LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-05-2018, 11:11 AM   #16
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,965
Blog Entries: 4

Original Poster
Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848

Quote:
Originally Posted by cynwulf View Post
Haven't the KPTI patches been backported to the 4.4.x and 4.9.x longterm branches?
Last thing I heard they were working on that. I don't know if they've got there yet. Obviously the new branch took priority.

PS: Just checked on kernel.org. There's a 4.9.75 out today. That must be the backport. I'm downloading it now.

Last edited by hazel; 01-05-2018 at 11:14 AM. Reason: Postscript
 
Old 01-05-2018, 11:23 AM   #17
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys for decades while testing others to keep up
Posts: 1,870

Rep: Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768Reputation: 1768
Thank you, hazel, first for your clarifying reply and most of all for this thread since after my initial response I searched around and found out about Spectre and Meltdown. It is my understanding that while Spectre may do less damage it is harder to fix. I still wonder if the MCE and associated garbage has anything to do with why Intel is affected the worst. I also read that those of you who have OEM machines can get firmware updates but those of us who build our own are in something of a "holding pattern". Too bad Intel doesn't just release the fixes as downloadable microcode. I suppose we will see.

BTW it really isn't particularly dangerous to update a bios these days. There are lots of safeguards built in. The main thing it takes is just patience and reasonable preparation. I prefer having the update on a USB stick even though many machines can download it directly but updating has become rather trivial really.

Edit: I just discovered that a bug officially reported in May of 2016 noted that the ME (Management Engine, to which I referred earlier) can be remotely exploited to elevate privilege so it may indeed have an impact of risk level for Intel CPUs.

Last edited by enorbet; 01-05-2018 at 11:50 AM.
 
Old 01-05-2018, 11:58 AM   #18
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,965
Blog Entries: 4

Original Poster
Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
Yes, 4.9.75 boots normally. And dmesg|grep isolation shows the line
Code:
[    0.000000] Kernel/User page tables isolation: enabled
as expected.

I suppose the backports will eventually encompass the other branches. LFS 8.1 normally uses 4.12, so I've gone backwards! However Crux uses 4.9. Now that I've got a working patched kernel, I'll copy it and its modules over to Crux too. For Debian, I'll have to rely on the distro devs providing a new kernel. You don't usually have to wait long with Debian, not if its a security matter.
 
Old 01-05-2018, 12:19 PM   #19
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,965
Blog Entries: 4

Original Poster
Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
Apple have just admitted that iPhones and iPads are affected too, by both bugs.
 
Old 01-05-2018, 01:09 PM   #20
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,023

Rep: Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066
As I read it the patches are necessary because there is a potential exploit, but the seriousness of that exploit and the ease, or not, of its use have not been determined.
I did read on The Register that Intel chips may run between 10 and 20 percent slower once the patch has been applied but it seems this may not be true for desktop machines.
What a colleague and I were discussing earlier was whether things like Amazon Cloud will lose 10 percent processing power -- that's surely a good number of servers and accounts?
 
Old 01-05-2018, 01:24 PM   #21
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,965
Blog Entries: 4

Original Poster
Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
Current experiments suggest that the slowing down is mainly in applications that use a lot of kernel calls, such as database software. PostgreSQL is especially badly affected. Code that executes mainly in userspace is not badly slowed down. That LFS mailing list post that I referenced earlier in this thread includes the results of some timing trials.
 
Old 01-05-2018, 01:35 PM   #22
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,023

Rep: Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066
My colleague and I did also speculate that this may account, in some way, for Intel being "faster" than AMD getting more done per clock cycle and the like becuase they didn't consider the risk in some optimisations.
OK, so I am a bit of a fan of the (AMD) underdog but I hope my point about hosted services being devalued still holds.
 
Old 01-05-2018, 03:47 PM   #23
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,090
Blog Entries: 5

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
Quote:
Originally Posted by 273 View Post
My colleague and I did also speculate that this may account, in some way, for Intel being "faster" than AMD getting more done per clock cycle and the like becuase they didn't consider the risk in some optimisations.
You're certainly not the only ones thinking that...

However AMD (and ARM) are affected by the 2 of the 3 CVEs. So AMD isn't a complete solution to this.

I wonder if questions will also be asked about Intel's CEO selling something like half his stock (retaining only the minimum requirement) in late December.
 
Old 01-05-2018, 03:54 PM   #24
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,023

Rep: Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066Reputation: 2066
Quote:
Originally Posted by cynwulf View Post
You're certainly not the only ones thinking that...

However AMD (and ARM) are affected by the 2 of the 3 CVEs. So AMD isn't a complete solution to this.

I wonder if questions will also be asked about Intel's CEO selling something like half his stock (retaining only the minimum requirement) in late December.
As it happens I have only just read that it's definitely not just Intel in the last couple of hours but I do still wonder whether AMD missing this "speculative execution" could be part of their lead, since they're still the ones definitely affected.
I'd not read about the Intel CEO but I suspect that it will be found that "...he .. had no idea ..." and it is just coincidence.
 
Old 01-05-2018, 04:54 PM   #25
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,090
Blog Entries: 5

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
It's important to realise that there are three separate CVEs (The Google Project Zero papers linked to in the other threads give more details). Two of the three affect most CPUs from various vendors. One, the more serious, but easier to mitigate, seems to only affect Intel thus far.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
problem: MIDI sound heard on wrong playback device opc Linux - Software 5 01-21-2009 04:48 AM
Ever heard of Alinux and HOW do you burn a 800mb CD I've never heard of one BiPolarPenguin General 4 12-19-2006 08:56 PM
LXer: Loan Linux Your Larynx - Let Your Voice Be Heard…No, REALLY Heard LXer Syndicated Linux News 0 01-29-2006 11:03 PM
skype problem on FC3 (I hear but I am not being heard) ddaas Linux - Software 6 11-25-2005 01:58 AM
Another sound card problem, that you have probably heard before! jay2901 Linux - Hardware 1 08-04-2004 08:08 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 12:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration