Page 5 of 6

Re: Meltdown and Spectre patches

Posted: 2018-01-14 20:09
by bw123
Head_on_a_Stick wrote:
bw123 wrote:According to the changelog "on debian" they added a "nokaiser" switch
Do you have a source for this please?
There is a changelog in /usr/share/doc/linux-image* for every kernel installed, are you even using debian anymore? Your posts in the past have been really excellent, but lately you seem a little off balance with regard to debian.

Re: Meltdown and Spectre patches

Posted: 2018-01-14 20:38
by Head_on_a_Stick
bw123 wrote:are you even using debian anymore?
I haven't used Debian myself for several years, I prefer less complicated operating systems :)

I do maintain the family laptop though and that's always run Debian stable, I did enable unattended-upgrades once stretch rolled out and I hardly ever touch the box these days. It's wonderful :D

Re: Meltdown and Spectre patches

Posted: 2018-01-14 23:32
by stevepusser
Hmmm...just did a rebuild of the backported MX 17 4.14.12-2 kernels overnight on generic Stretch pbuilders to add the Ryzen amd64-microcode patch and have the headers pull in libelf-dev, which is still not fixed in Sid. Headaches: some report the Spectre-mitigated 384.111 Nvidia driver just added to stretch-backports won't build on that kernel, but I was able to do so and use it on my Optimus laptop. They had no issue with the Liquorix kernel, though. That kernel isn't in stretch-backports, though.

If that's true about older kernels, are standard Jessie users up the creek with all 32-bit users now?

Re: Meltdown and Spectre patches

Posted: 2018-01-15 06:30
by Head_on_a_Stick
stevepusser wrote:If that's true about older kernels, are standard Jessie users up the creek with all 32-bit users now?
Well, I wouldn't say that 32-bit users were "up the creek" because the patch developer has committed to work on it, albeit without a timeframe.

Also, the KAISER fix appears to have been used for all kernels not of the 4.14-series so that would mean stretch, jessie and wheezy.

The KAISER patch was originally designed as a strengthened form of KASLR[1] that incorporated more of Grsecurity's work but it does not offer the same level of protection as KPTI, so again I think "up the creek" is perhaps putting it a little strongly.

[1] https://gruss.cc/files/kaiser.pdf

Re: Meltdown and Spectre patches

Posted: 2018-01-18 14:53
by Wheelerof4te
https://skyfallattack.com/
Skyfall and Solace are two speculative attacks based on the work highlighted by Meltdown and Spectre.
:lol:

Re: [Switzerland/Usa/Germany] - Cheap SSD VPS 2GB RAM, Disk

Posted: 2018-01-24 00:31
by acewiza
Neironvps wrote:Neironvps - fast ssd vps Switzerland/Usa/Germany.
Has your equipment all had the Spectre/Meltdown patches applied? :roll:

If so, I don't think you can claim "fast" any longer. :lol:

Re: Meltdown and Spectre patches

Posted: 2018-04-23 14:37
by bester69
Hi

I havent upgrade intel-microcode since Meltdown/Spectre intel firmware patches, cos i was afraid they would bringht redundant security cpu cycles over kernel's Meltdown/Spectre already patched. Am I right about this or Should I Upgrade microcode as well?. I dont want to lost any more performance, my cpu is already very down. I guess im asking to myself :D ..what do you think?

Re: Meltdown and Spectre patches

Posted: 2018-04-23 17:32
by stevepusser
I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update, but Intel is giving up providing any microcode updates for many older affected processors--they say it's just not feasible. Your machine may be one of those; those are the ones with "stopped" in the chart: https://newsroom.intel.com/wp-content/u ... idance.pdf

Re: Meltdown and Spectre patches

Posted: 2018-04-23 19:16
by bester69
stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update, but Intel is giving up providing any microcode updates for many older affected processors--they say it's just not feasible. Your machine may be one of those; those are the ones with "stopped" in the chart: https://newsroom.intel.com/wp-content/u ... idance.pdf
Hi, Steve
Its is Intel Celeron 575 /2Gh,I dont find that model in tables, furthermore here says "status discontinued", so i guess that mean it doesnt matter if i upgrade microcode, cos it wont take any effect.
https://ark.intel.com/products/36680/In ... 67-MHz-FSB

Thanks very much, for your Help, :)

Re: Meltdown and Spectre patches

Posted: 2018-04-24 13:59
by None1975
bester69 wrote:furthermore here says "status discontinued", so i guess that mean it doesnt matter if i upgrade microcode, cos it wont take any effect.
It should not be upset here. As it is written in Intel microcode update guidance
most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities
My processor (Intel® Core™ Processor i7-920) also falls into this list. So what? Let these sophisticated multimillionaires, capitalists, shout.

Re: Meltdown and Spectre patches

Posted: 2018-04-24 16:38
by acewiza
stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update...
>99% of all PC users spend the majority of time idling their systems, with slight bumps up when they actually DO something. Are you timing compile runs and things like that? Only before/after benchmarks tell the true story, so yeah, unless you're "noticing" all this kind of stuff, including some more important performance metrics lower down in the right-side menu you'd probably never know.

Image

Re: Meltdown and Spectre patches

Posted: 2018-04-24 17:15
by stevepusser
acewiza wrote:
stevepusser wrote:I have not noticed any loss of performance with my Skylake CPU after the latest Debian microcode update...
>99% of all PC users spend the majority of time idling their systems, with slight bumps up when they actually DO something. Are you timing compile runs and things like that? Only before/after benchmarks tell the true story, so yeah, unless you're "noticing" all this kind of stuff, including some more important performance metrics lower down in the right-side menu you'd probably never know.
Well, yes, I've been building many kernels for MX 15 and 17 on my laptop for months and months now.. I have a pretty good idea how long a build will take now. Perhaps they are taking a few percent longer or not, but like has been said, that's not really noticable to me in without scientific measurements. The user could always run the Phoronix test suite with and without the microcode update to get those, but I don't really have the time to do that.

This is the microcode update. It's well known that the KPTI patches for Meltdown in the 64-bit kernel do reduce performance by some amount, but that's not what I'm talking about.

Re: Meltdown and Spectre patches

Posted: 2018-04-25 16:57
by acewiza
It looks like the performance hit runs around an average of 3%, depending on (obviously) numerous factors, with Intel chips seeing the worst of it: https://www.anandtech.com/show/12678/a- ... en-results

Re: Meltdown and Spectre patches

Posted: 2018-04-25 18:29
by n_hologram
acewiza wrote:...with Intel chips seeing the worst of it...
Maybe this will be a wake-up call for Intel to design their hardware correctly the first time they make it.