ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Locked
ArtGirl

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl »

phil995511 wrote:
Terryphi wrote: Has anyone experienced problems with this update?
I am doing all the updates for an Intel i7 4700HQ and an Intel i7-5960X without the slightest difficulty or problems
Had manually updated day before distro-wide release; Driver Manager registers the update, and no problems on i7-4790.
dmesg | grep microcode isn't bringing any results, though.
iucode_tool -K microcode.dat results in ...iucode_tool: microcode.dat: cannot open: No such file or directory
/usr/sbin/iucode_tool -tb -lS /lib/firmware/intel-ucode/* shows something ...
/usr/sbin/iucode_tool: system has processor(s) with signature 0x000306c3
selected microcodes: 001: sig 0x000306c3, pf mask 0x32, 2017-11-20, rev 0x0023, size 23552
michael louwe

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

@ Artgirl, .......
Artgirl wrote:...
.
Try sudo dpkg -l|grep intel
ArtGirl

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl »

michael louwe wrote:.
Try sudo dpkg -l|grep intel
Thank you; I'm not sure if it means it's installed or active?, but the latest microcode definitely shows up after running that command.
User avatar
thx-1138
Level 8
Level 8
Posts: 2092
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 »

ArtGirl, if you rebooted after installing it from Driver Manager, it will be active (it needs a reboot to be loaded). And running:

Code: Select all

dmesg | grep microcode
It will return something like the below:
[ 0.000000] microcode: microcode updated early to revision 0x23, date = 2017-11-20
ArtGirl

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl »

thx-1138 wrote:ArtGirl, if you rebooted after installing it from Driver Manager, it will be active (it needs a reboot to be loaded). And running:

Code: Select all

dmesg | grep microcode
It will return something like the below:
[ 0.000000] microcode: microcode updated early to revision 0x23, date = 2017-11-20
Thanks thx-1138. I just don't seem to be able to get any feedback from that command; alternates blinking or pause. Have rebooted a few times. It may be something to do with me manually updating it, but Driver Manager definitely shows the new microcode running, and no issues with the system.

The /usr/sbin/iucode_tool -tb -lS /lib/firmware/intel-ucode/* command is the only one that includes reference to 2017-11-20:

Code: Select all

/usr/sbin/iucode_tool: system has processor(s) with signature 0x000306c3
selected microcodes:
001: sig 0x000306c3, pf mask 0x32, 2017-11-20, rev 0x0023, size 23552
User avatar
thx-1138
Level 8
Level 8
Posts: 2092
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 »

ArtGirl wrote:Have rebooted...
....Driver Manager definitely shows the new microcode running
Then, you're set. :)
If still anxious about it (well, you shouldn't), open a terminal, maximize it fullscreen & try:

Code: Select all

journalctl
You will find it mentioned in the very first top lines...
ArtGirl

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by ArtGirl »

thx-1138 wrote:
ArtGirl wrote:Have rebooted...
....Driver Manager definitely shows the new microcode running
Then, you're set. :)
If still anxious about it (well, you shouldn't), open a terminal, maximize it fullscreen & try:

Code: Select all

journalctl
You will find it mentioned in the very first top lines...
Thank you very much :) ... that confirms that the update has happened:

Code: Select all

kernel: microcode: microcode updated early to revision 0x23, date = 2017-11-20
I had been worrying it was installed but inactive, so it's great to see it's running. Much appreciate.
Pat D

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D »

I have an i7-2600 that I believe is 2nd gen
driver manager says it is running

Intel Microcode version 3.20180108.0-ubuntu 16.04.2

When I ran "journalctl" the first few lines were

Code: Select all

-- Logs begin at Fri 2018-01-12 02:18:33 EST, end at Fri 2018-01-12 17:27:01 EST. --
Jan 12 02:18:33 MainBox systemd-journald[406]: Runtime journal (/run/log/journal/) is 8.0M, max 159.2M, 151.2M free.
Jan 12 02:18:33 MainBox kernel: microcode: microcode updated early to revision 0x29, date = 2013-06-12
Jan 12 02:18:33 MainBox kernel: random: get_random_bytes called from start_kernel+0x42/0x504 with crng_init=0
Jan 12 02:18:33 MainBox kernel: Linux version 4.13.0-26-generic (buildd@lgw01-amd64-031) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.
But the date shows as "date = 2013-06-12" - shouldn't it be yesterday/today?
User avatar
Pjotr
Level 23
Level 23
Posts: 19886
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pjotr »

Pat D wrote:the date shows as "date = 2013-06-12" - shouldn't it be yesterday/today?
No. Apparently, the microcode in that package *for your CPU*, is from that date.... This means: no Meltdown fix in the microcode yet for your CPU. Yet: Intel is busy.
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Pat D

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D »

OK, but that makes it odd that yesterday the Update Manager gave a microcode update. I didn't notice the version number unfortunately.
:?
Pat D

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D »

And by the way, the Opera browser has taken a huge hit - it's taking about 5-6 seconds longer to find web pages.
User avatar
Pjotr
Level 23
Level 23
Posts: 19886
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pjotr »

Pat D wrote:OK, but that makes it odd that yesterday the Update Manager gave a microcode update. I didn't notice the version number unfortunately.
:?
Well, the microcode package contains microcode for many CPU's. That's why...
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Pat D

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Pat D »

Thank you.
User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1491
Joined: Tue Apr 26, 2016 3:28 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Arch_Enemy »

I downloaded the latest microcode from Intel, but when I go into Driver Manager all it sees is the nVidia driver...:(

Synaptic also says the microcode is installed.
I have travelled 37629424162.9 miles in my lifetime

One thing I would suggest, create a partition as a 50G partition as /. Partition the rest as /Home. IF the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
michael louwe

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

Bear in mind that you should only install the new Intel microcode update if your Intel processor is 3rd-gen Haswell(= 2012) Core i(i3, i5 and i7)or newer.

AFAIK, Ubuntu has not been patched for the Spectre 2(CVE-2017-5715) bug yet, ie the IBRS and IBPB features. So, LM has to also received this patch together with the Intel microcode update before the mitigation can start to work, ie the 2 patches(= OS and CPU) work together or in conjunction. IOW, you need both to be installed for mitigation.
... Depending on workload, there will be a performance hit, eg servers and heavy multi-tasking will be hit harder.

Ubuntu have only just released the kernel patch for the Meltdown bug(= KPTI feature)(CVE-2017-5754) on 9 Jan 2018, eg kernel 4.4.108/109.

For LM 18.x, the Intel microcode 20180108 update should appear in Driver Manager and installed from there. For LM 17.x, it should appear in Synaptic Package Manager(search for 'microcode') and installed through Terminal.

To uninstall the microcode, eg through the Terminal and a Live LM USB/DVD, please refer to this link ... https://www.howtoinstall.co/en/ubuntu/t ... ion=remove
To install the microcode ... https://www.howtoinstall.co/en/ubuntu/t ... -microcode

https://askubuntu.com/questions/545925/ ... e-properly [How to verify if there's a new microcode update for your processor (Intel)]
michael louwe

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

https://www.neowin.net/news/google039s- ... ud-systems (dated 12 Jan 2018)
Google has announced that its cloud systems have been patched against Meltdown and one variant of Spectre since September, and for a second variant of Spectre since December, and that its cloud systems have not been slowed down.
.
How come the others, eg Intel, M$ and Ubuntu, were so slow and seemed to lack patch testing.?
User avatar
Spearmint2
Level 16
Level 16
Posts: 6900
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Spearmint2 »

So, LM has to also received this patch together with the Intel microcode update before the mitigation can start to work, ie the 2 patches(= OS and CPU) work together or in conjunction.
Which is it? Or do you know? I was under impression the microcode may not be needed in Linux with the OS already using a patched kernel. There's an AMD microcode given in 2013 for 64 bit processors and my processor is from 2010, 64 bit and I've not suffered, that I know of, from not having it installed. I've read a number of places, especially on benchmarking sites, where the microcode currently for Intel processors is the main slowdown, but the KPTI enhanced kernels contribute very little slowdown. I installed the 3.13........139 kernel with the KPTI and using AMD processor and had no problems with it, so seems to also have something that automatically disables it on AMD computers, or it just doesn't interfere adversely.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
User avatar
smurphos
Level 18
Level 18
Posts: 8501
Joined: Fri Sep 05, 2014 12:18 am
Location: Irish Brit in Portugal
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by smurphos »

michael louwe wrote:https://www.neowin.net/news/google039s- ... ud-systems (dated 12 Jan 2018)
Google has announced that its cloud systems have been patched against Meltdown and one variant of Spectre since September, and for a second variant of Spectre since December, and that its cloud systems have not been slowed down.
.
How come the others, eg Intel, M$ and Ubuntu, were so slow and seemed to lack patch testing.?
https://en.wikipedia.org/wiki/Meltdown_ ... y)#History

Google Project Zero were one of the teams that discovered Meltdown and subsequently Spectre so they had a headstart.

Judging by Greg Kroah-Hartman post here - http://kroah.com/log/blog/2018/01/06/meltdown-status/ exactly what patches were needed for the mainstream Linux Kernel for Spectre has been up in the air until very recently...

Canonical have stated that the disclosure was not made to them until November - https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown

I think Greg sums up the situation for the lovely folk that maintain kernels very well.....
Right now, there are a lot of very overworked, grumpy, sleepless, and just generally pissed off kernel developers working as hard as they can to resolve these issues that they themselves did not cause at all. Please be considerate of their situation right now.
Spearmint2 wrote:
So, LM has to also received this patch together with the Intel microcode update before the mitigation can start to work, ie the 2 patches(= OS and CPU) work together or in conjunction.
Which is it? Or do you know? I was under impression the microcode may not be needed in Linux with the OS already using a patched kernel. There's an AMD microcode given in 2013 for 64 bit processors and my processor is from 2010, 64 bit and I've not suffered, that I know of, from not having it installed. I've read a number of places, especially on benchmarking sites, where the microcode currently for Intel processors is the main slowdown, but the KPTI enhanced kernels contribute very little slowdown. I installed the 3.13........139 kernel with the KPTI and using AMD processor and had no problems with it, so seems to also have something that automatically disables it on AMD computers, or it just doesn't interfere adversely.
Spectre patched kernels should start dropping next week - https://insights.ubuntu.com/2018/01/12/ ... us-update/

I expect we'll be seeing regular kernel and microcode updates for weeks/months in relation to this issue
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
michael louwe

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

@ Spearmint2, .......
Spearmint2 wrote:...
.
https://access.redhat.com/articles/3311301 (dated 9 Jan 2018)
CVE-2017-5715 (variant #2/Spectre) is an indirect branching poisoning attack that can lead to data leakage. This attack allows for a virtualized guest to read memory from the host system. This issue is corrected with microcode, along with kernel and virtualization updates to both guest and host virtualization software. This vulnerability requires both updated microcode and kernel patches. Variant #2 behavior is controlled by the ibrs and ibpb tunables (noibrs/ibrs_enabled and noibpb/ibpb_enabled), which work in conjunction with the microcode.

CVE-2017-5754 (variant #3/Meltdown) is an exploit that uses speculative cache loading to allow a local attacker to be able to read the contents of memory. This issue is corrected with kernel patches. Variant #3 behavior is controlled by the pti tunable (nopti/pti_enabled).
.
Those running Linux AMD-based computers should not need to install the recent kernel patch for Meltdown(= KPTI feature), eg no need to install kernel 3.13.139. Installing it has no effect on AMD processors, wrt installing the KPTI feature, which can hurt CPU performance.
Last edited by michael louwe on Sat Jan 13, 2018 3:49 am, edited 1 time in total.
michael louwe

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe »

@ smurphos, .......
smurphos wrote:...
.
OK, Linux-Ubuntu was justifiably slow. How come Intel and M$ were so slow and seemed to lack patch testing.?
Locked

Return to “Open Chat”