ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
-
- Level 20
- Posts: 12334
- Joined: Sun Aug 09, 2015 10:00 am
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Hello,
With the uproar over the chipset flaws, is there any way how Ubuntu or Mint is mitigating the same?
Will there be a substantial performance hit due to the patch/correction?
With the uproar over the chipset flaws, is there any way how Ubuntu or Mint is mitigating the same?
Will there be a substantial performance hit due to the patch/correction?
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Firefox is already patched with mitigation to make it impossible for JavaScript on websites to exploits these bugs.
For most home users, they only run untrusted code on their system in their web browser — so using a web browser with mitigation is key.
Evaluate whether your personal policy for what programs to trust on your computer is sensible (e.g., do you randomly download programs from obscure websites and run them).
You can keep up with what is happening for kernels here: https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown.
As others have said, it would take months of worth for a successful Spectre attack on a single target. Kernel with fix for Meltdown should be released shortly.
For most home users, they only run untrusted code on their system in their web browser — so using a web browser with mitigation is key.
Evaluate whether your personal policy for what programs to trust on your computer is sensible (e.g., do you randomly download programs from obscure websites and run them).
You can keep up with what is happening for kernels here: https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown.
As others have said, it would take months of worth for a successful Spectre attack on a single target. Kernel with fix for Meltdown should be released shortly.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I just wondered in case I am using the dev channel of a web browser, will that get the updates through
the Update Manager as well? I can see that the PPA is already added to the Software Sources.
the Update Manager as well? I can see that the PPA is already added to the Software Sources.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Phoronix has run several benchmark tests with patched kernels and compared the results with unpatched kernels on the same hardware configuration and the results have shown that in most cases the negative impact on performance was marginal if any.deepakdeshp wrote:Hello,
With the uproar over the chipset flaws, is there any way how Ubuntu or Mint is mitigating the same?
Will there be a substantial performance hit due to the patch/correction?
This is from one of these tests:
https://www.phoronix.com/scan.php?page= ... pcid&num=1
-
- Level 4
- Posts: 361
- Joined: Sat Feb 01, 2014 4:06 am
- Location: Geneva (Switzerland)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Hello Damien1307,DAMIEN1307 wrote:hi phil995511...you said "The microcode patch for Debian is here :"
you are a little "tardy to the party"...lol...i posted this and other minor little fixes in a cumulative fashion 3 days ago on page 5 of this forum thread...i have had no performance hits at all that would be noticable and have already installed these on 20 plus computers so far...no problems...DAMIEN
We have indeed found each one his URL with a few days of shift. Since I only have 2 systems to manage, I was not as in a hurry as you
Thank you very much for your feedback about your 20 deployments. Did you also notice a very slow reboot just after applying the patch ?
It's been 24 hours since my workstation runs with this patch and everything seems to work well. I have to say that I have a big CPU (8 cores, 16 threads) and under Linux I do not use my CPU at 100%. By cons on Windows I make image processing of photographs in RAW format, I have not tried converting a RAW to JPG yet, but I do not think the loss of performance is important. This must certainly be more felt in video encoding which I only very rarely.
I understand the users of small CPU are very annoyed by the performance loss associated with patch, and especially the update of the bios + OS patch that seems to cost the most expensive performance. Their processors are already at the limit at the performance level and because of this bug and the impact of patches on the performance of such small CPUs, they risk becoming obsolet more quickly... Personally I do not want to leave my PC's unpatched, as I will not leave the door of my apartment open if I went out of my home to take a walk ! I think Intel, AMD and co should make a commercial gift for people heavily impacted by performance declines.
I find it difficult to understand why they have announced to the public this security failures before providing a efficient patches. One thing is for sure, CPU sales will drop until we have the guarantee that new generations without security problems are put on sale...
Let's pray that other flaws of this type will not be found in the future otherwise our machines will end up being as powerful as an i386
Best regards.
Last edited by phil995511 on Tue Jan 09, 2018 8:44 am, edited 5 times in total.
Debian 12 Bookworm 64-bit Cinnamon (main system) in dual-boot with Windows 11 64-bit (for maximum hardware and software compatibility)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ Harfud, .......
To be fair, it takes some time and effort for the OEMs(eg Intel) and OS/software developers(eg M$, Google, Linus Torvald & gang, Mozilla, etc) to create, test and release the various patches for the very widespread Meltdown & Spectre bugs.
Computer users will have to wait in line to be "serviced". Linux 32bit users are not getting the patches and will likely have to wait awhile for the patches because 32bit systems are in the minority, ie the majority 64bit systems get served first. Similarly, there are more 5 years old computers than 10 yo computers in the market-place. Also, wealthy customers like Cloud Service Providers(= Amazon AWS, M$ Azure, Google Cloud, etc) get served first.
It may be a blessing in disguise for some home-users to be unable to get the patches, eg M$ borking many older(= more than 5 yo) AMD-based Windows computers with their 4 Jan 2018-released Meltdown patch.
.Harfud wrote:With regard to CPU Microcode Intel are talking in terms of 'processor products introduced within the past five years'.
'...By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years.
No mention of CPUs over five years old.
Are they starting with newer CPUs which would make sense, but in which case why no mention of older CPUs ?
Or am I overly cynical in suspecting that there won't be CPU microcode updates for CPUs over five years old.
To be fair, it takes some time and effort for the OEMs(eg Intel) and OS/software developers(eg M$, Google, Linus Torvald & gang, Mozilla, etc) to create, test and release the various patches for the very widespread Meltdown & Spectre bugs.
Computer users will have to wait in line to be "serviced". Linux 32bit users are not getting the patches and will likely have to wait awhile for the patches because 32bit systems are in the minority, ie the majority 64bit systems get served first. Similarly, there are more 5 years old computers than 10 yo computers in the market-place. Also, wealthy customers like Cloud Service Providers(= Amazon AWS, M$ Azure, Google Cloud, etc) get served first.
It may be a blessing in disguise for some home-users to be unable to get the patches, eg M$ borking many older(= more than 5 yo) AMD-based Windows computers with their 4 Jan 2018-released Meltdown patch.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
The issue that I have is not one of waiting for CPU microcode for over 5 year old CPUs, but one of there is no mention at all that I can see from Intel of CPU microcode for over five year old CPUs.michael louwe wrote: .
To be fair, it takes some time and effort for the OEMs(eg Intel) and OS/software developers(eg M$, Google, Linus Torvald & gang, Mozilla, etc) to create, test and release the various patches for the very widespread Meltdown & Spectre bugs.
Computer users will have to wait in line to be "serviced". Linux 32bit users are not getting the patches and will likely have to wait awhile for the patches because 32bit systems are in the minority, ie the majority 64bit systems get served first. Similarly, there are more 5 years old computers than 10 yo computers in the market-place. Also, wealthy customers like Cloud Service Providers(= Amazon AWS, M$ Azure, Google Cloud, etc) get served first.
It may be a blessing in disguise for some home-users to be unable to get the patches, eg M$ borking many older(= more than 5 yo) AMD-based Windows computers with their 4 Jan 2018-released Meltdown patch.
It is one thing if CPU microcode for over five year old CPUs is to be forthcoming in time...
But quite another if there is no intention to produce updates for over 5 year old CPUs.
My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
+1Harfud wrote: My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I gotta ask something. Why is the ghost carrying a twig? https://insights.ubuntu.com/2018/01/04/ ... abilities/
I think they screw up things like this just so they can sell more processors... Then we'll find those are screwed too and we'll have to buy new ones all over again. Evil planned obsolescence!
I think they screw up things like this just so they can sell more processors... Then we'll find those are screwed too and we'll have to buy new ones all over again. Evil planned obsolescence!
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
http://www.overclock.net/t/1645289/hasw ... ifferences (dated 5 Jan 2018)
Another performance hit tests.This is approx. a 9% drop on performance with microcode 23h. Note this is in addition to any Windows 10 performance drops.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Both of my computers are over 5 years old, so old there are no bios updates forthcoming. Intel will not voluntarily compensate nor discount anything to end users unless forced to because of things like class action lawsuits:Harfud wrote: My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
https://www.theguardian.com/technology/ ... s-computer
But the problem with these lawsuits is that the settlements often offer trifling discounts for new Intel hardware (yippee... 10% off a new intel chip. Now I also have to buy a new MB, GPU, etc...). This would just reward Intel with more sales, which I will not do anytime soon. I will wait years for the dust to settle and the chip makers to get their acts together.
The only silver lining is that the chip manufacturers might shift their focus more towards security rather than speed. In the meantime I am still waiting for router security patches from the recent WIFI security boondoggle.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Kernel 3.16.51-3+deb8u1 is available now for LMDE 2 users and fixes variant 3 (Meltdown).
It should be in Update Manager as level 4 security update (depending on your mirror server it may take a little longer for it to arrive).
It should be in Update Manager as level 4 security update (depending on your mirror server it may take a little longer for it to arrive).
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
According to this link ... https://www.suse.com/support/kb/doc/?id=7022512 , SUSE Enterprise OS has already received both the KPTI(= Meltdown) and firmware/microcode patches as Linux kernel updates on 4 Jan 2018, ie patch the CVE-2017-5754(= Meltdown) and CVE-2017-5715(= Spectre 2) bugs.
... The CVE-2017-5753(= Spectre 1) bug is patched on the software/app side, eg patched by the Mozilla Firefox, Google Chrome and M$ Edge browsers.
In comparison, the recent Windows patch seems to have 2 components, the 1st is to mitigate against the Meltdown(= CVE-2017-5754) bug and the 2nd is to make the OS compatible with the coming firmware/microcode patch against Spectre(= CVE-2017-5715) from the OEMs, as per this link ...
https://www.ghacks.net/2018/01/05/find- ... abilities/
... The CVE-2017-5753(= Spectre 1) bug is patched on the software/app side, eg patched by the Mozilla Firefox, Google Chrome and M$ Edge browsers.
In comparison, the recent Windows patch seems to have 2 components, the 1st is to mitigate against the Meltdown(= CVE-2017-5754) bug and the 2nd is to make the OS compatible with the coming firmware/microcode patch against Spectre(= CVE-2017-5715) from the OEMs, as per this link ...
https://www.ghacks.net/2018/01/05/find- ... abilities/
Last edited by michael louwe on Tue Jan 09, 2018 2:20 pm, edited 2 times in total.
- Spearmint2
- Level 16
- Posts: 6900
- Joined: Sat May 04, 2013 1:41 pm
- Location: Maryland, USA
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
That spectre aka ghost is gonna smack and hack you with it, like the nasty old man down the lane with his walking cane.flatiron wrote:I gotta ask something. Why is the ghost carrying a twig? https://insights.ubuntu.com/2018/01/04/ ... abilities/
I think they screw up things like this just so they can sell more processors... Then we'll find those are screwed too and we'll have to buy new ones all over again. Evil planned obsolescence!
This is the person who did the images, so you could ask there. Natascha Eibl
https://vividfox.me/
Last edited by Spearmint2 on Tue Jan 09, 2018 1:54 pm, edited 1 time in total.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ Harfud, .......
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
.Harfud wrote:It is one thing if CPU microcode for over five year old CPUs is to be forthcoming in time...
But quite another if there is no intention to produce updates for over 5 year old CPUs.
My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
-
- Level 20
- Posts: 12334
- Joined: Sun Aug 09, 2015 10:00 am
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
AMD is vulnerable too. MS seems to have pushed patches without testing.michael louwe wrote:@ Harfud, .......
.Harfud wrote:It is one thing if CPU microcode for over five year old CPUs is to be forthcoming in time...
But quite another if there is no intention to produce updates for over 5 year old CPUs.
My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
https://www.google.co.in/amp/s/www.thev ... pcs-issues
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Regards,
Deepak
Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
- Spearmint2
- Level 16
- Posts: 6900
- Joined: Sat May 04, 2013 1:41 pm
- Location: Maryland, USA
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Microsoft Blames AMD for their screwup on sending patches to AMD computers which are not affected by Meltdown.
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors at this time:"
help for those who also use windows on AMD is available from that page.
"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors at this time:"
help for those who also use windows on AMD is available from that page.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Intel CEO Brian Krzanich on Monday night in Las Vegas, so maybe eighteen hours ago ish...michael louwe wrote: .
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
Krzanich promised fixes in the coming week to 90 percent of the processors Intel has made in the past five years, consistent with an earlier statement from the company. He added that updates for the remainder of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.
That's fine for CPUs produced in the last five years, by the end of January at the latest, couldn't be much clearer.
However, no mention at all of older CPUs is not good enough in itself even if eventually there were to be comprehensive provision for them.
I really don't see it as being likely that Intel will provide patches for over five year old CPUs, if they had definite plans to then within the context that he was speaking last night would have been the ideal time to refer to them - Even if there were to have been nothing more than an acknowledgement of them it would have been something...
That there was no mention at all suggests to me that at best there are no clear plans for them at the present time, and at worst that there's no intention to do anything for them.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
@ Harfud, .......
https://www.cnet.com/news/meltdown-spec ... processor/ (dated 4 Jan 2018)
.
Seems, the other newer news reports are quite misleading, ie trying to put Intel in a very bad light.
.Harfud wrote:...
https://www.cnet.com/news/meltdown-spec ... processor/ (dated 4 Jan 2018)
.Intel, working with makers of computers and their operating system software, plans patches that'll bring "complete mitigations" to computers using Intel chips designed in the last five years, said Steve Smith, Intel's general manager for data center engineering. The majority are already done, Krzanich said. For chips up to 10 years old, fixes will be released in coming weeks for the "vast majority" of Intel chips, Smith said.
Asked why Intel isn't talking about fixes for machines more than a decade old, Smith said, "We're working with [computer makers] to determine which ones to prioritize based on what they see as systems in the field."
Intel also is fixing the problem in future chips, starting with products that will arrive later this year, Smith said. Intel is effectively taking the software fixes being released now and building them directly into hardware, he said.
"We're putting those mitigations in our designs," Smith said. "We're not turning off the benefits of speculation."
.
Seems, the other newer news reports are quite misleading, ie trying to put Intel in a very bad light.
- Spearmint2
- Level 16
- Posts: 6900
- Joined: Sat May 04, 2013 1:41 pm
- Location: Maryland, USA
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I checked stock prices today. AMD is up 10% since this all started, and INTC is down 7-8%, depending on time of day it was trading.Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
They don't need to turn that off, just turn off stored dumps of that speculation. That's where the Spectre Variants come into power."We're putting those mitigations in our designs," Smith said. "We're not turning off the benefits of speculation."
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....