You are not logged in.

#1 2018-01-04 11:54:21

Sun For Miles
Member
Registered: 2017-04-12
Posts: 140

Meltdown - Intel CPU design flaw affecting all OS platforms

As you've probably heard, a massive scandal is happening right now regarding Intel about a fatal CPU design flaw which allows programs (or even websites) to read content of a private kernel memory.

Operating systems affected:

- Windows (updates are ready)
- Linux (updates are ready)
- MacOS (update was already in place on December 6th 2017)

OS performance hit after update varies depending on appliactions you (or a server) are using. The biggest slowdown will be for hosting companies where the cost is measured in electricity and harware converted to net gain (so far I have only a friend's report where he stated that big hosting platform running Postgres is hit by 17% slowdown).

Intel CEO sold $24mil of company's shares in November, and Google notified them they've found this flaw in June. Intel then alerted Apple, MS, Canonical, etc under NDA about this. It is expected that Intel will go public with this on January 9th.

Last edited by Sun For Miles (2018-01-04 12:00:54)


Señor Chang, why do you teach Spanish?

Offline

#2 2018-01-04 15:16:34

Sector11
The Tpyo Knig Mod
From: 77345 ¡#
Registered: 2015-08-20
Posts: 5,527

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Hit the local news here this morning.  I'm runnng AMD so that's cool - locally, but any service on line ...

Can't recall if then mentioned if it was an Intel problem though.

Last edited by Sector11 (2018-01-04 15:17:25)


BunsenLabs Forum Rules ---== I'm a Conky 1.9'er ==---
System:    Host: d67 Kernel: 4.9.0-9-amd64 x86_64 (64 bit gcc: 6.3.0)
Desktop: Openbox 3.6.1 Distro: Debian GNU/Linux 9 (stretch)

Offline

#3 2018-01-04 16:27:49

earlybird
ほやほや
Registered: 2015-12-16
Posts: 717
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Sun For Miles wrote:

OS performance hit after update varies depending on appliactions you (or a server) are using. The biggest slowdown will be for hosting companies where the cost is measured in electricity and harware converted to net gain (so far I have only a friend's report where he stated that big hosting platform running Postgres is hit by 17% slowdown).

Given a company who a) are in the process of moving to the Amazon cloud and b) painstakingly optimized for cost and performance to fit the requirements juuuuust right, I am ready to tell them: Your cost are going to increase by 1/5. This is not the news you like to bring to a meeting with the CEO...probably could've stayed on bare metal or RedHat support + openstack/openshift for that money. Depending on how much in billings they give Amazon/Azure/GCE every month already, this amount can be huge.

Anyway, I wonder how big the impact on my laptop computer will be (I'm not thrilled by losing even 5% of performance because the device is already slowish). Unfortunately, in the laptop market, Intel is the only choice if you need great battery life (the pstate driver is very good (experience is limited to Haswell)). The solution is probably going to be to buy an i7 instead of i5 in order to compensate for the performance loss...

People start pointing at ARM64, RISCV and other more simple and modern architectures (x86 is really a monster at this point, there are probably numerous other, to-be-known ways to attack it), but even assuming there is a good SoC for e.g. laptops based on ARM, the driver situation, esp. when it comes to graphics, is a catastrophe. ARM64 SoC plus regular Nvidia discrete GPU plus on-board Mali GPU with flawless switching and stable drivers? I'd buy this.

Offline

#4 2018-01-04 16:42:20

vinzv
Member
Registered: 2017-09-12
Posts: 185
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

earlybird wrote:

Anyway, I wonder how big the impact on my laptop computer will be (I'm not thrilled by losing even 5% of performance because the device is already slowish). Unfortunately, in the laptop market, Intel is the only choice if you need great battery life (the pstate driver is very good (experience is limited to Haswell)). The solution is probably going to be to buy an i7 instead of i5 in order to compensate for the performance loss...

German tech website Computerbase ran some benchmarks with recent Kabylake CPUs: https://www.computerbase.de/2018-01/int … itsluecke/
They also took an Intel Core i7-4600U which gave no real loss on performance besides measurement inaccuracies.

In general the figures of "...30% loss on performance..." haunting through tech press have to be taken with a grain of salt as these are extreme examples. As long as there aren't any in-depth benchmarks I wouldn't rely on any thing circulating.

Offline

#5 2018-01-04 18:43:53

greystarr
New Member
From: Florida
Registered: 2018-01-04
Posts: 4
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Sector11 wrote:

Hit the local news here this morning.  I'm runnng AMD so that's cool - locally, but any service on line ...

Can't recall if then mentioned if it was an Intel problem though.

AMD is effected, not all chips but a few I believe. The tested variants from Google are in the link below alongside a statement provided by AMD in regards to the flaw.

https://googleprojectzero.blogspot.com/
http://www.amd.com/en/corporate/speculative-execution


"Ask me how to exit vim."
twitter.com/@gnubsean
PGP: 0x30b2d0fc9a828a36

Offline

#6 2018-01-04 23:28:22

BLizgreat!
Resident Babbler - vll!
Registered: 2015-10-03
Posts: 1,018

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Been a rough one for Intel and a happy new year. All this has me thinking about going AMD only in future, first the Minix thing, which I view as mostly harmless anyway, now this. Far as I know, this old system/cpu isn't affected by this but 17% performance hit definitely qualifies as an ouchie for sys-admins. Intel step up your game !

Offline

#7 2018-01-04 23:40:53

vinzv
Member
Registered: 2017-09-12
Posts: 185
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Imho Intel for way too long has been resting on their crown. But looking at AMD's driver code quality doesn't make me trust them too far.
As earlybird wrote: it's about time for some really dedicated vendor!

Offline

#8 2018-01-05 03:39:45

C#Coder4ever
BL Keyboard Troll
From: /dev/zero
Registered: 2015-09-29
Posts: 261

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

While I'm glad to be on AMD (at least on the primary system), it seems ALL modern CPU's are affected by Spectre, though Meltdown appears to be an Intel-exclusive issue at the moment.


Peripheral, SBC, and router addict lmao
Keeb & SSD Discussions | GitLab

Offline

#9 2018-01-05 03:48:30

jr2
Member
Registered: 2017-12-24
Posts: 52

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

(ninjad by C#)
It seems there are two CPU bugs just coming up.

Meltdown: Intel, fixes out but performance hit.

Spectre: Intel, AMD and ARM, fix will take time.

https://www.japantimes.co.jp/news/2018/ … ters-risk/


normal service will be resumed as soon as possible

Offline

#10 2018-01-05 10:43:31

ector1935
Member
Registered: 2017-05-03
Posts: 150

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

It seems that it is a very serious thing for all CPUs!
And the corrections seem to be different
https://www.tomshw.it/bug-microprocesso … ctre-90564

https://googleprojectzero.blogspot.it/2 … -side.html

Last edited by ector1935 (2018-01-05 10:53:57)

Offline

#11 2018-01-05 11:53:52

earlybird
ほやほや
Registered: 2015-12-16
Posts: 717
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

vinzv wrote:

In general the figures of "...30% loss on performance..." haunting through tech press have to be taken with a grain of salt as these are extreme examples. As long as there aren't any in-depth benchmarks I wouldn't rely on any thing circulating.

This is a good point, I'm curious myself. Wondering if huge backup I/O load (rsyncing entire file systems with lots of files) is going to cause noticably degraded performance.

Offline

#12 2018-01-05 15:16:23

bigbenaugust
Member
From: unc.edu / the 919 / KIGX
Registered: 2017-05-20
Posts: 156

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Time for a RPi port of BL? wink

Also, I see I have a new kernel update today... hmm... hang on while I reboot.


--Ben
BL / MX / Raspbian... and a whole bunch of RHEL boxes. :)

Offline

#13 2018-01-05 15:26:31

Sector11
The Tpyo Knig Mod
From: 77345 ¡#
Registered: 2015-08-20
Posts: 5,527

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

I'm going to hold off on those:

Fetched 164 MB in 1min 19s (2,059 kB/s)                                                                          
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
critical bugs of linux-image-3.16.0-4-amd64 (3.16.43-2+deb8u5 → 3.16.51-3) <Outstanding>
 b1 - #884762 - linux-image-3.16.0-4-amd64: Kernel panic on boot (rest_init / build_sched_domains) make system unbootable
serious bugs of thunderbird (1:52.4.0-1~deb8u1 → 1:52.5.2-2~deb8u1) <Resolved in some Version>
 b2 - #885157 - thunderbird: Upgrading from 1:52.5.0-1 to 1:52.5.2-1 enforces the AppArmor profile (Fixed: thunderbird/1:52.5.2-2)
Summary:
 linux-image-3.16.0-4-amd64(1 bug), thunderbird(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?/...] 

BunsenLabs Forum Rules ---== I'm a Conky 1.9'er ==---
System:    Host: d67 Kernel: 4.9.0-9-amd64 x86_64 (64 bit gcc: 6.3.0)
Desktop: Openbox 3.6.1 Distro: Debian GNU/Linux 9 (stretch)

Offline

#14 2018-01-05 16:03:56

vinzv
Member
Registered: 2017-09-12
Posts: 185
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

bigbenaugust wrote:

Time for a RPi port of BL? wink

Haven't tried it myself yet but as there are BL packages for armhf available you could just take Raspbian Lite and run BL install script afterwards.

Offline

#15 2018-01-05 16:53:05

bigbenaugust
Member
From: unc.edu / the 919 / KIGX
Registered: 2017-05-20
Posts: 156

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Sector11 wrote:

I'm going to hold off on those:

Fetched 164 MB in 1min 19s (2,059 kB/s)                                                                          
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
critical bugs of linux-image-3.16.0-4-amd64 (3.16.43-2+deb8u5 → 3.16.51-3) <Outstanding>
 b1 - #884762 - linux-image-3.16.0-4-amd64: Kernel panic on boot (rest_init / build_sched_domains) make system unbootable
serious bugs of thunderbird (1:52.4.0-1~deb8u1 → 1:52.5.2-2~deb8u1) <Resolved in some Version>
 b2 - #885157 - thunderbird: Upgrading from 1:52.5.0-1 to 1:52.5.2-1 enforces the AppArmor profile (Fixed: thunderbird/1:52.5.2-2)
Summary:
 linux-image-3.16.0-4-amd64(1 bug), thunderbird(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?/...] 

Oh, this is in my Helium box, so it's 4.9. I haven't checked my Deuterium box at home since last night... but that doesn't look good.


--Ben
BL / MX / Raspbian... and a whole bunch of RHEL boxes. :)

Offline

#16 2018-01-05 18:06:22

bigbenaugust
Member
From: unc.edu / the 919 / KIGX
Registered: 2017-05-20
Posts: 156

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

vinzv wrote:

Haven't tried it myself yet but as there are BL packages for armhf available you could just take Raspbian Lite and run BL install script afterwards.

Hmmm... shoot, I just upgraded it to Raspbian Stretch, too.


--Ben
BL / MX / Raspbian... and a whole bunch of RHEL boxes. :)

Offline

#17 2018-01-05 18:46:21

greystarr
New Member
From: Florida
Registered: 2018-01-04
Posts: 4
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

C#Coder4ever wrote:

..it seems ALL modern CPU's are affected by Spectre, though Meltdown appears to be an Intel-exclusive issue at the moment.

I've been trying to explain this to everyone that I talk to, however, no one is in that much of a panic that I can see.

“Intel believes these exploits do not have the potential to corrupt, modify or delete data.” Indeed, the attacks and exploits reported so far can suck data out of the kernel, but not put any data back into kernel space.

https://nakedsecurity.sophos.com/2018/0 … s-patches/

At least that's what they believe. No big deal.. lol.


"Ask me how to exit vim."
twitter.com/@gnubsean
PGP: 0x30b2d0fc9a828a36

Offline

#18 2018-01-05 19:33:17

tknomanzr
BL Die Hard
From: Around the Bend
Registered: 2015-09-29
Posts: 1,029

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

vinzv wrote:
bigbenaugust wrote:

Time for a RPi port of BL? wink

Haven't tried it myself yet but as there are BL packages for armhf available you could just take Raspbian Lite and run BL install script afterwards.

This is something I would like to have the time to do.

Offline

#19 2018-01-05 19:46:25

dobl
Member
Registered: 2017-12-08
Posts: 35

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

C#Coder4ever wrote:

..it seems ALL modern CPU's are affected by Spectre, though Meltdown appears to be an Intel-exclusive issue at the moment.

no, not only macOS powered hardware but iOS too which means ARM cpu's by Apple have the same problems as Intel's.
As they advised: only S* processors are safe, be it actually design or watchOS feature.
"near zero risk" in AMD PR probably means that total block is much easier to execute by patching

Last edited by dobl (2018-01-05 20:03:18)

Offline

#20 2018-01-05 20:10:06

C#Coder4ever
BL Keyboard Troll
From: /dev/zero
Registered: 2015-09-29
Posts: 261

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

dobl wrote:
C#Coder4ever wrote:

..it seems ALL modern CPU's are affected by Spectre, though Meltdown appears to be an Intel-exclusive issue at the moment.

no, not only macOS powered hardware but iOS too which means ARM cpu's by Apple have the same problems as Intel's.
As they advised: only S* processors are safe, be it actually design or watchOS feature
"near zero risk" in AMD PR probably means that total block is much easier to execute by patching

Umm that's what I said?

as for the second part, all my whats.

Last edited by C#Coder4ever (2018-01-05 20:10:58)


Peripheral, SBC, and router addict lmao
Keeb & SSD Discussions | GitLab

Offline

#21 2018-01-05 20:39:13

ector1935
Member
Registered: 2017-05-03
Posts: 150

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

Offline

#22 2018-01-05 22:41:32

vinzv
Member
Registered: 2017-09-12
Posts: 185
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

tknomanzr wrote:
vinzv wrote:
bigbenaugust wrote:

Time for a RPi port of BL? wink

Haven't tried it myself yet but as there are BL packages for armhf available you could just take Raspbian Lite and run BL install script afterwards.

This is something I would like to have the time to do.

Similar here. At first I need to find time for digging after a RPi in my basement... *sighs*

Offline

#23 2018-01-06 09:48:05

ohnonot
...again
Registered: 2015-09-29
Posts: 3,895
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

earlybird wrote:
vinzv wrote:

In general the figures of "...30% loss on performance..." haunting through tech press have to be taken with a grain of salt as these are extreme examples. As long as there aren't any in-depth benchmarks I wouldn't rely on any thing circulating.

This is a good point, I'm curious myself. Wondering if huge backup I/O load (rsyncing entire file systems with lots of files) is going to cause noticably degraded performance.

my kernel is now patched, and i see no performance difference.
someone (HoaS?) said performance drops after the patch are worst for virtualisation, which, afaiu, is also where the flaw is at its most dangerous unpatched.

here a list of patched kernels:
http://news.softpedia.com/news/linux-ke … 9215.shtml

Offline

#24 2018-01-06 12:18:56

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

ohnonot wrote:

(HoaS?) said performance drops after the patch are worst for virtualisation

https://forums.bunsenlabs.org/viewtopic … 303#p66303

I was just parroting what more expert users on other forums have been saying though.

The kernel in Debian stretch (and Arch) has the sticking-plaster (partial) fix applied, check with:

grep TABLE_ISOLATION /boot/config-$(uname -r)

A patched kernel will report:

CONFIG_PAGE_TABLE_ISOLATION=y

Test for the speed differences by pressing "e" with the BunsenLabs GRUB menuentry highlighted and adding this to the end of the line that starts with "linux":

notpi

Then press <Ctrl>+x (at the same time) to boot the modified entry and disable the protections.

Be warned though: without the KTPI patch, the system is wide open.

All BunsenLabs Hydrogen/Deuterium users are currently vulnerable, sorry.

Last edited by Head_on_a_Stick (2018-01-06 15:14:34)


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#25 2018-01-06 16:14:15

vinzv
Member
Registered: 2017-09-12
Posts: 185
Website

Re: Meltdown - Intel CPU design flaw affecting all OS platforms

ohnonot wrote:

someone (HoaS?) said performance drops after the patch are worst for virtualisation, which, afaiu, is also where the flaw is at its most dangerous unpatched.

Epic Games patched their gaming servers leading to more than doubled CPU load: https://www.epicgames.com/fortnite/foru … ity-update

Offline

Board footer

Powered by FluxBB