LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-03-2018, 05:27 PM   #1
_roman_
Member
 
Registered: Dec 2017
Location: _Austro_Bavaria_
Distribution: gentoo / linux mint
Posts: 433

Rep: Reputation: 28
Intel cpu bug


I know about this since a few days.

example:
http://www.theregister.co.uk/2018/01...u_design_flaw/

I know recent INTEL cpus and gpus are not very well designed.
e.g. SATA bugs, firmware upgrades, instructions were turned off later, throttling of the cpu for certain instructions and such.
I do not know any recent intel cpu / gpu without any bug looking from a customer point of view.

Also there is the intel management engine disaster, the uefi disaster, the intel "network" chip hidden features to only name a few flaws where I decided to not buy any intel product anymore.

Also the performance impact is reported up to 60 Percent afaik what I have read from different sources. which is also played down by some guys to not so important 5 percent, which I highly doubt.

We all know that apple and spyware95 is problematic for several years. those who use it and are harmed can not be helped at all. Those warn signals exists for a long time.

Honestly I do not care for any windows blubbering or apple newbie software blubbering. I am only interested what impact it has for gnu linux and for my dated ivybridge cpu.

Is it finally time to sell intel based hardware now? there could be even more than this already lurking.

edit: I mark it as solved, as it is more speculation post than anything else. and just an information to those who where not aware of it as of now

heavy patching of the linux kernel is done already in the backgrounds. same for spyware 95 and apple newbie software

Last edited by _roman_; 01-03-2018 at 05:30 PM.
 
Old 01-03-2018, 07:35 PM   #2
_roman_
Member
 
Registered: Dec 2017
Location: _Austro_Bavaria_
Distribution: gentoo / linux mint
Posts: 433

Original Poster
Rep: Reputation: 28
Details:

https://googleprojectzero.blogspot.c...with-side.html

Windows seems to be patched since 19th December. So I really want to question the linux security policy to have for weeks an open known hole!

That should be of course inactive now!
Quote:
ASUS-G75VW /usr/src/linux # zgrep BPF_JIT /proc/config.gz
# CONFIG_BPF_JIT is not set

Last edited by _roman_; 01-03-2018 at 07:45 PM.
 
Old 01-04-2018, 06:09 AM   #3
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,186
Blog Entries: 5

Rep: Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248
It's not just Intel. At the moment it's not clear if "meltdown" also affects AMD. But "spectre" affects Intel, AMD and ARM chips.

The general crappiness of x86 has been well known for quite some time. For example, Theo de Raadt of OpenBSD pointed out numerous flaws with the Core 2 just over a decade ago: https://marc.info/?l=openbsd-misc&m=118296441702631

When it comes to CPU's most people just want "fast(er)" and never really put much more thought into it. Vendors responded and as ever, security hasn't really factored. In fact as we now know from IME/PSP, the silicon vendors are more interested in how they can facilitate spying on you (actually creating vulnerabilities in the process), than helping you secure your box.

As far as I am aware, these particular flaws can't be fixed by the usual CPU microcode "sticking plaster", so it's now up to OS vendors to build in mitigation. The affected CPU's are quite simply broken and will stay broken.
 
2 members found this post helpful.
Old 01-05-2018, 04:06 PM   #4
_roman_
Member
 
Registered: Dec 2017
Location: _Austro_Bavaria_
Distribution: gentoo / linux mint
Posts: 433

Original Poster
Rep: Reputation: 28
linux-4.9.75-gentoo contains finally the fix. Pulled in today the tree

Quote:
Remove the kernel mapping in user mode (PAGE_TABLE_ISOLATION) [Y/n/?] (NEW) Y
 
Old 01-05-2018, 04:14 PM   #5
Teufel
Member
 
Registered: Apr 2012
Distribution: Gentoo
Posts: 616

Rep: Reputation: 142Reputation: 142
Quote:
Originally Posted by _roman_ View Post
linux-4.9.75-gentoo contains finally the fix. Pulled in today the tree
I was surprized when I found kernel 4.9.75 fetched with updates, though I have 4.14.8 installed already.
Now I know why it went back.
 
Old 01-08-2018, 02:03 AM   #6
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Gentoo
Posts: 467

Rep: Reputation: 154Reputation: 154
FWIW: the Meltdown/Spectre bug was a 90s thing...
 
Old 01-08-2018, 11:18 AM   #7
Mr. Macintosh
Member
 
Registered: Sep 2015
Distribution: Debian
Posts: 278

Rep: Reputation: 56
Quote:
Originally Posted by _roman_ View Post
linux-4.9.75-gentoo contains finally the fix. Pulled in today the tree
Is English your first language?
 
Old 01-08-2018, 11:19 AM   #8
Mr. Macintosh
Member
 
Registered: Sep 2015
Distribution: Debian
Posts: 278

Rep: Reputation: 56
Quote:
Originally Posted by cynwulf View Post
It's not just Intel. At the moment it's not clear if "meltdown" also affects AMD. But "spectre" affects Intel, AMD and ARM chips.

The general crappiness of x86 has been well known for quite some time. For example, Theo de Raadt of OpenBSD pointed out numerous flaws with the Core 2 just over a decade ago: https://marc.info/?l=openbsd-misc&m=118296441702631

When it comes to CPU's most people just want "fast(er)" and never really put much more thought into it. Vendors responded and as ever, security hasn't really factored. In fact as we now know from IME/PSP, the silicon vendors are more interested in how they can facilitate spying on you (actually creating vulnerabilities in the process), than helping you secure your box.

As far as I am aware, these particular flaws can't be fixed by the usual CPU microcode "sticking plaster", so it's now up to OS vendors to build in mitigation. The affected CPU's are quite simply broken and will stay broken.
ARM isn't x86, nor is PowerPC.
 
Old 01-08-2018, 11:37 AM   #9
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,186
Blog Entries: 5

Rep: Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248
I was talking about Intel and "meltdown" as the thread is entitled "Intel CPU Bug".
 
Old 01-08-2018, 11:39 AM   #10
Mr. Macintosh
Member
 
Registered: Sep 2015
Distribution: Debian
Posts: 278

Rep: Reputation: 56
Quote:
Originally Posted by cynwulf View Post
I was talking about Intel and "meltdown" as the thread is entitled "Intel CPU Bug".
Well, you said that Spectre affects Intel, AMD, and ARM CPUs, and then you said that x86 is generally crappy.
 
Old 01-08-2018, 11:52 AM   #11
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,186
Blog Entries: 5

Rep: Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248
Well... that first paragraph, was to illustrate that "spectre" is not same CVE(s) as "meltdown". At the time that wasn't clear and certainly not in this thread.

"meltdown" is the more significant side channel cache attack of the two and it's actually intel specific.

AMD is also x86... so my comments on x86 were directed at Intel/AMD (not ARM).
 
Old 01-08-2018, 11:54 AM   #12
Mr. Macintosh
Member
 
Registered: Sep 2015
Distribution: Debian
Posts: 278

Rep: Reputation: 56
Quote:
Originally Posted by cynwulf View Post
Well... that first paragraph, was to illustrate that "spectre" is not same CVE(s) as "meltdown". At the time that wasn't clear and certainly not in this thread.

"meltdown" is the more significant side channel cache attack of the two and it's actually intel specific.

AMD is also x86... so my comments on x86 were directed at Intel/AMD (not ARM).
Understood.
 
Old 01-08-2018, 12:00 PM   #13
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,186
Blog Entries: 5

Rep: Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248
Interestingly Itanium (IA64) are not affected. So it seems that those who cut corners and spent on x86 servers will be hit hardest.
 
Old 01-08-2018, 02:45 PM   #14
Mr. Macintosh
Member
 
Registered: Sep 2015
Distribution: Debian
Posts: 278

Rep: Reputation: 56
Quote:
Originally Posted by cynwulf View Post
Interestingly Itanium (IA64) are not affected. So it seems that those who cut corners and spent on x86 servers will be hit hardest.
That's really weird. I would have thought that if they avoided these issues on the Itanium CPUs, they would have avoided them on future 64-bit CPUs.
 
Old 01-08-2018, 02:53 PM   #15
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,186
Blog Entries: 5

Rep: Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248Reputation: 1248
Itanium is a different architecture, so who can say... Intel x86_64 is basically Intel's implementation of AMD's amd64.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Intel skylake CPU intel debugger may be vulnerable as per link aus9 Linux - Security 1 01-11-2017 11:20 AM
AMD CPU Generating Way More System Load Than Intel Xeon CPU? kresyzig Programming 1 10-11-2010 10:35 AM
What AMD CPU is comparable to P4 intel cpu? ngjunkie0011 Linux - Hardware 8 08-29-2007 01:47 AM
BUG: soft lockup detected on CPU#0 and BUG: spinlock recursion on CPU#0 ... BloodyCat Linux - Hardware 3 11-07-2006 02:14 PM
BUG: soft lock detected on CPU#0 nibbler Linux - Newbie 1 08-22-2005 03:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration