ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
deepakdeshp
Level 15
Level 15
Posts: 5631
Joined: Sun Aug 09, 2015 10:00 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by deepakdeshp » Tue Jan 09, 2018 6:56 am

Hello,
With the uproar over the chipset flaws, is there any way how Ubuntu or Mint is mitigating the same?
Will there be a substantial performance hit due to the patch/correction?
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help, and keeps the forum clean.
Regards,
Deepak

I am using Mint 19.2 Cinnamon 64 bit with AMD A8/7410 processor . Memory 8GB

User avatar
xenopeek
Level 24
Level 24
Posts: 24060
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Tue Jan 09, 2018 7:12 am

Firefox is already patched with mitigation to make it impossible for JavaScript on websites to exploits these bugs.
For most home users, they only run untrusted code on their system in their web browser — so using a web browser with mitigation is key.
Evaluate whether your personal policy for what programs to trust on your computer is sensible (e.g., do you randomly download programs from obscure websites and run them).

You can keep up with what is happening for kernels here: https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown.
As others have said, it would take months of worth for a successful Spectre attack on a single target. Kernel with fix for Meltdown should be released shortly.
Image

User avatar
Sir Charles
Level 7
Level 7
Posts: 1897
Joined: Thu Jan 04, 2018 1:00 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Sir Charles » Tue Jan 09, 2018 7:54 am

I just wondered in case I am using the dev channel of a web browser, will that get the updates through
the Update Manager as well? I can see that the PPA is already added to the Software Sources.
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1897
Joined: Thu Jan 04, 2018 1:00 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Sir Charles » Tue Jan 09, 2018 8:06 am

deepakdeshp wrote:Hello,
With the uproar over the chipset flaws, is there any way how Ubuntu or Mint is mitigating the same?
Will there be a substantial performance hit due to the patch/correction?
Phoronix has run several benchmark tests with patched kernels and compared the results with unpatched kernels on the same hardware configuration and the results have shown that in most cases the negative impact on performance was marginal if any.
This is from one of these tests:
https://www.phoronix.com/scan.php?page= ... pcid&num=1
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

phil995511
Level 4
Level 4
Posts: 333
Joined: Sat Feb 01, 2014 4:06 am
Location: Geneva (Switzerland)

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by phil995511 » Tue Jan 09, 2018 8:16 am

DAMIEN1307 wrote:hi phil995511...you said "The microcode patch for Debian is here :"
you are a little "tardy to the party"...lol...i posted this and other minor little fixes in a cumulative fashion 3 days ago on page 5 of this forum thread...i have had no performance hits at all that would be noticable and have already installed these on 20 plus computers so far...no problems...DAMIEN
Hello Damien1307,

We have indeed found each one his URL with a few days of shift. Since I only have 2 systems to manage, I was not as in a hurry as you :)

Thank you very much for your feedback about your 20 deployments. Did you also notice a very slow reboot just after applying the patch ?

It's been 24 hours since my workstation runs with this patch and everything seems to work well. I have to say that I have a big CPU (8 cores, 16 threads) and under Linux I do not use my CPU at 100%. By cons on Windows I make image processing of photographs in RAW format, I have not tried converting a RAW to JPG yet, but I do not think the loss of performance is important. This must certainly be more felt in video encoding which I only very rarely.

I understand the users of small CPU are very annoyed by the performance loss associated with patch, and especially the update of the bios + OS patch that seems to cost the most expensive performance. Their processors are already at the limit at the performance level and because of this bug and the impact of patches on the performance of such small CPUs, they risk becoming obsolet more quickly... Personally I do not want to leave my PC's unpatched, as I will not leave the door of my apartment open if I went out of my home to take a walk ! I think Intel, AMD and co should make a commercial gift for people heavily impacted by performance declines.

I find it difficult to understand why they have announced to the public this security failures before providing a efficient patches. One thing is for sure, CPU sales will drop until we have the guarantee that new generations without security problems are put on sale...

Let's pray that other flaws of this type will not be found in the future otherwise our machines will end up being as powerful as an i386 :oops:

Best regards.
Last edited by phil995511 on Tue Jan 09, 2018 8:44 am, edited 5 times in total.
Linux Mint 19.2 Cinnamon 64 Bits on Dell XPS 9570 (i7-8750H) laptop / Debian 10 Buster Cinnamon 64 Bits on customized workstation (i7-5960X @ 3.8 Ghz) / Raspbian 10 Buster on Raspberry Pi 4

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Tue Jan 09, 2018 8:21 am

@ Harfud, .......
Harfud wrote:With regard to CPU Microcode Intel are talking in terms of 'processor products introduced within the past five years'.

'...By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years.

No mention of CPUs over five years old.

Are they starting with newer CPUs which would make sense, but in which case why no mention of older CPUs ?

Or am I overly cynical in suspecting that there won't be CPU microcode updates for CPUs over five years old.
.
To be fair, it takes some time and effort for the OEMs(eg Intel) and OS/software developers(eg M$, Google, Linus Torvald & gang, Mozilla, etc) to create, test and release the various patches for the very widespread Meltdown & Spectre bugs.

Computer users will have to wait in line to be "serviced". Linux 32bit users are not getting the patches and will likely have to wait awhile for the patches because 32bit systems are in the minority, ie the majority 64bit systems get served first. Similarly, there are more 5 years old computers than 10 yo computers in the market-place. Also, wealthy customers like Cloud Service Providers(= Amazon AWS, M$ Azure, Google Cloud, etc) get served first.

It may be a blessing in disguise for some home-users to be unable to get the patches, eg M$ borking many older(= more than 5 yo) AMD-based Windows computers with their 4 Jan 2018-released Meltdown patch.

Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Tue Jan 09, 2018 9:15 am

michael louwe wrote: .
To be fair, it takes some time and effort for the OEMs(eg Intel) and OS/software developers(eg M$, Google, Linus Torvald & gang, Mozilla, etc) to create, test and release the various patches for the very widespread Meltdown & Spectre bugs.

Computer users will have to wait in line to be "serviced". Linux 32bit users are not getting the patches and will likely have to wait awhile for the patches because 32bit systems are in the minority, ie the majority 64bit systems get served first. Similarly, there are more 5 years old computers than 10 yo computers in the market-place. Also, wealthy customers like Cloud Service Providers(= Amazon AWS, M$ Azure, Google Cloud, etc) get served first.

It may be a blessing in disguise for some home-users to be unable to get the patches, eg M$ borking many older(= more than 5 yo) AMD-based Windows computers with their 4 Jan 2018-released Meltdown patch.
The issue that I have is not one of waiting for CPU microcode for over 5 year old CPUs, but one of there is no mention at all that I can see from Intel of CPU microcode for over five year old CPUs.

It is one thing if CPU microcode for over five year old CPUs is to be forthcoming in time...

But quite another if there is no intention to produce updates for over 5 year old CPUs.

My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.

User avatar
Sir Charles
Level 7
Level 7
Posts: 1897
Joined: Thu Jan 04, 2018 1:00 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Sir Charles » Tue Jan 09, 2018 9:25 am

Harfud wrote: My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
+1
I suppose that's one of the ironies of life, doing the wrong thing at the right moment -C.C.

flatiron
Level 3
Level 3
Posts: 198
Joined: Fri Nov 24, 2017 2:27 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by flatiron » Tue Jan 09, 2018 10:03 am

I gotta ask something. Why is the ghost carrying a twig? https://insights.ubuntu.com/2018/01/04/ ... abilities/


I think they screw up things like this just so they can sell more processors... Then we'll find those are screwed too and we'll have to buy new ones all over again. Evil planned obsolescence!

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Tue Jan 09, 2018 12:31 pm

http://www.overclock.net/t/1645289/hasw ... ifferences (dated 5 Jan 2018)
This is approx. a 9% drop on performance with microcode 23h. Note this is in addition to any Windows 10 performance drops.
Another performance hit tests.

JohnFrumm
Level 2
Level 2
Posts: 57
Joined: Sun Dec 03, 2017 12:49 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by JohnFrumm » Tue Jan 09, 2018 1:13 pm

Harfud wrote: My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
Both of my computers are over 5 years old, so old there are no bios updates forthcoming. Intel will not voluntarily compensate nor discount anything to end users unless forced to because of things like class action lawsuits:

https://www.theguardian.com/technology/ ... s-computer

But the problem with these lawsuits is that the settlements often offer trifling discounts for new Intel hardware (yippee... 10% off a new intel chip. Now I also have to buy a new MB, GPU, etc...). This would just reward Intel with more sales, which I will not do anytime soon. I will wait years for the dust to settle and the chip makers to get their acts together.

The only silver lining is that the chip manufacturers might shift their focus more towards security rather than speed. In the meantime I am still waiting for router security patches from the recent WIFI security boondoggle.
Have you backed up your computer recently?

User avatar
xenopeek
Level 24
Level 24
Posts: 24060
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Tue Jan 09, 2018 1:13 pm

Kernel 3.16.51-3+deb8u1 is available now for LMDE 2 users and fixes variant 3 (Meltdown).

It should be in Update Manager as level 4 security update (depending on your mirror server it may take a little longer for it to arrive).
Image

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Tue Jan 09, 2018 1:21 pm

According to this link ... https://www.suse.com/support/kb/doc/?id=7022512 , SUSE Enterprise OS has already received both the KPTI(= Meltdown) and firmware/microcode patches as Linux kernel updates on 4 Jan 2018, ie patch the CVE-2017-5754(= Meltdown) and CVE-2017-5715(= Spectre 2) bugs.
... The CVE-2017-5753(= Spectre 1) bug is patched on the software/app side, eg patched by the Mozilla Firefox, Google Chrome and M$ Edge browsers.

In comparison, the recent Windows patch seems to have 2 components, the 1st is to mitigate against the Meltdown(= CVE-2017-5754) bug and the 2nd is to make the OS compatible with the coming firmware/microcode patch against Spectre(= CVE-2017-5715) from the OEMs, as per this link ...
https://www.ghacks.net/2018/01/05/find- ... abilities/
Last edited by michael louwe on Tue Jan 09, 2018 2:20 pm, edited 2 times in total.

User avatar
Spearmint2
Level 16
Level 16
Posts: 6135
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Spearmint2 » Tue Jan 09, 2018 1:24 pm

flatiron wrote:I gotta ask something. Why is the ghost carrying a twig? https://insights.ubuntu.com/2018/01/04/ ... abilities/
I think they screw up things like this just so they can sell more processors... Then we'll find those are screwed too and we'll have to buy new ones all over again. Evil planned obsolescence!
That spectre aka ghost is gonna smack and hack you with it, like the nasty old man down the lane with his walking cane. :twisted:

This is the person who did the images, so you could ask there. Natascha Eibl

https://vividfox.me/
Last edited by Spearmint2 on Tue Jan 09, 2018 1:54 pm, edited 1 time in total.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Tue Jan 09, 2018 1:40 pm

@ Harfud, .......
Harfud wrote:It is one thing if CPU microcode for over five year old CPUs is to be forthcoming in time...

But quite another if there is no intention to produce updates for over 5 year old CPUs.

My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
.
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.

deepakdeshp
Level 15
Level 15
Posts: 5631
Joined: Sun Aug 09, 2015 10:00 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by deepakdeshp » Tue Jan 09, 2018 1:50 pm

michael louwe wrote:@ Harfud, .......
Harfud wrote:It is one thing if CPU microcode for over five year old CPUs is to be forthcoming in time...

But quite another if there is no intention to produce updates for over 5 year old CPUs.

My angle on this is that given the nature of the flaws (resultant of CPU design shortcomings) it is only reasonable that over 5 year old CPUs are catered for too.
.
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
AMD is vulnerable too. MS seems to have pushed patches without testing.

https://www.google.co.in/amp/s/www.thev ... pcs-issues
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help, and keeps the forum clean.
Regards,
Deepak

I am using Mint 19.2 Cinnamon 64 bit with AMD A8/7410 processor . Memory 8GB

User avatar
Spearmint2
Level 16
Level 16
Posts: 6135
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Spearmint2 » Tue Jan 09, 2018 2:15 pm

Microsoft Blames AMD for their screwup on sending patches to AMD computers which are not affected by Meltdown.

"Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown. To prevent AMD customers from getting into an unbootable state, Microsoft will temporarily pause sending the following Windows operating system updates to devices with impacted AMD processors at this time:"

help for those who also use windows on AMD is available from that page
.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

Harfud
Level 2
Level 2
Posts: 58
Joined: Tue Dec 05, 2017 3:38 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Harfud » Tue Jan 09, 2018 2:30 pm

michael louwe wrote: .
If M$ could provide the WannaCry/SMBv1/EternalBlue patch for the out-of-support 16-years-old-Win XP in April 2017, it's likely that Intel will also provide the Spectre firmware/microcode patch for processors that are more than 5 years old. Let's just wait and see. Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
Intel CEO Brian Krzanich on Monday night in Las Vegas, so maybe eighteen hours ago ish...

Krzanich promised fixes in the coming week to 90 percent of the processors Intel has made in the past five years, consistent with an earlier statement from the company. He added that updates for the remainder of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.

That's fine for CPUs produced in the last five years, by the end of January at the latest, couldn't be much clearer.

However, no mention at all of older CPUs is not good enough in itself even if eventually there were to be comprehensive provision for them.

I really don't see it as being likely that Intel will provide patches for over five year old CPUs, if they had definite plans to then within the context that he was speaking last night would have been the ideal time to refer to them - Even if there were to have been nothing more than an acknowledgement of them it would have been something...

That there was no mention at all suggests to me that at best there are no clear plans for them at the present time, and at worst that there's no intention to do anything for them.

User avatar
michael louwe
Level 10
Level 10
Posts: 3297
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Tue Jan 09, 2018 2:45 pm

@ Harfud, .......
Harfud wrote:...
.
https://www.cnet.com/news/meltdown-spec ... processor/ (dated 4 Jan 2018)
Intel, working with makers of computers and their operating system software, plans patches that'll bring "complete mitigations" to computers using Intel chips designed in the last five years, said Steve Smith, Intel's general manager for data center engineering. The majority are already done, Krzanich said. For chips up to 10 years old, fixes will be released in coming weeks for the "vast majority" of Intel chips, Smith said.

Asked why Intel isn't talking about fixes for machines more than a decade old, Smith said, "We're working with [computer makers] to determine which ones to prioritize based on what they see as systems in the field."

Intel also is fixing the problem in future chips, starting with products that will arrive later this year, Smith said. Intel is effectively taking the software fixes being released now and building them directly into hardware, he said.

"We're putting those mitigations in our designs," Smith said. "We're not turning off the benefits of speculation."
.
.
Seems, the other newer news reports are quite misleading, ie trying to put Intel in a very bad light.

User avatar
Spearmint2
Level 16
Level 16
Posts: 6135
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Spearmint2 » Tue Jan 09, 2018 5:27 pm

Otherwise, buy AMD-based computers as soon as possible = vote with your wallet.
I checked stock prices today. AMD is up 10% since this all started, and INTC is down 7-8%, depending on time of day it was trading.
"We're putting those mitigations in our designs," Smith said. "We're not turning off the benefits of speculation."
They don't need to turn that off, just turn off stored dumps of that speculation. That's where the Spectre Variants come into power.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....

Post Reply

Return to “Open chat”