Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Meltdown and Spectre patches

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: Meltdown and Spectre patches

#91 Post by bw123 »

Head_on_a_Stick wrote:
bw123 wrote:According to the changelog "on debian" they added a "nokaiser" switch
Do you have a source for this please?
There is a changelog in /usr/share/doc/linux-image* for every kernel installed, are you even using debian anymore? Your posts in the past have been really excellent, but lately you seem a little off balance with regard to debian.
resigned by AI ChatGPT

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Meltdown and Spectre patches

#92 Post by Head_on_a_Stick »

bw123 wrote:are you even using debian anymore?
I haven't used Debian myself for several years, I prefer less complicated operating systems :)

I do maintain the family laptop though and that's always run Debian stable, I did enable unattended-upgrades once stretch rolled out and I hardly ever touch the box these days. It's wonderful :D
deadbang

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Meltdown and Spectre patches

#93 Post by stevepusser »

Hmmm...just did a rebuild of the backported MX 17 4.14.12-2 kernels overnight on generic Stretch pbuilders to add the Ryzen amd64-microcode patch and have the headers pull in libelf-dev, which is still not fixed in Sid. Headaches: some report the Spectre-mitigated 384.111 Nvidia driver just added to stretch-backports won't build on that kernel, but I was able to do so and use it on my Optimus laptop. They had no issue with the Liquorix kernel, though. That kernel isn't in stretch-backports, though.

If that's true about older kernels, are standard Jessie users up the creek with all 32-bit users now?
MX Linux packager and developer

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Meltdown and Spectre patches

#94 Post by Head_on_a_Stick »

stevepusser wrote:If that's true about older kernels, are standard Jessie users up the creek with all 32-bit users now?
Well, I wouldn't say that 32-bit users were "up the creek" because the patch developer has committed to work on it, albeit without a timeframe.

Also, the KAISER fix appears to have been used for all kernels not of the 4.14-series so that would mean stretch, jessie and wheezy.

The KAISER patch was originally designed as a strengthened form of KASLR[1] that incorporated more of Grsecurity's work but it does not offer the same level of protection as KPTI, so again I think "up the creek" is perhaps putting it a little strongly.

[1] https://gruss.cc/files/kaiser.pdf
deadbang

Wheelerof4te
Posts: 1454
Joined: 2015-08-30 20:14

Re: Meltdown and Spectre patches

#95 Post by Wheelerof4te »

https://skyfallattack.com/
Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.
:lol:

User avatar
acewiza
Posts: 357
Joined: 2013-05-28 12:38
Location: Out West

Re: [Switzerland/Usa/Germany] - Cheap SSD VPS 2GB RAM, Disk

#96 Post by acewiza »

Neironvps wrote:Neironvps - fast ssd vps Switzerland/Usa/Germany.
Has your equipment all had the Spectre/Meltdown patches applied? :roll:

If so, I don't think you can claim "fast" any longer. :lol:
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Meltdown and Spectre patches

#97 Post by bester69 »

Hi

I havent upgrade intel-microcode since Meltdown/Spectre intel firmware patches, cos i was afraid they would bringht redundant security cpu cycles over kernel's Meltdown/Spectre already patched. Am I right about this or Should I Upgrade microcode as well?. I dont want to lost any more performance, my cpu is already very down. I guess im asking to myself :D ..what do you think?
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Meltdown and Spectre patches

#98 Post by stevepusser »

I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update, but Intel is giving up providing any microcode updates for many older affected processors--they say it's just not feasible. Your machine may be one of those; those are the ones with "stopped" in the chart: https://newsroom.intel.com/wp-content/u ... idance.pdf
MX Linux packager and developer

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Meltdown and Spectre patches

#99 Post by bester69 »

stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update, but Intel is giving up providing any microcode updates for many older affected processors--they say it's just not feasible. Your machine may be one of those; those are the ones with "stopped" in the chart: https://newsroom.intel.com/wp-content/u ... idance.pdf
Hi, Steve
Its is Intel Celeron 575 /2Gh,I dont find that model in tables, furthermore here says "status discontinued", so i guess that mean it doesnt matter if i upgrade microcode, cos it wont take any effect.
https://ark.intel.com/products/36680/In ... 67-MHz-FSB

Thanks very much, for your Help, :)
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Re: Meltdown and Spectre patches

#100 Post by None1975 »

bester69 wrote:furthermore here says "status discontinued", so i guess that mean it doesnt matter if i upgrade microcode, cos it wont take any effect.
It should not be upset here. As it is written in Intel microcode update guidance
most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities
My processor (Intel® Core™ Processor i7-920) also falls into this list. So what? Let these sophisticated multimillionaires, capitalists, shout.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

User avatar
acewiza
Posts: 357
Joined: 2013-05-28 12:38
Location: Out West

Re: Meltdown and Spectre patches

#101 Post by acewiza »

stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update...
>99% of all PC users spend the majority of time idling their systems, with slight bumps up when they actually DO something. Are you timing compile runs and things like that? Only before/after benchmarks tell the true story, so yeah, unless you're "noticing" all this kind of stuff, including some more important performance metrics lower down in the right-side menu you'd probably never know.

Image
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.

User avatar
stevepusser
Posts: 12930
Joined: 2009-10-06 05:53
Has thanked: 41 times
Been thanked: 71 times

Re: Meltdown and Spectre patches

#102 Post by stevepusser »

acewiza wrote:
stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update...
>99% of all PC users spend the majority of time idling their systems, with slight bumps up when they actually DO something. Are you timing compile runs and things like that? Only before/after benchmarks tell the true story, so yeah, unless you're "noticing" all this kind of stuff, including some more important performance metrics lower down in the right-side menu you'd probably never know.
Well, yes, I've been building many kernels for MX 15 and 17 on my laptop for months and months now.. I have a pretty good idea how long a build will take now. Perhaps they are taking a few percent longer or not, but like has been said, that's not really noticable to me in without scientific measurements. The user could always run the Phoronix test suite with and without the microcode update to get those, but I don't really have the time to do that.

This is the microcode update. It's well known that the KPTI patches for Meltdown in the 64-bit kernel do reduce performance by some amount, but that's not what I'm talking about.
MX Linux packager and developer

User avatar
acewiza
Posts: 357
Joined: 2013-05-28 12:38
Location: Out West

Re: Meltdown and Spectre patches

#103 Post by acewiza »

It looks like the performance hit runs around an average of 3%, depending on (obviously) numerous factors, with Intel chips seeing the worst of it: https://www.anandtech.com/show/12678/a- ... en-results
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.

n_hologram
Posts: 459
Joined: 2013-06-16 00:10

Re: Meltdown and Spectre patches

#104 Post by n_hologram »

acewiza wrote:...with Intel chips seeing the worst of it...
Maybe this will be a wake-up call for Intel to design their hardware correctly the first time they make it.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
the crunkbong project: scripts, operating system, the list goes on...

Post Reply