could literally visit a website and have your computer compromised rootkit level. I'm running the kernel with the security fix already (4.14.11) from mainline ppa installed using UKUU.
I think what has been happening is that Linus Torvald has included this KPTI bug fix in the latest Linux kernels, ie from kernel 4.14.11 onward, which are mostly meant for Alpha-testers and Beta-testers. The Linux distro developers will follow suit by releasing the bug fix to their users, likely as a Level 1 security update through Update Manager, ie there is no need for the users to upgrade their kernels to 4.14.11 or above, in order to receive this bug fix.
... This is likely because some old computers cannot run on Linux kernel 4.14 or above. There is a report by MrT on this forum that Intel Kabylake crashes on kernel 4.14.9 or above ... viewtopic.php?f=47&t=260775
Re: ATTN!...Intel CPU owners
Many computer users multi-task or run multi-processes at the same time, eg downloading stuffs, sending emails/comments, web-surfing reading news, opening stored files, etc during the same session. So, I think, when applied, this KPTI bug fix will degrade perfomance considerably for many users.
Those who mostly single-task, eg playing one game or watching movies/TV-shows from one website for hours, will be minimally impacted. OTOH, playing one multi-player online game will likely also be considerably impacted.
Those who mostly single-task, eg playing one game or watching movies/TV-shows from one website for hours, will be minimally impacted. OTOH, playing one multi-player online game will likely also be considerably impacted.
Last edited by michael louwe on Thu Jan 04, 2018 6:51 am, edited 1 time in total.
Re: ATTN!...Intel CPU owners
I find that the following link describes it nicely: https://spectreattack.com