ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

[michael louwe]

@ rene, .......

...

.
My apologies, I think you are correct, ie Linus Torvald/kernel.org have their own Retpoline path to patching the Linux kernel for Spectre 2, whereas Canonical Inc/Ubuntu have their own IBRS path to patching the Linux kernel for Spectre 2. ...
http://mail.phoronix.com/scan.php?page= ... -Retpoline (dated 15 Jan 2018 - Retpoline Backported To Linux 4.9, Linux 4.14 Kernels)

https://lkml.org/lkml/2018/1/4/432 (4 Jan 2018)

Something like that, yeah. But remember, setting IBRS is a barrier too. You can't just set it and forget it; you have to do it on *every* entry into the kernel.

Later CPUs are intended to have an 'IBRS all the time' feature which is set-and-forget, and will perform much better, I believe. If we find we're running on a CPU with that, we'll turn off the retpoline with alternatives. ...

That's good, because retpoline doesn't work on Skylake (since Skylake will actually predict rets too, and then you're just completely hosed).

So on Skylake, we'll be using the basic IBRS support too, and also alternativing out the retpoline.

.
.
LM users will have to rely on Canonical/Ubuntu for their Linux kernel support = Ubuntu are most likely adopting the IBRS feature instead of the Retpoline feature.
... Seems, to apply Retpoline, users need to change their compiler = quite impractical for deployment by Ubuntu/LM.

[curtvaughan]

Sounds to me that Intel says that "their" problem is now "our" problem. (Expletive deleted. lol)

After reading David Woodhouse's above linked rebuttal a few more times I would myself actually more go with a "Linus is full of it" theory for now.

The main stated technical objection from Linus is nonsensicallity of expensive MSR writes on kernel entry/exit that protect the kernel itself even though said kernel already has a low cost and fully software-implemented solution available in the form of retpoline; see https://security.googleblog.com/2018/01 ... cpu_4.html if interested. But David explains that, 1, the expensive method was developed before retpoline was even available; that, 2, said method covers kernels built without retpoline (for which specific compiler support is needed) and moreover, 3, covers Skylake which retpoline does not fully. That it is a fallback method for "for now" and for Skylake.

I find myself to be fairly peanut-convinced there; this to reflect worse on Intel than in fact seems called for. Which, once again, does not in fact matter as long as you take Linus' posts for what they are: parts of a technical discussion.

This is perhaps the most interesting back-and-forth since the systemd wars in 2014. I already applied the initial Intel patch to my XPS 9360 (Kaby Lake) prior to all of this - so far, no issues, but Dell removed the patch from their support website just a few days ago with promises for further updates in the future.

[rene]

Ubuntu are most likely adopting the IBRS feature instead of the Retpoline feature.

That is for now indeed what they've done. Can assure it'll be for a short-lived value of "now" though: current for Spectre updated Ubuntu kernels are not compiled with a retpoline compiler but other than retpoline only having become available in GCC one or two weeks ago there wouldn't seem to be a reason we'd not in the quite near future see kernels compiled with a retpoline compiler coming down our update pipelines. At which point certainly IBRS support will not be removed but at which point the default Spectre 2 mitigation for kernel space could very well be made retpoline; it's quite a performance gain...

At the time of upstream 4.16 things will moreover no doubt have settled down further both with regards to microcode and the kernel-side support of IBRS/IBPB and Ubuntu is at that time almost guaranteed to "rejoin the fold".

Which is in fact badly put: other distributions are doing the exact same thing as Ubuntu, https://access.redhat.com/articles/3311301, and distribution-wise they're all right smack in the middle of that fold already. It's just that distributions need "full protection" now whereas the upstream kernel has the luxury of being a bit more critical, given different audiences.

[rene]

I already applied the initial Intel patch to my XPS 9360 (Kaby Lake) prior to all of this - so far, no issues, but Dell removed the patch from their support website just a few days ago with promises for further updates in the future.

Yes, initially thought to be Broadwell and Haswell specific but in the mean time found to be more widely problematic the up to now released Intel spectre-related new microcode causes stability issues. Current status seems to be that Intel is confident it has found the root cause and new-new microcode is forthcoming.

[michael louwe]

@ rene, .......

...

.
Linus Torvald/kernel.org's Linux kernel 4.15 has the Retpoline feature for Spectre 2 built-in, but not for the IBRS/IBPB features, whereas Canonical Inc/Ubuntu(and Red Hat)'s latest patched Linux kernels are adopting the IBRS/IBPB features for Spectre 2 but not for Retpoline.
... But Intel's David Woodhouse has stated that Retpoline does not work for SkyLake CPUs.

So, what will likely happen is for both Linus Torvald/kernel.org and Canonical Inc/Ubuntu to adopt both the Retpoline and IBRS/IBPB features to patch for Spectre 2. If so, LM users will then have the choice of using either one or both features for Spectre 2, eg SkyLake users will install the appropriate kernel update and Intel microcode update for the IBRS/IBPB features, while non-Skylake users can opt to install only the kernel update for the Retpoline feature or install both updates for both the Retpoline and IBRS/IBPB features.

Which features will future Intel CPUs build-in for Meltdown and Spectre.?
_ _ _ _ _ _ _

EDIT & CORRECTION; Looks like kernel.org's Linux kernel 4.15 also supports Intel SkyLake CPUs for Retpoline, as per ... https://www.phoronix.com/scan.php?page= ... Benchmarks (17 Jan 2018 - Benchmarking Retpoline Underflow Protection With Intel Skylake/Kabylake)
... So, Linux users will likely just need to use the Retpoline feature for Spectre 2, ie no need to install any CPU microcode updates for the IBRS/IBPB features that also patch for Spectre 2. If so, Canonical Inc/Ubuntu will have to release new kernel updates to revert the IBRS/IBPB features presently contained in 3.13.141, 4.4.112 and 4.13.32.

What will happen to Windows systems wrt Spectre 2.? Does Windows has a similar Retpoline feature in its kernel.?
... https://www.crowdstrike.com/blog/chip-f ... -mitigate/ (11 Jan 2018)

Without the microcode update, Google’s software workaround (the retpoline) can be used, but it requires custom compiler support and recompiled binaries which leverage the technique. GCC as well as Clang/LLVM, the major open source compilers, now have support for generating such retpolines, while Windows and Visual Studio are not currently pursuing this approach.

.

http://www.zdnet.com/article/google-our ... ll-use-it/ (12 Jan 2018)

Google: Our brilliant Spectre fix dodges performance hit, so you should all use it.

Google wants the whole industry to adopt its Retpoline fixes for Variant 2 of the Meltdown-Spectre bugs.

.
https://www.phoronix.com/scan.php?page= ... ne-Patches (4 Jan 2018 - More Linux Kernel & GCC Patches Come Out In The Wake Of Spectre+Meltdown)
https://www.phoronix.com/scan.php?page= ... -Published (6 Jan 2018 - Retpoline v5 Published For Fending Off Spectre Branch Target Injection)

[michael louwe]

https://insights.ubuntu.com/2018/01/17/ ... -proposed/ (17 Jan 2018)

We are actively investigating Google’s “Retpoline” toolchain-based approach, which requires rebuilding Ubuntu binaries but reduce performance impact of the mitigation.

For your reference, the following links explain how to enable Ubuntu’s Proposed repositories, ...

Seems, for Ubuntu to support Retpoline requires a lot of work.
.
https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown

Support for retpoline is not yet included in any of these kernel updates

[thx-1138]

...my understanding (i might be wrong though), is that at least until Ubuntu 18.04 there won't likely be widely-deployed apps recompiled with retpoline. The kernel itself - maybe (and hopefully!), the apps themselves though, i doubt...as even the current Bionic uses gcc 7.2 (& retpoline was backported to 7.3 few days ago - hence, if 18.04 will have 7.3 instead...)

I don't really follow what MS does, but i don't think they have an equilevant of retpoline. VisualStudio 15.5 has added an extra switch /Qspectre for variant #1 few days ago, it's not for variant #2 though...and i have absolutely no idea how they deal with such kernel-wise...But i believe it's pretty safe to assume that (most?) binaries coming down to windows end-users from here on with the kb-alphanumerics will be built with that switch enabled...

[michael louwe]

http://www.zdnet.com/article/amd-vs-spe ... -says-ceo/ (31 Jan 2018 - AMD vs Spectre: Our new Zen 2 chips will be protected, says CEO)

[xenopeek]

So looking at hardware fixes:
- Intel's 10nm Cannon-lake processors will be their first to have the hardware fix. Release around end of 2018.
- AMD's 7nm Zen 2 processors will be their first to have the hardware fix. Release in (probably early) 2019.

Safe to assume, AMD's upcoming Zen+ (launch in April) processors will also be unaffected by Meltdown and will have the microcode fix for Spectre variant 1.

[Lucap]

Intel announces new CTO, security manager

https://www.bit-tech.net/news/intel-ann ... manager/1/

Dr. Mayberry will be in charge of steering the technical direction of a company hammered by the Spectre and Meltdown speculative execution vulnerabilities - hands-down the most widespread and serious security flaws in the company's history, and a source of prolonged embarrassment as Intel struggles to patch both the vulnerabilities themselves and the damage to its reputation they have caused.

I wonder if he'll actually do anything other than to turn up to live events to publicly speak on how great Intel is?

[Spearmint2]

Being president then of Intel, maybe he can give us each year a State Of The Processor speech.

[sichenia]

The new kernel won't work on my machine as explained here
viewtopic.php?f=208&t=261394&p=1425547#p1425547
I hope the newer ones will fix the problem, right now after boot I get a black screen. My friend says it's because now the video options are invoked not by X directly but through the kernel and the kernel can't determine the right specs that my machine needs.
Anyway I'm back to the unpatched kernel and trying to install patched browsers of my liking.
Not a happy camper here.

[thx-1138]

...it looks like the next ubuntu kernels will come with retpoline enabled:
https://launchpad.net/~canonical-kernel ... hive-extra

Edit: it also appears that grep . /sys/devices/system/cpu/vulnerabilities/* could now be used on such, as was the case in 4.15.x/4.14.x upstream...

[Pjotr]

...it looks like the next ubuntu kernels will come with retpoline enabled:
https://launchpad.net/~canonical-kernel ... hive-extra

Edit: it also appears that grep . /sys/devices/system/cpu/vulnerabilities/* could now be used on such, as was the case in 4.15.x/4.14.x upstream...

Interesting.... The link concerns the 4.13 kernel series; I'm curious whether this'll also be done for the 4.4 kernel series.

[thx-1138]

...indeed, my fault, should have posted both...seems that yes, they've been working on it for both 4.4.x & 4.13.x...
https://launchpad.net/~canonical-kernel ... hive-extra
https://launchpad.net/~canonical-kernel ... /+packages

(edit: i don't see the CONFIG_GENERIC_CPU_VULNERABILITIES in 4.4.x changelog yet though, so this verification method doesn't appear to be backported on that version...)

[Pjotr]

@thx-1138: thanks!

[michael louwe]

@ thx-1138, .......

...it looks like the next ubuntu kernels will come with retpoline enabled:
https://launchpad.net/~canonical-kernel ... hive-extra

Edit: it also appears that grep . /sys/devices/system/cpu/vulnerabilities/* could now be used on such, as was the case in 4.15.x/4.14.x upstream...

.
Looks like the next Linux kernel update from Ubuntu will include the Retpoline patch for Spectre 2, ie kernel update 4.13.33, 4.4.113 and 3.13.142.
... AFAIK, the Retpoline patch in the new kernel updates will also require installed apps/programs and repositories to be recompiled or updated. So, after installing the new kernel updates, eg kernel 4.13.33, certain self/post-installed apps/programs may stop working, especially those installed from 3rd-party PPAs/repositories.

If LM/Ubuntu systems have been patched with Retpoline for Spectre 2, there will be no need for any CPU update/patch, eg no need for an Intel microcode update for Linux or a BIOS firmware update for Windows = no need for the IBRS and IBPB features.

Previously, kernel updates 4.13.32, 4.4.112 and 3.13.141 have the patches for Meltdown(= the KPTI feature), Spectre 2 and Spectre 1. Spectre 2(= the IBRS and IBPB features) requires the CPU to be updated/patched also. Intel's CPU updates/patches proved buggy and were later pulled.
... 32bit systems are only patched for Spectre 1, ie not yet patched for Meltdown and Spectre 2.

[neversaynever]

@ thx-1138, .......

Looks like the next Linux kernel update from Ubuntu will include the Retpoline patch for Spectre 2, ie kernel update 4.13.33, 4.4.113 and 3.13.142.
...
Previously, kernel updates 4.13.32, 4.4.112 and 3.13.141 have the patches for Meltdown(= the KPTI feature), Spectre 2 and Spectre 1. Spectre 2(= the IBRS and IBPB features) requires the CPU to be updated/patched also. Intel's CPU updates/patches proved buggy and were later pulled.
... 32bit systems are only patched for Spectre 1, ie not yet patched for Meltdown and Spectre 2.

Hi Michael. I update daily my LM 18.0 32bit: now i'm with kernel 4.4.0.112-135 generic; but github control software says that I'm VULNERABLE also by spectre 1 (with 4.4.0.109 it said NOT VULNERABLE). I'm confused: do you have any idea about why?
While waiting for a kernel pactched for 32-bit systems, is 4.4.0.113-136 ~retpoline4 (xenial) usefull for me? (it is not among automatic updates, but i saw that it exists also for i386 systems). Thanks

[michael louwe]

@ neversaynever, .......

...

.
I have no idea why the patch for Spectre 1 behaved that way.

About the kernel update for Retpoline, we should wait for confirmation from ... https://wiki.ubuntu.com/SecurityTeam/Kn ... ndMeltdown

[thx-1138]

...Corporate blabla...

The revision guide has been updated at least...