Meltdown and Spectre patches

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: Meltdown and Spectre patches

Postby bw123 » 2018-01-14 20:09

Head_on_a_Stick wrote:
bw123 wrote:According to the changelog "on debian" they added a "nokaiser" switch

Do you have a source for this please?


There is a changelog in /usr/share/doc/linux-image* for every kernel installed, are you even using debian anymore? Your posts in the past have been really excellent, but lately you seem a little off balance with regard to debian.
User avatar
bw123
 
Posts: 3264
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 20:38

bw123 wrote:are you even using debian anymore?

I haven't used Debian myself for several years, I prefer less complicated operating systems :)

I do maintain the family laptop though and that's always run Debian stable, I did enable unattended-upgrades once stretch rolled out and I hardly ever touch the box these days. It's wonderful :D
ESTRAGON: We always find something, eh, Didi, to give us the impression we exist?
VLADIMIR (impatiently): Yes, yes, we're magicians.
User avatar
Head_on_a_Stick
 
Posts: 7893
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby stevepusser » 2018-01-14 23:32

Hmmm...just did a rebuild of the backported MX 17 4.14.12-2 kernels overnight on generic Stretch pbuilders to add the Ryzen amd64-microcode patch and have the headers pull in libelf-dev, which is still not fixed in Sid. Headaches: some report the Spectre-mitigated 384.111 Nvidia driver just added to stretch-backports won't build on that kernel, but I was able to do so and use it on my Optimus laptop. They had no issue with the Liquorix kernel, though. That kernel isn't in stretch-backports, though.

If that's true about older kernels, are standard Jessie users up the creek with all 32-bit users now?
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: GIMP 2.10.6, Pale Moon 28.0.1, wine-staging 3.15, qBittorrent 4.1.2, Linux kernel 4.18.6, virtualbox 5.2.18
User avatar
stevepusser
 
Posts: 9898
Joined: 2009-10-06 05:53

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-15 06:30

stevepusser wrote:If that's true about older kernels, are standard Jessie users up the creek with all 32-bit users now?

Well, I wouldn't say that 32-bit users were "up the creek" because the patch developer has committed to work on it, albeit without a timeframe.

Also, the KAISER fix appears to have been used for all kernels not of the 4.14-series so that would mean stretch, jessie and wheezy.

The KAISER patch was originally designed as a strengthened form of KASLR[1] that incorporated more of Grsecurity's work but it does not offer the same level of protection as KPTI, so again I think "up the creek" is perhaps putting it a little strongly.

[1] https://gruss.cc/files/kaiser.pdf
ESTRAGON: We always find something, eh, Didi, to give us the impression we exist?
VLADIMIR (impatiently): Yes, yes, we're magicians.
User avatar
Head_on_a_Stick
 
Posts: 7893
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby Wheelerof4te » 2018-01-18 14:53

https://skyfallattack.com/
Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.

:lol:
User avatar
Wheelerof4te
 
Posts: 1133
Joined: 2015-08-30 20:14

Re: [Switzerland/Usa/Germany] - Cheap SSD VPS 2GB RAM, Disk

Postby acewiza » 2018-01-24 00:31

Neironvps wrote:Neironvps - fast ssd vps Switzerland/Usa/Germany.

Has your equipment all had the Spectre/Meltdown patches applied? :roll:

If so, I don't think you can claim "fast" any longer. :lol:
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 358
Joined: 2013-05-28 12:38
Location: Out West

Re: Meltdown and Spectre patches

Postby bester69 » 2018-04-23 14:37

Hi

I havent upgrade intel-microcode since Meltdown/Spectre intel firmware patches, cos i was afraid they would bringht redundant security cpu cycles over kernel's Meltdown/Spectre already patched. Am I right about this or Should I Upgrade microcode as well?. I dont want to lost any more performance, my cpu is already very down. I guess im asking to myself :D ..what do you think?
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
User avatar
bester69
 
Posts: 1201
Joined: 2015-04-02 13:15

Re: Meltdown and Spectre patches

Postby stevepusser » 2018-04-23 17:32

I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update, but Intel is giving up providing any microcode updates for many older affected processors--they say it's just not feasible. Your machine may be one of those; those are the ones with "stopped" in the chart: https://newsroom.intel.com/wp-content/u ... idance.pdf
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: GIMP 2.10.6, Pale Moon 28.0.1, wine-staging 3.15, qBittorrent 4.1.2, Linux kernel 4.18.6, virtualbox 5.2.18
User avatar
stevepusser
 
Posts: 9898
Joined: 2009-10-06 05:53

Re: Meltdown and Spectre patches

Postby bester69 » 2018-04-23 19:16

stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update, but Intel is giving up providing any microcode updates for many older affected processors--they say it's just not feasible. Your machine may be one of those; those are the ones with "stopped" in the chart: https://newsroom.intel.com/wp-content/u ... idance.pdf


Hi, Steve
Its is Intel Celeron 575 /2Gh,I dont find that model in tables, furthermore here says "status discontinued", so i guess that mean it doesnt matter if i upgrade microcode, cos it wont take any effect.
https://ark.intel.com/products/36680/In ... 67-MHz-FSB

Thanks very much, for your Help, :)
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
User avatar
bester69
 
Posts: 1201
Joined: 2015-04-02 13:15

Re: Meltdown and Spectre patches

Postby None1975 » 2018-04-24 13:59

bester69 wrote:furthermore here says "status discontinued", so i guess that mean it doesnt matter if i upgrade microcode, cos it wont take any effect.

It should not be upset here. As it is written in Intel microcode update guidance
most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities

My processor (Intel® Core™ Processor i7-920) also falls into this list. So what? Let these sophisticated multimillionaires, capitalists, shout.
OS: Debian 9.4 / WM: Xmonad
Debian Wiki | DontBreakDebian, My config files in github
Linux User #607425
User avatar
None1975
 
Posts: 625
Joined: 2015-11-29 18:23
Location: Lithuania, Vilnius

Re: Meltdown and Spectre patches

Postby acewiza » 2018-04-24 16:38

stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update...

>99% of all PC users spend the majority of time idling their systems, with slight bumps up when they actually DO something. Are you timing compile runs and things like that? Only before/after benchmarks tell the true story, so yeah, unless you're "noticing" all this kind of stuff, including some more important performance metrics lower down in the right-side menu you'd probably never know.

Image
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 358
Joined: 2013-05-28 12:38
Location: Out West

Re: Meltdown and Spectre patches

Postby stevepusser » 2018-04-24 17:15

acewiza wrote:
stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update...

>99% of all PC users spend the majority of time idling their systems, with slight bumps up when they actually DO something. Are you timing compile runs and things like that? Only before/after benchmarks tell the true story, so yeah, unless you're "noticing" all this kind of stuff, including some more important performance metrics lower down in the right-side menu you'd probably never know.


Well, yes, I've been building many kernels for MX 15 and 17 on my laptop for months and months now.. I have a pretty good idea how long a build will take now. Perhaps they are taking a few percent longer or not, but like has been said, that's not really noticable to me in without scientific measurements. The user could always run the Phoronix test suite with and without the microcode update to get those, but I don't really have the time to do that.

This is the microcode update. It's well known that the KPTI patches for Meltdown in the 64-bit kernel do reduce performance by some amount, but that's not what I'm talking about.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: GIMP 2.10.6, Pale Moon 28.0.1, wine-staging 3.15, qBittorrent 4.1.2, Linux kernel 4.18.6, virtualbox 5.2.18
User avatar
stevepusser
 
Posts: 9898
Joined: 2009-10-06 05:53

Re: Meltdown and Spectre patches

Postby acewiza » 2018-04-25 16:57

It looks like the performance hit runs around an average of 3%, depending on (obviously) numerous factors, with Intel chips seeing the worst of it: https://www.anandtech.com/show/12678/a-timely-discovery-examining-amd-2nd-gen-ryzen-results
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 358
Joined: 2013-05-28 12:38
Location: Out West

Re: Meltdown and Spectre patches

Postby n_hologram » 2018-04-25 18:29

acewiza wrote:...with Intel chips seeing the worst of it...

Maybe this will be a wake-up call for Intel to design their hardware correctly the first time they make it.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing

the crunkbong project: scripts, operating system, the list goes on...
n_hologram
 
Posts: 433
Joined: 2013-06-16 00:10

Previous

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable