ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners

Post by rene »

That 30% will be very, very much worst case though and only experienced by tasks that constantly call into the kernel; usermode code just doing usermode things is not affected; general loads would be expected to have a perhaps 5% performance hit. More authoritatively than either me or The Register: https://lkml.org/lkml/2018/1/2/703.

I'd hate to have the fact that this problem is likely exceedingly hard to exploit in a useful manner in the first place drop from the thread so please consider that remarked upon again also...
michael louwe

Re: ATTN!...Intel CPU owners

Post by michael louwe »

For the probable % of performance hit, please refer to ... https://www.reddit.com/r/sysadmin/comme ... _incoming/
User avatar
Prsman
Level 4
Level 4
Posts: 398
Joined: Tue Nov 17, 2015 3:15 pm

Re: ATTN!...Intel CPU owners

Post by Prsman »

rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners

Post by rene »

Note wrt. the immediately above: Intel ME is completely unrelated to what is being discussed in this thread.
User avatar
majpooper
Level 8
Level 8
Posts: 2076
Joined: Thu May 09, 2013 1:56 pm
Location: North Carolina, USA

Re: ATTN!...Intel CPU owners

Post by majpooper »

Good podcast (Security Now) where this issue is explained - it starts about at 33:30 although the first topic about browser security is also worth listening to.
https://twit.tv/shows/security-now/epis ... tart=false
AMD has taken a few hits here at times, unfairly IMHO, but I have never had any issues with either my AMD CPU or graphics card and at the moment glad I run AMD on my rig.
DAMIEN1307

Re: ATTN!...Intel CPU owners

Post by DAMIEN1307 »

i do not know if this is applicable or not but my main driver for everyday use is an AMD APU/CPU...if i am thinking clearly and correctly, might i assume that when the kernel fix for INTELs stupidity does come through the pipeline, will that kernel be a "one size fits all" solution?...in other words, will the kernel security update that is rumoured to slow down INTEL chips also have the same effect on AMDs chip even though AMD is not affected by INTELs stupidity nor is at fault here and thus also suffer the same slow down scenario?...DAMIEN
earthlingkc
Level 3
Level 3
Posts: 128
Joined: Fri Oct 14, 2016 2:22 pm

Re: ATTN!...Intel CPU owners

Post by earthlingkc »

Tom's Hardware on the issues. Claiming 30% performance loss overblown for most apps...
http://www.tomshardware.com/news/intel- ... 36208.html

Postgres and Redis most impacted.

Nevertheless, a good opportunity for AMD to gain some momentum.
User avatar
Rayser
Level 3
Level 3
Posts: 137
Joined: Mon Jan 01, 2018 6:29 pm

Re: ATTN!...Intel CPU owners

Post by Rayser »

What the Linux Mint position on that? When will we receive that update?
DAMIEN1307

Re: ATTN!...Intel CPU owners

Post by DAMIEN1307 »

i do notice that the toms hardware article in the above post is based on INTELs response to the uproar and do i trust INTELs response? oh yea...just like i trust a Microsoft response...what i DO expect is that these folks, in order to protect their own self interests as well as their own piggy bank, is that they will continue to apply lipstick to their pig along with a little maybeline makeup and then pronounce the pig as being "pretty"...my personal opinion? its still a pig no matter how much you try to pretty it up...DAMIEN
wizzybang

Re: ATTN!...Intel CPU owners

Post by wizzybang »

Some information just been published here, gives some more info on 2 vulnerabilities found (meltdown & spectre). It was published around 1hr ago from posting this and says most intel CPU’s since 1995 probably affected and some ARM chips

http://www.zdnet.com/article/security-f ... ulnerable/
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners

Post by rene »

DAMIEN1307 wrote:will the kernel security update that is rumoured to slow down INTEL chips also have the same effect on AMDs chip even though AMD is not affected [ ... ]
No you're fine; it is going to be a runtime check.

Although with a disclaimer. The relevant submission from AMD regarding this would be https://lkml.org/lkml/2017/12/27/2 which turns the fix from being enabled unconditionally to being enabled on anything but AMD -- but although posted on 26-12 it is not in fact part of the 31-12 released 4.15-rc6 which still enables the fix unconditionally it seems.

More people have noticed, and for example Phoronix reports that that patch currently lives in the tip tree: https://www.phoronix.com/scan.php?page= ... le-x86-PTI. That article isn't sure about the patch making it in in time for 4.15 but I rather am: this is a big news thing and it would be utterly irresponsible to release 4.15 with the fix affecting AMD after they themselves confirmed to not be affected by the problem itsef. Also rather trust AMD will be on top of that...

Keep an eye on https://git.kernel.org/pub/scm/linux/ke ... mon.c#n926.

[EDIT] The exception for AMD was just now integrated as per the above link; 4.15 will therefore indeed perform without penalty on AMD.
Last edited by rene on Wed Jan 03, 2018 10:26 pm, edited 2 times in total.
rene
Level 20
Level 20
Posts: 12240
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners

Post by rene »

Basically all technical information now available from https://googleprojectzero.blogspot.nl/2 ... -side.html.

Note that while it specifically names two AMD CPU's for variant 1, that one is not in fact an issue; is only proof-of-concept code wrt. the speculative execution but remains firmly in user space; is not a security issue. Variants 2, 3 and 4 are the issue and indeed AMD is not affected -- in variant 2 unless "the kernel's BPF's JIT is enabled" and on AMD PRO only, or rather, not on AMD FX at least. I'll leave it up to the reader to google for the B(erkeley) P(acket) F(ilter) since I had to do so as well but note the Mint kernel to in fact enable it:

Code: Select all

rene@hp8k ~ $ grep BPF_JIT /boot/config-$(uname -r)
CONFIG_BPF_JIT=y
CONFIG_HAVE_BPF_JIT=y
If you're on AMD PRO you should therefore still pay a bit of attention it seems.

Fair amount of fun. Also, Linus weighing in on the Intel press release that DAMIEN also commented on above: https://lkml.org/lkml/2018/1/3/797.
User avatar
pizzadude
Level 1
Level 1
Posts: 45
Joined: Sat Aug 06, 2016 3:57 pm

Re: ATTN!...Intel CPU owners

Post by pizzadude »

Everyone with an Intel CPU should upgrade their kernel ASAP. It pains me that people in this thread are saying they won't update. Most tasks won't be affected by the performance penalties. Do you honestly care about performance more than security? You could literally visit a website and have your computer compromised rootkit level. :evil: I'm running the kernel with the security fix already (4.14.11) from mainline ppa installed using UKUU.
we fedora kde now
User avatar
pizzadude
Level 1
Level 1
Posts: 45
Joined: Sat Aug 06, 2016 3:57 pm

Re: ATTN!...Intel CPU owners

Post by pizzadude »

Houchou wrote:The patches are already included in the latest ubuntu/mint kernels?

which CPUs are affected?
intel cpus are affected
amd not affected
if you want a fix before ubuntu devs push an update:

install ukuu from ( ppa:teejee2008/ppa )
open ukuu
install 4.14.11
???
profit!
then check /proc/cpuinfo and check if it says:
bugs : cpu_insecure
we fedora kde now
User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1491
Joined: Tue Apr 26, 2016 3:28 pm

Re: ATTN!...Intel CPU owners

Post by Arch_Enemy »

JoeFootball wrote:I'm guessing this is the article (or similar) the OP is referring to.

Joe

Shoot, there have been memory leaks since I started in 1986. Some just don't know how to access or release memory when writing a program. Didn't matter what the CPU was as long as it was in the 808X family.
I have travelled 37629424162.9 miles in my lifetime

One thing I would suggest, create a partition as a 50G partition as /. Partition the rest as /Home. IF the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
michael louwe

Re: ATTN!...Intel CPU owners

Post by michael louwe »

FYI, .......
.
AMD wrote:AMD later clarified that it believes there is "near zero risk" to its processors.
.
Google Project Zero wrote:Enabling the kernel's BPF JIT compiler permits for the same attack to work on an AMD PRO A8-9600 R7.
.
Wikipedia wrote:The Berkeley Packet Filter (BPF) provides a raw interface to data link layers, permitting raw link-layer packets to be sent and received. It is available on most Unix-like operating systems.
... Linux includes a BPF JIT compiler which is disabled by default.
michael louwe

Re: ATTN!...Intel CPU owners

Post by michael louwe »

What will happen to this OS bug fix when we buy a non-vulnerable new 9th-gen Intel-based computer one or two years from now.?
michael louwe

Re: ATTN!...Intel CPU owners

Post by michael louwe »

@ pizzadude, .......
pizzadude wrote:Everyone with an Intel CPU should upgrade their kernel ASAP. It pains me that people in this thread are saying they won't update. Most tasks won't be affected by the performance penalties. Do you honestly care about performance more than security? You could literally visit a website and have your computer compromised rootkit level. :evil: I'm running the kernel with the security fix already (4.14.11) from mainline ppa installed using UKUU.
.
I think what has been happening is that Linus Torvald has included this KPTI bug fix in the latest Linux kernels, ie from kernel 4.14.11 onward, which are mostly meant for Alpha-testers and Beta-testers. The Linux distro developers will follow suit by releasing the bug fix to their users, likely as a Level 1 security update through Update Manager, ie there is no need for the users to upgrade their kernels to 4.14.11 or above, in order to receive this bug fix.
... This is likely because some old computers cannot run on Linux kernel 4.14 or above. There is a report by MrT on this forum that Intel Kabylake crashes on kernel 4.14.9 or above ... viewtopic.php?f=47&t=260775
michael louwe

Re: ATTN!...Intel CPU owners

Post by michael louwe »

Many computer users multi-task or run multi-processes at the same time, eg downloading stuffs, sending emails/comments, web-surfing reading news, opening stored files, etc during the same session. So, I think, when applied, this KPTI bug fix will degrade perfomance considerably for many users.

Those who mostly single-task, eg playing one game or watching movies/TV-shows from one website for hours, will be minimally impacted. OTOH, playing one multi-player online game will likely also be considerably impacted.
Last edited by michael louwe on Thu Jan 04, 2018 6:51 am, edited 1 time in total.
ilya40umov

Re: ATTN!...Intel CPU owners

Post by ilya40umov »

I find that the following link describes it nicely: https://spectreattack.com
Locked

Return to “Open Chat”