ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
User avatar
thx-1138
Level 8
Level 8
Posts: 2114
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners

Post by thx-1138 »

For the most part at least, i personally consider the whole thing more or less 'resolved'...at least for relatively newer processors.
Intel said patches are coming for processors made in the last 5 years by the end of the next week, so expect bios updates from your vendor anytime soon. Possibly maybe some microcode package update as well, who knows...
The kernel is being patched, firefox & chrome as well, so that was it me thinks. What remains to be seen is what the performance hit will actually be in daily scenarios...
User avatar
xenopeek
Level 25
Level 25
Posts: 25149
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners

Post by xenopeek »

thx-1138 wrote:What remains to be seen is what the performance hit will actually be in daily scenarios...
Which is personal. Most people's processors are utterly and completely bored and have nothing to do 98% of the time. It spends almost all of its time waiting for the users to do something :wink: Unless you run very I/O heavy tasks, the performance hit on kernel context switching is likely going to be no more than 5% and in practice probably unnoticeable.

From that Phoronix benchmarked so far, people with SSDs that run I/O heavy tasks are hit the hardest. Those are the same kind of tasks for which last year you would have wanted to buy an AMD processor anyway as it is better at tasks optimized for multithreading than Intel was at the time.
Image
ilya40umov
Level 1
Level 1
Posts: 12
Joined: Thu Feb 16, 2017 6:44 am

Re: ATTN!...Intel CPU owners

Post by ilya40umov »

BTW I'm currently running LM 18.3 with 4.10.0-42. So, can I simply rely on the security updates to eventually receive a patch for these vulnerabilities or it's actually necessary to move to a newer / different kernel?
User avatar
xenopeek
Level 25
Level 25
Posts: 25149
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners

Post by xenopeek »

ilya40umov wrote:BTW I'm currently running LM 18.3 with 4.10.0-42. So, can I simply rely on the security updates to eventually receive a patch for these vulnerabilities or it's actually necessary to move to a newer / different kernel?
That kernel is supported till February and will receive the patches. You'll see upgrade to 4.13 in Update Manager once 4.10 is out of support.
Image
User avatar
mwbworld
Level 3
Level 3
Posts: 126
Joined: Fri Aug 19, 2016 10:55 am
Location: Boston, MA

Re: ATTN!...Intel CPU owners

Post by mwbworld »

xenopeek wrote: That kernel is supported till February and will receive the patches. You'll see upgrade to 4.13 in Update Manager once 4.10 is out of support.
I was wondering about the 4.13 since the recent announcement of the patched kernels releases for this latest problem (Thanks Intel!) mentioned the latest release and patches to the LTS one's like 4.4 & 4.9. I hadn't seen anything that indicate if 4.13 was getting it - especially us getting it via the usual LM updater. I assume 4.4 will happen in the usual way for us though - but that could be the elaborate webs of lies i tell myself.
- Michael
User avatar
smurphos
Level 17
Level 17
Posts: 7331
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: ATTN!...Intel CPU owners

Post by smurphos »

All of Ubuntu currently supported kernel series should be patched - 3.13, 4.4, 4.10 and 4.13.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
ArtGirl

Re: ATTN!...Intel CPU owners

Post by ArtGirl »

Am I right in understanding 4.11 won't be patched? Concerned too, incase art is affected, and some (large) games, if it's necessary to upgrade to a higher kernel plus effect of the patch. Krita needs system specs I have, as below, especially for large, high resolution, multi-layered work.
Last edited by ArtGirl on Thu Jan 04, 2018 6:51 pm, edited 2 times in total.
rene
Level 16
Level 16
Posts: 6693
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners

Post by rene »

ArtGirl wrote:Am I right in understanding 4.11 won't be patched? Concerned too, incase art is affected, and some (large) games, if it's necessary to upgrade to a higher kernel plus effect of the patch.
There will be no 4.11 updates, neither from Ubuntu nor directly from upstream. Ubuntu kernel series that will get the KTPI patches are per smurphos just above 3.13, 4.4, 4.10 and 4.13; upstream series are per further up above 3.2, 3.16, 3.18, 4.4, 4.9, and 4.14+. "Art" is a little broad but would together with games appear the exact type of load which is, at worst, only very minimally affected by slowdowns caused by these patches; both are user space loads that don't call on the kernel for many things. A kernel upgrade is also otherwise generally very easy and uneventful when done through the Update Manager. Just apply the update once available.
ArtGirl

Re: ATTN!...Intel CPU owners

Post by ArtGirl »

rene wrote:
ArtGirl wrote:Am I right in understanding 4.11 won't be patched? Concerned too, incase art is affected, and some (large) games, if it's necessary to upgrade to a higher kernel plus effect of the patch.
There will be no 4.11 updates, neither from Ubuntu nor directly from upstream. Ubuntu kernel series that will get the KTPI patches are per smurphos just above 3.13, 4.4, 4.10 and 4.13; upstream series are per further up above 3.2, 3.16, 3.18, 4.4, 4.9, and 4.14+. "Art" is a little broad but would together with games appear the exact type of load which is, at worst, only very minimally affected by slowdowns caused by these patches; both are user space loads that don't call on the kernel for many things. A kernel upgrade is also otherwise generally very easy and uneventful when done through the Update Manager. Just apply the update once available.
Thanks rene. Appreciate the details. Am concerned, as Krita needs the full system specs I have, as below, especially for large, high resolution, multi-layered paintings. I'm not sure how much the graphics card/ram/kernel are accessed by Krita, but they recommend a large swap file, maximum ram etc as far as I know, and it does regular backups in the background. Going to ask on the Krita forum. Yes, it's nice to have a straightforward way to update; thanks for assurance.
User avatar
Arch_Enemy
Level 6
Level 6
Posts: 1391
Joined: Tue Apr 26, 2016 3:28 pm

Re: ATTN!...Intel CPU owners

Post by Arch_Enemy »

michael louwe wrote:@ xenopeek, .......
xenopeek wrote:
michael louwe wrote:Please refer to this link ... viewtopic.php?t=214607 = LM users will have to manually upgrade their kernels to the patched one, eg 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91 and 3.2.97.(kernel info, courtesy of 'rene')
I think you put in the wrong link? That's from 2 years ago and not applicable to today's situation.
.
I am running LM 17.3 Cinnamon 32bit since more than 1 year ago. I do not think I have gotten any security updates for my Linux kernel 3.13.0-107 LTS or for the default kernel 3.19 via Update Manager. Maybe, Update Manager display security updates for Linux kernels as Level 5 updates only for LM 18.x onward. Please confirm.

According to this link ... http://news.softpedia.com/news/linux-ke ... 9215.shtml , the above Linux kernels that have the KPTI patch have to be downloaded & installed from kernel.org. IOW, LM users have to wait for the LM developers for the actual release.
... My LM 17.3 system only has kernel 3.16.0-52 available. Not sure whether it has the KPTI patch. But ain't kernel 3.16 non-LTS, as per Canonical's Ubuntu.?
I'm running 4.14. LM 17.3

Sorry, 4.2. Running 4.40 on the other one.
I have travelled 35629424162.9 miles in my lifetime

One thing I would suggest, create a partition a ~50G partition as /. Partition the rest as /Home.
When the system fails, reinstall and use the exact same username and all your 'stuff' comes back to you.
User avatar
smurphos
Level 17
Level 17
Posts: 7331
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher
Contact:

Re: ATTN!...Intel CPU owners

Post by smurphos »

Arch_Enemy wrote:
I'm running 4.14. LM 17.3

Sorry, 4.2. Running 4.40 on the other one.
4.2 has been EOL since August 17 so you'd be advised in any case to move up to 4.4 or back down to 3.13 to be offered security updates including the patch in question once released.
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
User avatar
michael louwe
Level 10
Level 10
Posts: 3294
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners

Post by michael louwe »

@ Artgirl, .......
Artgirl wrote:...
.
According to this link ... https://wiki.ubuntu.com/Kernel/LTSEnablementStack , only kernel 4.4 and 4.15 are LTS = supported by Canonical-Ubuntu until 2021.

In your case, if feasible and stable(for your system), I think you should install kernel 4.13 to sooner get the KPTI patch and later install kernel 4.15, when available, to get the KPTI patch and support until 2021.
... If the kernel upgrade proves unstable, you can revert back and stay on kernel 4.11 through Grub's Advanced options and then delete the unstable kernels through Update Manager(>View >Linux kernels >Remove).
User avatar
idle
Level 3
Level 3
Posts: 192
Joined: Tue Aug 18, 2015 8:25 am
Location: Aka-kabunga West

Re: ATTN!...Intel CPU owners

Post by idle »

Question: Skylake 6700HQ Intel CPU, when the new kernel with the fix is available, what happens if you don't upgrade? Is it feasibly possible that a casual user will be unaffected by this? or is this something everyone needs to upgrade because its serious?
User avatar
michael louwe
Level 10
Level 10
Posts: 3294
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners

Post by michael louwe »

@ idle, .......
idle wrote:Question: Skylake 6700HQ Intel CPU, when the new kernel with the fix is available, what happens if you don't upgrade? Is it feasibly possible that a casual user will be unaffected by this? or is this something everyone needs to upgrade because its serious?
.
It's serious and computer users should upgrade/update, but should also wait awhile to see how every thing settles/concludes, eg the KPTI patch may brick certain computers, Intel may issue a better patch for Meltdown, new information may come out, etc.

AFAIK, if casual users do not apply the KPTI patch by updating their Linux kernels, whenever they go online, they will risk hackers being able to secretly read their private data in RAM(= passwords, encryption keys, etc). With such data in hand, the hackers can perform further exploits on the exposed computers, eg recruiting coin-mining botnets or email-spam-bots, impersonation/phishing, financial fraud(credit card/online bank acct), ransomware infection, etc. Of course, the greedy hackers will prefer high-value targets from their Meltdown hacking, eg rich folks, celebrities, politicians, CEOs, etc.
User avatar
Faust
Level 5
Level 5
Posts: 500
Joined: Thu Jul 14, 2016 3:40 am

Re: ATTN!...Intel CPU owners

Post by Faust »

michael louwe wrote:...... wait awhile to see how every thing settles .....
Wise words .... a breath of fresh air !
The internet is currently awash with " headless chicken " mentality .

Users should keep in mind that this vulnerability may lead to a possible memory leak .
Hackers are not going to get any elevation of privileges out of it .
" And so it goes " - Kurt Vonnegut
The modern reality and the satirical parody are rapidly converging .
ArtGirl

Re: ATTN!...Intel CPU owners

Post by ArtGirl »

michael louwe wrote:@ Artgirl, .......
Artgirl wrote:...
.
According to this link ... https://wiki.ubuntu.com/Kernel/LTSEnablementStack , only kernel 4.4 and 4.15 are LTS = supported by Canonical-Ubuntu until 2021.

In your case, if feasible and stable(for your system), I think you should install kernel 4.13 to sooner get the KPTI patch and later install kernel 4.15, when available, to get the KPTI patch and support until 2021.
... If the kernel upgrade proves unstable, you can revert back and stay on kernel 4.11 through Grub's Advanced options and then delete the unstable kernels through Update Manager(>View >Linux kernels >Remove).
Thank you very much, michael louwe, for such a clear and reassuring overview of what to do. Krita responded quickly but are unsure of the % of time spent in syscalls vs userspace, so it is great to be able to test run 4.13. I'll do that today, and thank you again.
User avatar
Spearmint2
Level 16
Level 16
Posts: 6921
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners

Post by Spearmint2 »

jimallyn wrote:I suppose I better fire off a letter to Intel to let them know where to ship the replacement for the defective processor they sold me.
LOL, so glad I exclusively use AMD. If this is based on swap file usage too, then that's not a problem for me. I almost never get past 4GB installed RAM anyway. The biggest wasted space on my hard drive is the swap partition.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
User avatar
Spearmint2
Level 16
Level 16
Posts: 6921
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners

Post by Spearmint2 »

rene wrote:I'd hate to have the fact that this problem is likely exceedingly hard to exploit in a useful manner in the first place drop from the thread so please consider that remarked upon again also...
Yes. I find this more as something interesting, but not distressing for the average home user. For mainline servers, then of course.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
User avatar
Spearmint2
Level 16
Level 16
Posts: 6921
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners

Post by Spearmint2 »

majpooper wrote:Good podcast (Security Now) where this issue is explained - it starts about at 33:30 although the first topic about browser security is also worth listening to.
https://twit.tv/shows/security-now/epis ... tart=false
AMD has taken a few hits here at times, unfairly IMHO, but I have never had any issues with either my AMD CPU or graphics card and at the moment glad I run AMD on my rig.
Agree. I see you are at NC. Just got a call from my daughter down there at Camp Le Jeune about all that snow. She's a sergeant and range instructor, teaching your new marines how to shoot their M-16's. If you do any time at the range, may have run into her.
Last edited by Spearmint2 on Fri Jan 05, 2018 10:09 am, edited 1 time in total.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
User avatar
Spearmint2
Level 16
Level 16
Posts: 6921
Joined: Sat May 04, 2013 1:41 pm
Location: Maryland, USA

Re: ATTN!...Intel CPU owners

Post by Spearmint2 »

Rayser wrote:What the Linux Mint position on that? When will we receive that update?
I checked for 17.3 yesterday, said I was all updated, so not there yet.
All things go better with Mint. Mint julep, mint jelly, mint gum, candy mints, pillow mints, peppermint, chocolate mints, spearmint,....
Post Reply

Return to “Open chat”