ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
Post Reply
BigEasy
Level 6
Level 6
Posts: 1268
Joined: Mon Nov 24, 2014 9:17 am
Location: Chrząszczyżewoszyce, powiat Łękołody

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by BigEasy »

After all there was not Canonical bugs. So, don't make them responsible for someone another's bad work.
Windows assumes I'm stupid but Linux demands proof of it

User avatar
michael louwe
Level 10
Level 10
Posts: 3298
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

https://www.techspot.com/article/1556-m ... e-windows/ (dated 7 Jan 2018)
(Meltdown & Spectre patches benchmark tests on the newer Asus TUF Z370-Plus Gaming motherboard and the Intel Core i3-8100)

Bear in mind that more recent Intel processors from the Haswell (4th-gen) era onward have a technology called PCID (Process-Context Identifiers) enabled and are said to suffer less of a performance hit.

Seems, from the above benchmark tests, NVMe SSDs performance is hit hardest, ie a performance hit of about 40% for certain workloads; and SATA SSDs = about 20% performance hit. I presume HDD performance will be hit less by the patches.
... Does this mean programs and games will take longer to load from disk storage.?

Older Intel processors without the PCID feature will likely be hit harder than the above tests results .

User avatar
xenopeek
Level 24
Level 24
Posts: 24324
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek »

Yes you can measure performance degradation in artificial benchmarks that do nothing but kernel calls. Like those storage benchmarks that do nothing but call the kernel to read or write a disk block in a loop. That doesn't say anything about real world impact because aside from storage benchmarks, no program does nothing but read or write data and throw away the results. Programs read data and do something with it. They occasionally write data. They do a whole lot other things in between and in parallel.

Like for gaming it's been repeatedly shown that once you have a SATA3 SSD, that's it. Your games won't run or load faster even with the spiffiest M.2 NVMe SSD.
Image

mike acker
Level 6
Level 6
Posts: 1440
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by mike acker »

rene wrote:
Schultz wrote:Well, even Windows has released a patch already. I don't know why it's taking Ubuntu so long.
To be honest, Microsoft did of course rainbows it up: http://news.softpedia.com/news/windows- ... 9238.shtml.

Definitely rather uncourteous to break processors with a mitigation for a problem they weren't having in the first place. But, yes, well, should indeed not hold up a Linux release similarly (KPTI is fully disabled for AMD on Linux) and I'd agree that Ubuntu seems slow. And Mint is for now not pushing Firefox 57.0.4 even though Ubuntu did get that one out the door...
firefox.png
(LMDE/2 system) : it installed here 2018-01-06 1605
¡Viva la Resistencia!

norm.h
Level 5
Level 5
Posts: 585
Joined: Tue Mar 23, 2010 11:45 am
Location: Oxfordshire, UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by norm.h »

Just installed it here Jan 7th 11.30 am, as a normal Update Manager update

User avatar
Minterator
Level 5
Level 5
Posts: 596
Joined: Thu Jan 10, 2013 8:29 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Minterator »

What about virtual machines? Will a Windows 10 running in VirtualBox download patches? Does a guest OS even have direct access to the host's kernel memory?
Mint 17.3 MATE, kernel 4.11.12

sichenia
Level 1
Level 1
Posts: 28
Joined: Tue Nov 15, 2016 4:25 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by sichenia »

Hi everybody. I run Mint 17.3 and kernel
linux-kernel-generic-3.19.0-32
linux-image-3.19.0-32.37~14.04
Forgive me if I'm dense... on Jan. 9 the new patched kernel will be out.
Does that mean that the update manager should recommend it to me as the direct evolution of the kernel I'm using (as it suggests for instance the upgrades of Firefox etc) or that by then I shall choose it from the kernel list? And if I am the one that shall choose the kernel to upgrade, shall it still be called 3.19.whatever, or will it be numbered differently?
I'm afraid I may not find it, since there is a gazillion packages already, or that I may choose the wrong one.
Again my apologies if the question is dumb but I usually touch the kernel in installation then let it be for years and toy only with the other programs.

As an aside, since my system is double boot, today I installed the Win 10 patch. I used the pc only a little on win since, but the slowing down is extremely evident. Just booting required twice the time it did before. Maybe it was just installing stuff. Maybe.

User avatar
thx-1138
Level 7
Level 7
Posts: 1936
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 »

After all there was not Canonical bugs. So, don't make them responsible for someone another's bad work.
Regardless of what Insyde and vendors did, they did enabled an 'experimental' driver apparently without having testing it excessively, so...But let's not hijack this thread with different issues...
What about virtual machines?
What about them? Yes, they need to be patched to as well...and from what i understand, they're also among the ones who will suffer a somewhat noticeable penalty... :x
I'm afraid I may not find it, since there is a gazillion packages already, or that I may choose the wrong one.
There's no mention for 3.19.x on Canonical's site. Unless something changes, only the kernel versions mentioned there are the ones that will be patched.
Last edited by thx-1138 on Sun Jan 07, 2018 10:25 am, edited 1 time in total.

sichenia
Level 1
Level 1
Posts: 28
Joined: Tue Nov 15, 2016 4:25 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by sichenia »

There's no mention for 3.19.x on Canonical's site. Unless something changes, only the kernel versions mentioned there are the ones that will be patched.
Hm. As I said, I'm pretty wary of touching the kernel... Since I have to patch this and since I run Mint 17.3 what do you suggest as best course of action for me?
Directly go to Mint 18 or just upgrade the kernel (which version would be best?) to a version that will be patched?

User avatar
thx-1138
Level 7
Level 7
Posts: 1936
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 »

...you really shouldn't be wary of such...i'd personally try the 4.4.x one, or else, the 3.13.x. But that's purely subjective, whatever out of the two works better for you. And in any case, if for some reason something isn't working correctly afterwards, people around will help...

I wouldn't 'jump ship' over at Mint18.x if satisfied with Mint17.x to speak off: even if you decide to do so, you would still need to upgrade / change kernel version to a patched one...

earthlingkc
Level 3
Level 3
Posts: 110
Joined: Fri Oct 14, 2016 2:22 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by earthlingkc »

Here's 4.4.110 kernel, released Jan5...
http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.4.110/

User avatar
Spearmint2
Level 16
Level 16
Posts: 6879
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Spearmint2 »

sichenia wrote:Hi everybody. I run Mint 17.3 and kernel
linux-kernel-generic-3.19.0-32
linux-image-3.19.0-32.37~14.04
Forgive me if I'm dense... on Jan. 9 the new patched kernel will be out.
Does that mean that the update manager should recommend it to me as the direct evolution of the kernel I'm using (as it suggests for instance the upgrades of Firefox etc) or that by then I shall choose it from the kernel list? And if I am the one that shall choose the kernel to upgrade, shall it still be called 3.19.whatever, or will it be numbered differently?
I'm afraid I may not find it, since there is a gazillion packages already, or that I may choose the wrong one.
Again my apologies if the question is dumb but I usually touch the kernel in installation then let it be for years and toy only with the other programs.

As an aside, since my system is double boot, today I installed the Win 10 patch. I used the pc only a little on win since, but the slowing down is extremely evident. Just booting required twice the time it did before. Maybe it was just installing stuff. Maybe.
in the kernel section of the Update Manager you can see columns for fix and regressions. What you want to look for is the CVE in the fix that is the one that gives the update for Spectre and Meltdown. I suspect there may be Intel and AMD specific kernels, (I hope since AMD only needs one of the Spectre) but wouldn't put money on a bet for that either. The Microsoft fix already out is hitting AMD chips hard, since it's directed at Intel processors. Some with windows and AMD chips are now having boot up problems.

Look for kernel that has these listed in the fix column.

Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

sichenia
Level 1
Level 1
Posts: 28
Joined: Tue Nov 15, 2016 4:25 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by sichenia »

...you really shouldn't be wary of such...i'd personally try the 4.4.x one, or else, the 3.13.x. But that's purely subjective, whatever out of the two works better for you. And in any case, if for some reason something isn't working correctly afterwards, people around will help...
Thanks for the advice. I tried the 4.4.0.104 and went back to use the previous one since the newest changed all my screen options. I'll go searching for suggestions in the installation section of the forum.

Virus-
Level 1
Level 1
Posts: 28
Joined: Sun Jan 12, 2014 1:16 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Virus- »

Hey i am on the Linux Mint download page: For Cinnamon 64 bit

https://linuxmint.com/download_all.php

Is anyone aware if the patchs are already included inside these revisions bellow?

18.3 Sylvia Ubuntu Xenial Long term support release (LTS), supported until April 2021.
18.2 Sonya Ubuntu Xenial Long term support release (LTS), supported until April 2021.

Thanks.

User avatar
michael louwe
Level 10
Level 10
Posts: 3298
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

@ sichenia, .......
sichenia wrote:...
.
You are running LM 17.3 LTS But your kernel 3.19 is not LTS or is unsupported, wrt security fixes. ... https://wiki.ubuntu.com/Kernel/Support# ... el_Support
... Only kernel 3.13 or 4.4 is LTS, ie supported until 2019 for LM 17.3 LTS. Old computers should use kernel 3.13.

For LM 17.x, users will have to manually install the KPTI patch through Update Manager >View >Linux kernels on or after 9 Jan 2018, ie either manually install kernel 3.13.xxx or 4.4.xxx.
... For LM 18.x, users will see the KPTI patch as one of the higher Level updates in Update Manager, ie shown as either security update for Linux kernel header 4.4.xxx or 4.13.xx on 9 Jan 2018.

For more information, please refer to ... viewtopic.php?f=90&t=261026

User avatar
thx-1138
Level 7
Level 7
Posts: 1936
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 »

Is anyone aware if the patchs are already included inside these revisions bellow?
No, how could this even be possible, since the patched kernels from Canonical haven't even been released yet, date is set for January 9, see above.

rene
Level 14
Level 14
Posts: 5188
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by rene »

Wrt. Firefox 57.0.4:
mike acker wrote:(LMDE/2 system) : it installed here 2018-01-06 1605
Indeed; also came through on Mint 17.3. For anyone still following along: note that this Firefox 57.0.4 update means Firefox has eliminated itself as a possible host for an exploit of Meltdown and/or Spectre; that if you use Firefox 57.0.4 or later as your only web-browser that (active content from) "the web" has been eliminated as a threat wrt. these issues. That you're as safe against this as you ever were on Linux against any malware: very safe.

JohnFrumm
Level 2
Level 2
Posts: 59
Joined: Sun Dec 03, 2017 12:49 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by JohnFrumm »

thx-1138 wrote:
What about virtual machines?
What about them? Yes, they need to be patched to as well...and from what i understand, they're also among the ones who will suffer a somewhat noticeable penalty... :x
VMWare is patching their software as well, and there is as much confusion and chaos on their forums as everywhere else on this topic:
https://communities.vmware.com/thread/579275?start=15

All these layered patches concern me. If Linux slows down AND VMware slows down AND the VMWare OS slows down what does that portend? Molasses? I still need to run a W7 VM for work-related stuff... this could be bad...

fwiw I did try the 4.15.0rc5 kernel (on Linux Mate 18.3). It works great on the laptop, but since it does not support more than one monitor I cannot realistically use it on my desktop computer. At least Intel clarifies that this is no biggie, just need to patch your bios and buy a new (AMD) cpu if that option is not available. No big woops.
Have you backed up your computer recently?

User avatar
Schultz
Level 7
Level 7
Posts: 1874
Joined: Thu Feb 25, 2016 8:57 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Schultz »

Just for the record, I'd rather have it done right, than fast and wrong, of course (I'm talking about Ubuntu's patch).

User avatar
trytip
Level 12
Level 12
Posts: 4410
Joined: Tue Jul 05, 2016 1:20 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by trytip »

i don't know the complete way this was discovered and am not in a rush to patch anything where patching might cause more damage than repair. but in my opinion can't blame this chip bug on intel unless it was done for the complete purpose of later somehow attacking and hacking users.

in your house you have more than just a frontdoor you may have a garage door or sliding glass door and also many small vents needed for ventilation some may have crawl space and not to mention all kinds of windows.

most of these serve a purpose and some are just decoration. now you can LOCK these with a different key for each passage but if they use the same fixtures there can be made a MASTER key which would give access to everything. i can't imagine carrying 20-30 keys with me so the one master key is a good idea, but if it should fall into desperate hands your house could become vulnerable.

what does it say about the human race if all it takes to take advantage of someone is a small backdoor chip made by manufacturers with or without the intent to do harm. linux does the same as android . why have developers made it so hard to ROOT a phone and even though it has a linux kernel most applications are made for windows? and even so android has many backdoors that can be exploited and i'm sure much more the developers don't want you to know.

i'm in no hurry to patch anything until things settle down and are not just a rush to get out a patch
Image

Post Reply

Return to “Open chat”