https://www.phoronix.com/scan.php?page= ... le-x86-PTIstevepusser wrote:Since the majority opinion is leaning toward that AMD processors aren't exploitable, you could boot with one of the flags to turn off kpti. Liquorix kernels don't seem to enable it for AMD at all, based on what I saw in the 4.14-11 patch.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Meltdown and Spectre patches
-
- Posts: 459
- Joined: 2013-06-16 00:10
Re: Meltdown and Spectre patches
the crunkbong project: scripts, operating system, the list goes on...bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Meltdown and Spectre patches
CVEs 2017-57{15,53} ("Spectre") still affect _all_ processor types that don't begin with S* and the KTPI patch provides only _partial_ protection for CVE-2017-5754 ("Meltdown").stevepusser wrote:the majority opinion is leaning toward that AMD processors aren't exploitable
AMD assures us that it's processors are not susceptible to CVE-2017-5754 but they would say that, wouldn't they?
deadbang
Re: Meltdown and Spectre patches
I read another blurb somewhere or other that some of the atom processors might be exempt from one issue or the other. I have one of those on my netbook that I use online, so if anybody runs across any actual info that hasn't signed any non-disclosures or retaineded an attorney, or sells clicks as news, let me know...Head_on_a_Stick wrote:CVEs 2017-57{15,53} ("Spectre") still affect _all_ processor types that don't begin with S* and the KTPI patch provides only _partial_ protection for CVE-2017-5754 ("Meltdown").stevepusser wrote:the majority opinion is leaning toward that AMD processors aren't exploitable
AMD assures us that it's processors are not susceptible to CVE-2017-5754 but they would say that, wouldn't they?
resigned by AI ChatGPT
Re: Meltdown and Spectre patches
Then , I guess, there will be thousands of victims in world before than me, I will be pending just in case there is some news about hundreds of users being stolen becouse of Meltdown and spectre, so I put myself in a hurry and decide to patch. This sounds like 2000 effect to me, As for regular users its all an exageration, regular home users dont receive extrange vistants in the night since 2005 or so for Windows (around Win7 kernel) and ever for linux in real life. Its all about common sense.Head_on_a_Stick wrote:That is a very ignorant statement: if the KTPI patch is not applied to your system then an accidentally-opened browser pop-up tab could let an attacker read every keystroke that you make, as well as any passwords stored in your keyring.bester69 wrote:Reading that, as a regular user I woundt care very much about those holes
See https://misc0110.net/web/files/keystroke_js.pdf for a practical example.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 12 times
- Been thanked: 66 times
Re: Meltdown and Spectre patches
@bester69
This is a technical thread about this issue - not about whether you feel it's necessary or not.
Please refrain from any further OT comments.
This is a technical thread about this issue - not about whether you feel it's necessary or not.
Please refrain from any further OT comments.
AdrianTM wrote:There's no hacker in my grandma...
Re: Meltdown and Spectre patches
I'd be interested in to know as well. My netbook runs an Atom, I just updated the kernel in Slackware from 4.4.14 to 4.4.88 - though apparently it needs to be at least 4.4.109. It would be good if it doesn't affect Atoms, since they can take a while to do things.bw123 wrote:I read another blurb somewhere or other that some of the atom processors might be exempt from one issue or the other. I have one of those on my netbook that I use online, so if anybody runs across any actual info that hasn't signed any non-disclosures or retaineded an attorney, or sells clicks as news, let me know...
http://news.softpedia.com/news/linux-ke ... 9215.shtml
Haven't done anything to my Debian box yet though. I've never upgraded the kernel before. Should I do so to 4.9.75?
Last edited by Lysander on 2018-01-07 14:02, edited 1 time in total.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Meltdown and Spectre patches
Debian stable has the KTPI patch that (mostly) protects against Meltdown, now that 4.9.75 has been released upstream it shouldn't be long before oldstable gets the fix applied; not sure about poor old wheezy though.Lysander wrote:Haven't done anything to my Debian box yet though
deadbang
Re: Meltdown and Spectre patches
After a little more research, and reading the changelog I figured out that kpti is auto by default,stevepusser wrote: Since the majority opinion is leaning toward that AMD processors aren't exploitable, you could boot with one of the flags to turn off kpti. Liquorix kernels don't seem to enable it for AMD at all, based on what I saw in the 4.14-11 patch.
and on my amd sempron it is not enabled, I checked like this:
Code: Select all
# dmesg | grep isolation
[ 0.000000] Kernel/User page tables isolation: disabled
resigned by AI ChatGPT
Re: Meltdown and Spectre patches
new stable i386 kernel 4.9.65-3+deb9u2 has no any kpti footprints. is anybody knows why?Head_on_a_Stick wrote:Debian stable has the KTPI patch that (mostly) protects against Meltdown, now that 4.9.75 has been released upstream it shouldn't be long before oldstable gets the fix applied; not sure about poor old wheezy though.Lysander wrote:Haven't done anything to my Debian box yet though
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Meltdown and Spectre patches
I'm not sure what you mean by this, exactly.rinatik wrote:new stable i386 kernel 4.9.65-3+deb9u2 has no any kpti footprints
Can we please see the output of:
Code: Select all
grep TABLE_ISOLATION /boot/config-$(uname -r)
Code: Select all
CONFIG_PAGE_TABLE_ISOLATION=y
deadbang
Re: Meltdown and Spectre patches
Is everyone on this forum working for an enterprise operation or cloud service provider? Because if not, "technically" this is a low-risk, local, read-only exploit that has not yet even been seen in the wild. My passwords, credit card numbers and personal information is still much safer on my own systems that they are spread across who knows how many vendors, doctors, insurance companies, etc, etc, regardless.dilberts_left_nut wrote:This is a technical thread about this issue - not about whether you feel it's necessary or not.
What's all the fuss about?
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
Re: Meltdown and Spectre patches
pls provide uname -a as well. thnx.Head_on_a_Stick wrote:I'm not sure what you mean by this, exactly.rinatik wrote:new stable i386 kernel 4.9.65-3+deb9u2 has no any kpti footprints
Can we please see the output of:A patched kernel will report:Code: Select all
grep TABLE_ISOLATION /boot/config-$(uname -r)
Code: Select all
CONFIG_PAGE_TABLE_ISOLATION=y
Re: Meltdown and Spectre patches
I've been asking myself the same. I mean this has been known and kept hidden since the middle of last year, if not earlier. I assume the lawyers and hotshots and corporations and public relations firms all had their act together, but it was revealed somehow. Now they are scrambling to assure people that everything is okay...acewiza wrote: What's all the fuss about?
resigned by AI ChatGPT
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Meltdown and Spectre patches
Yes but javascript executed by your browser is "local", isn't it?acewiza wrote:"technically" this is a low-risk, local, read-only exploit
Please refer the paper to which I linked for @bester69 for a technical explanation.
This is why Chrom{e,ium} & Firefox have rushed out updates.
deadbang
Re: Meltdown and Spectre patches
there is nothing of that flags on my i686 debian 4.9.65-3+deb9u2Head_on_a_Stick wrote:I'm not sure what you mean by this, exactly.rinatik wrote:new stable i386 kernel 4.9.65-3+deb9u2 has no any kpti footprints
Can we please see the output of:A patched kernel will report:Code: Select all
grep TABLE_ISOLATION /boot/config-$(uname -r)
Code: Select all
CONFIG_PAGE_TABLE_ISOLATION=y
this was meant.
-
- Posts: 459
- Joined: 2013-06-16 00:10
Re: Meltdown and Spectre patches
https://lkml.org/lkml/2017/12/4/709
Does this support bw123's finding from earlier -- that kpti isn't available for 686? Based on the comment above, it looks like 686 needs only TSS mapped RW. I have no idea how to verify, though.Subject [patch 00/60] x86/kpti: Kernel Page Table Isolation (was KAISER)
This series is a major overhaul of the KAISER patches:
1) Entry code
Mostly the same, except for a handful of fixlets and delta
improvements folded into the corresponding patches
New: Map TSS read only into the user space visible mapping
This is 64bit only, as 32bit needs the TSS mapped RW
EDITED: Okay, I had my coffee and realize that my last comment was itself getting off-topic. Opinions really aren't helpful to the original post, and I thought it was obvious from the first post. Maybe a separate thread would be helpful.acewiza wrote:What's all the fuss about?
Last edited by n_hologram on 2018-01-07 16:20, edited 2 times in total.
the crunkbong project: scripts, operating system, the list goes on...bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
Re: Meltdown and Spectre patches
No I was unclear I guess. I am testing/using debian's 4.9.0-5-amd64 kernel on two cpus, an amd sempron and an atom n450. the kernel boots by default with kpti disabled for the sempron, enabled for the atom.n_hologram wrote:Does this support bw123's finding from earlier -- that kpti isn't available for 686? Based on the comment above, it looks like 686 needs only TSS mapped RW. I have no idea how to verify, though.This is 64bit only, as 32bit needs the TSS mapped RW
I have not tested any 686 kernels.
resigned by AI ChatGPT
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: Meltdown and Spectre patches
Real slowdown will come after firmware and BIOS updates:
https://imgur.com/a/zYRap
Horrific. RIP servers on Intel CPUs.
Also, better save those HDDs:
https://www.youtube.com/watch?v=JbhKUjPRk5Q
https://imgur.com/a/zYRap
Horrific. RIP servers on Intel CPUs.
Also, better save those HDDs:
https://www.youtube.com/watch?v=JbhKUjPRk5Q
Re: Meltdown and Spectre patches
Only as it relates to my right index finger. Sorry, I tend to overlook the large body of users who gleefully click any link that crosses their desktop.Head_on_a_Stick wrote:Yes but javascript executed by your browser is "local", isn't it?acewiza wrote:"technically" this is a low-risk, local, read-only exploit
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
Re: Meltdown and Spectre patches
uh, don't look now but this whole thread is in "off-topic" I thought you knew, you started it?n_hologram wrote:EDITED: Okay, I had my coffee and realize that my last comment was itself getting off-topic. Opinions really aren't helpful to the original post, and I thought it was obvious from the first post. Maybe a separate thread would be helpful.
Yeah and with all the publicity, and "experts" who wrote about this, I didn't see one with the common sense to warn people to turn off or filter javascript.acewiza wrote: I tend to overlook the large body of users who gleefully click any link that crosses their desktop.
resigned by AI ChatGPT