ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Chat about just about anything else
User avatar
michael louwe
Level 7
Level 7
Posts: 1728
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Fri Feb 09, 2018 5:20 pm

@ neversaynever, .......
neversaynever wrote:...
.
About Spectre 1 being pulled, please refer to ... https://lists.ubuntu.com/archives/kerne ... 89971.html = to implement the Retpoline feature for Spectre 2 in a new kernel, the Spectre 1 patch has to be pulled, modified and later re-released.

User avatar
michael louwe
Level 7
Level 7
Posts: 1728
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Mon Feb 12, 2018 1:54 pm

According to this link ... http://www.zdnet.com/article/linux-melt ... ests-show/ (12 Feb 2018 - Linux Meltdown patch: 'Up to 800 percent CPU overhead', Netflix tests show. ... The performance impact of Meltdown patches makes it essential to move systems to Linux 4.14.),
the Meltdown/KPTI patch's performance hit can be reduced by using the mainline/upstream kernel 4.14 which has PCID support for the relevant Intel CPUs, ie 4th-gen Haswell Core or newer.

Presently, afaik, only Ubuntu 17.10 has the kernel 4.15 available for install. Affected LM users can install the mainline/upstream kernel 4.14 directly from kernel.org or with the Ukuu program = do so at your own risk.
... Later, when Canonical Inc make this PCID-supported kernel 4.14 available downstream for LM/Ubuntu, the above LM users should change from the mainline kernel to the Ubuntu kernel = better compatibility and support.

LM 19.0 LTS, coming in May 2018, should have Ubuntu kernel 4.14 available for install.

smurphos
Level 3
Level 3
Posts: 196
Joined: Fri Sep 05, 2014 12:18 am

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by smurphos » Tue Feb 13, 2018 2:46 am

michael louwe wrote:
Mon Feb 12, 2018 1:54 pm
Ubuntu backported PCID support along with PTI to their patched 4.4 and 4.13 kernels

http://changelogs.ubuntu.com/changelogs ... /changelog

Mint 19 should have a 4.15 kernel as base as 4.15 is Ubuntu's target for their next LTS kernel and should be the base in Bionic 18.4

User avatar
michael louwe
Level 7
Level 7
Posts: 1728
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Tue Feb 13, 2018 3:17 am

@ smurphos, .......
smurphos wrote:...
.
Thank you for the correction and update on LM 19.0.

User avatar
thx-1138
Level 5
Level 5
Posts: 505
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Thu Feb 15, 2018 5:56 am


rene
Level 6
Level 6
Posts: 1478
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by rene » Thu Feb 15, 2018 6:09 am

Note, still timing based, and as such as effectively mitigated through current browsers/JavaScript engines denying high-resolution timer access to "active content" as the original exploits are: those of us not in the habit of explicitly downloading and running exploits may remain unconcerned.

User avatar
thx-1138
Level 5
Level 5
Posts: 505
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Fri Feb 16, 2018 11:57 am

https://www.youtube.com/watch?v=hqIavX_SCWc
Presentation from one of the researchers who discovered Spectre in the first place...

rene
Level 6
Level 6
Posts: 1478
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by rene » Fri Feb 16, 2018 2:26 pm

thx-1138 wrote:
Fri Feb 16, 2018 11:57 am
Presentation from one of the researchers who discovered Spectre in the first place...
... whom in the context of my reply one up makes the point that by simply repeating the timing-based inferral for a given memory location enough times you can get past any timer resolution limit that's been set; that as such disallowing access to high-resolution timers is not a fundamental or even necessarily practically effective solution. Hadn't noticed but that's obviously true. Personally I still postpone running around screaming but, well, yes, certainly that point means the issue's not fully removed from the "malicious active content" context simply by using current browsers.

User avatar
thx-1138
Level 5
Level 5
Posts: 505
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Fri Feb 16, 2018 2:57 pm

...i stumbled upon this article of his earlier today, and almost purely by coincidence to his video presentation on youtube above...
Was actually surprised it had so few views (then again, when i looked at his cv, i thought, ok, probably not the type of guy that would need 'exposure' via social media to get work etc...)

I'm still not much worried myself about Spectre & Meltdown (but maybe that's due to my rather limited technical understanding - blissed is the ignorant, lol!) - after the...''shock doctrine" of the first 2-3 days, it became obvious that more than 99.9% of the cases will be covered & in a timely manner...
More curious how this will be played out eventually (eg. i found it quite funny in a certain sense that they are now digging to find more exploits related to such...seems to me that researchers will go all the way down the rabbit hole eventually, especially since Intel also came up with an official bug bounty...)

DAMIEN1307
Level 4
Level 4
Posts: 359
Joined: Tue Feb 21, 2017 8:13 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by DAMIEN1307 » Fri Feb 16, 2018 3:17 pm

i have a feeling that the "rabbit hole" is a lot deeper and expansive than they first thought it would be...or willing to admit to at this time...DAMIEN

rene
Level 6
Level 6
Posts: 1478
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by rene » Fri Feb 16, 2018 4:01 pm

thx-1138 wrote:
Fri Feb 16, 2018 2:57 pm
I'm still not much worried myself about Spectre & Meltdown
Nor should anyone. Meltdown is first of all fully solved by KPTI: if you are running a current kernel (or have an AMD processor) you are not affected by Meltdown.

By Spectre you are in theory but the actually important part of that is as far as I'm aware as fully solved by either retpoline or CPU microcode updates (both of which may still need to make it down to you) in the sense of restoring full privilege separation of user- and kernel addressspace. What fundamentally remains concerns multiple untrusted VM situations and the like: very applicable to hosting providers but not so much to you or me.

This, moreover, is while Spectre exploits are quite involved to begin with; proof of concept code is out there but as far as I know no actual exploits or even attempts at exploit have been observed in the wild. If they were they, moremoreover, would be unlikely to target Linux rather than Windows. And certainly given that, moremoremoreover, getting an exploit delivered to you on Linux is itself quite involved: full-blown Linux malware is for all intents and purposes non-existent and while not solved as per above, current browser vigilance mitigates dynamic content worries.

"Friends don't let friends do Facebook" or whichever other primary source of malicious content is popular among 14 year olds this month but other than that I'd advise anyone here to not worry about any of it.

User avatar
Arch_Enemy
Level 5
Level 5
Posts: 668
Joined: Tue Apr 26, 2016 3:28 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Arch_Enemy » Fri Feb 16, 2018 8:08 pm

rene wrote:
Fri Feb 16, 2018 4:01 pm
thx-1138 wrote:
Fri Feb 16, 2018 2:57 pm
I'm still not much worried myself about Spectre & Meltdown
Nor should anyone. Meltdown is first of all fully solved by KPTI: if you are running a current kernel (or have an AMD processor) you are not affected by Meltdown.

By Spectre you are in theory but the actually important part of that is as far as I'm aware as fully solved by either retpoline or CPU microcode updates (both of which may still need to make it down to you) in the sense of restoring full privilege separation of user- and kernel addressspace. What fundamentally remains concerns multiple untrusted VM situations and the like: very applicable to hosting providers but not so much to you or me.

This, moreover, is while Spectre exploits are quite involved to begin with; proof of concept code is out there but as far as I know no actual exploits or even attempts at exploit have been observed in the wild. If they were they, moremoreover, would be unlikely to target Linux rather than Windows. And certainly given that, moremoremoreover, getting an exploit delivered to you on Linux is itself quite involved: full-blown Linux malware is for all intents and purposes non-existent and while not solved as per above, current browser vigilance mitigates dynamic content worries.

"Friends don't let friends do Facebook" or whichever other primary source of malicious content is popular among 14 year olds this month but other than that I'd advise anyone here to not worry about any of it.
Actually, the 14-28 year old segment (I thought Facebook had a 14 year old limitation... :cry: ) is abandoning FaceBook in droves.
$0.02+a grain of salt...

One thing I would impress on noobs to Linux, partition a ~20G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.

Post Reply

Return to “Open chat”