Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
new side channel attacks on intel processors
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1629

PostPosted: Thu May 16, 2019 9:17 pm    Post subject: new side channel attacks on intel processors Reply with quote

As probably some of you read about the new attacks, I was just wonder when there will be an update from gentoo. According to sdnet only redhat and ubuntu released patches.

https://www.zdnet.com/article/patch-status-for-the-new-mds-attacks-against-intel-cpus/

More details about the attacks can be found here:
https://thehackernews.com/2019/05/intel-processor-vulnerabilities.html
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5699
Location: Removed by Neddy

PostPosted: Thu May 16, 2019 10:07 pm    Post subject: Re: new side channel attacks on intel processors Reply with quote

queen wrote:
As probably some of you read about the new attacks, I was just wonder when there will be an update from gentoo. According to sdnet only redhat and ubuntu released patches.

https://www.zdnet.com/article/patch-status-for-the-new-mds-attacks-against-intel-cpus/

More details about the attacks can be found here:
https://thehackernews.com/2019/05/intel-processor-vulnerabilities.html


http://lkml.iu.edu/hypermail/linux/kernel/1905.1/05371.html

Greg Kroah-Hartman has issued Linux 5.1.2, 5.0.16, 4.19.43, 4.14.119, and 4.9.176 with these now public mitigation patches that pair with Intel's CPU microcode for mitigating this latest set of speculative execution side-channel vulnerabilities.




Quote:
eix gentoo-sources
[?] sys-kernel/gentoo-sources
Available versions:
(4.4.176) 4.4.176^bs
(4.4.177) (~)4.4.177^bs
(4.4.178) (~)4.4.178^bs
(4.4.179) 4.4.179^bs
(4.9.162-r1) 4.9.162-r1^bs
(4.9.171) 4.9.171^bs
(4.9.172) (~)4.9.172^bs
(4.9.173) (~)4.9.173^bs
(4.9.174) (~)4.9.174^bs
(4.9.175) (~)4.9.175^bs
(4.9.176) (~)4.9.176^bs
(4.14.105-r1) 4.14.105-r1^bs
(4.14.114) 4.14.114^bs
(4.14.115) (~)4.14.115^bs
(4.14.116) (~)4.14.116^bs
(4.14.117) (~)4.14.117^bs
(4.14.118) (~)4.14.118^bs
(4.14.119) (~)4.14.119^bs
(4.19.27-r1) 4.19.27-r1^bs
(4.19.37) 4.19.37^bs
(4.19.38) (~)4.19.38^bs
(4.19.39) (~)4.19.39^bs
(4.19.40) (~)4.19.40^bs
(4.19.41) (~)4.19.41^bs
(4.19.42) (~)4.19.42^bs
(4.19.43) (~)4.19.43^bs
(5.0.16) (~)5.0.16^bs
(5.1.2) (~)5.1.2^bs


https://packages.gentoo.org/packages/sys-kernel/gentoo-sources
The associated cleanup and sources made available was on wednesday 15.

Typically it is a good idea to ignore sensationalistic news sources and actually check
1) when the patches are released
2) has gentoo released them

typically when it comes to security, gentoo are on the ball
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
etnull
Apprentice
Apprentice


Joined: 26 Mar 2019
Posts: 171

PostPosted: Fri May 17, 2019 4:06 pm    Post subject: Reply with quote

I'm using ck-sources-4.19.2 version of kernel is it fixed in there?
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18107

PostPosted: Fri May 17, 2019 5:15 pm    Post subject: Re: new side channel attacks on intel processors Reply with quote

Naib wrote:
Typically it is a good idea to ignore sensationalistic news sources and actually check
1) when the patches are released
2) has gentoo released them

typically when it comes to security, gentoo are on the ball
Is there a non-sensationalized source that covers the ongoing release of CPU related vulnerabilities? Keeping up with them is a challenge. Last I heard, kernel-folk don't provide security releases.
_________________
Those who know what's best for us must rise and save us from ourselves.
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5699
Location: Removed by Neddy

PostPosted: Fri May 17, 2019 7:54 pm    Post subject: Reply with quote

etnull wrote:
I'm using ck-sources-4.19.2 version of kernel is it fixed in there?
go check. the gentoo-sources are up to date
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
axl
l33t
l33t


Joined: 11 Oct 2002
Posts: 708
Location: Romania

PostPosted: Fri May 17, 2019 8:05 pm    Post subject: Reply with quote

Well, I guess we can throw our intels away.

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

This is the last straw. They will not even update some of their old cpus. I can't believe it. 990x is an extreme edition i7 cpu with 6 cores and 12 megs of cache. it's a monster of a cpu. Nope... not going to update it. I guess Q1 of 2011 is obsolete now according to Intel. How do you guys feel about this?
Back to top
View user's profile Send private message
wuzzerd
Guru
Guru


Joined: 05 Jan 2005
Posts: 455
Location: New Mexico

PostPosted: Fri May 17, 2019 10:03 pm    Post subject: Reply with quote

axl wrote:
Well, I guess we can throw our intels away.


Time to get a nice used AMD something. We might send our old intel motherboards back to the source.
Back to top
View user's profile Send private message
etnull
Apprentice
Apprentice


Joined: 26 Mar 2019
Posts: 171

PostPosted: Fri May 17, 2019 10:38 pm    Post subject: Reply with quote

so basically that kernel blob is useless anyway for an old CPU... great...
Back to top
View user's profile Send private message
duane
n00b
n00b


Joined: 03 Jun 2002
Posts: 63
Location: Oklahoma City

PostPosted: Sat May 18, 2019 12:25 am    Post subject: Reply with quote

I've been living without any hope of spectre protection for more than a year now. This won't change much.

And people will still buy intel, sad to say.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5956

PostPosted: Sat May 18, 2019 6:33 pm    Post subject: Reply with quote

My Phenom II's still running as good as ever. Better than ever actually, last time I updated the BIOS it gave me a free extra core...

You're in your right to demand a refund, no matter how old your Intel product is, since speculative execution was known to be dangerous when it was introduced over 20 years ago. They've been selling known-defective products ever since (and continue to do so - no hardware fixes have emerged yet).
Back to top
View user's profile Send private message
bammbamm808
Guru
Guru


Joined: 08 Dec 2002
Posts: 490
Location: Hawaii

PostPosted: Sat May 18, 2019 7:03 pm    Post subject: Reply with quote

My Ryzen decision just keeps getting better and better.
_________________
Asrock X470 Taichi
Ryzen 2700x
32Gb Samsung B-die (16GB dual rank x2) DDR4
Geforce GTX 1060 6GB
Samsung Evo 840 500Gb +Seagate 1TB HDD
Etc....
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1629

PostPosted: Sat May 18, 2019 9:58 pm    Post subject: Reply with quote

First of all, thanks for all the answers. I know some of the guys that published the articles, so I can ask them now more about patches. Besides that, I attended a conference (few days before the articles were published) and someone asked the lecturer from Intel what they are doing regarding the bugs or it's more of the same?

The lecturer said that they take seriously the bugs (and they have a special group for that), but he also mentioned that they do more of the same. The feeling was that more of the same prevails.

A former chief architect from Intel said when spectre and meltdown appeared that to develop a new cpu it takes 5 years.

Indeed, it's time to ditch the intel cpu's (at least for the time being). Which AMD cpu is recommended for laptop?
Back to top
View user's profile Send private message
queen
Veteran
Veteran


Joined: 19 Jul 2005
Posts: 1629

PostPosted: Sat May 18, 2019 10:13 pm    Post subject: Reply with quote

Ant P. wrote:
My Phenom II's still running as good as ever. Better than ever actually, last time I updated the BIOS it gave me a free extra core...

You're in your right to demand a refund, no matter how old your Intel product is, since speculative execution was known to be dangerous when it was introduced over 20 years ago. They've been selling known-defective products ever since (and continue to do so - no hardware fixes have emerged yet).


This goes even "better". They tried to buy one of the publishers last year under NDA. Of course he refused and continues to publish.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5956

PostPosted: Sun May 19, 2019 12:54 am    Post subject: Reply with quote

queen wrote:
Which AMD cpu is recommended for laptop?

Usually the thing to watch out for is the GPU, some of the mobile models have historically been awfully unstable. I haven't heard as many complaints about the newer ones.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum