Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Meltdown and Spectre Becoming a Nightmare for Everyone
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2150

PostPosted: Mon Jan 08, 2018 6:44 pm    Post subject: Meltdown and Spectre Becoming a Nightmare for Everyone Reply with quote

First blaming people's AV for not getting a patch, even then the patch is breaking Windows on some AMD based chipsets.

Does anyone do enterprise management of Windows machines also? How are you coping?
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim


Last edited by Bigun on Tue Jan 23, 2018 12:28 pm; edited 1 time in total
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5475
Location: Removed by Neddy

PostPosted: Mon Jan 08, 2018 6:57 pm    Post subject: Reply with quote

Quote:
In all fairness to Microsoft, if Windows can’t start, the computer is technically safe from these vulnerabilities.

_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 753
Location: The Holy city of Honolulu

PostPosted: Mon Jan 08, 2018 6:59 pm    Post subject: Reply with quote

:lol:

At this point I'd offer the same solution which fixed my BSOD problem with Win98, fdisk and install Linux.
_________________
People Of Love

Kindness Evokes Kindness

Peace Emits Positive Energy
Back to top
View user's profile Send private message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1246
Location: Idaho, USA

PostPosted: Mon Jan 08, 2018 7:03 pm    Post subject: Reply with quote

I got the Meltdown fix and things are running pretty well for me.

That's on Debian, though. 8)
_________________
Gun: Glock 19 Gen 4
Sights: XS DXT Big Dot
Holster: StealthGear VentCore IWB
Ammunition: Federal Premium HST 124gr
Light: Inforce APLc
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Mon Jan 08, 2018 9:19 pm    Post subject: Re: Meltdown and Spectre Becoming a Nightmare for Microsoft Reply with quote

Bigun wrote:
the patch is breaking Windows on some AMD based chipsets.
With their strong-arm patching policy they ought to be required to pay at least 5x replacement value + penalties for lost productivity.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Thu Jan 11, 2018 11:18 pm    Post subject: Reply with quote

So, is it correct that AMD does not have this problem?
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1606
Location: U.S.A.

PostPosted: Thu Jan 11, 2018 11:19 pm    Post subject: Reply with quote

I can see multiple scenarios where this ends with Intel belonging to the Chinese.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Fri Jan 12, 2018 12:20 am    Post subject: Reply with quote

So far, AMD is much less affected.

I doubt it will hurt Intel /that/ much. I'd be shocked if any refugees switching to AMD would refuse to go back to Intel. If AMD were lucky, business would finally recognize the benefit of having more architecture.

Also hopefully, we see more/better/faster uptake for OpenPower. Some company is taking pre-orders for workstations -- maybe small servers too -- but they're still pricey (no idea how well the performance compares per $).
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
BonezTheGoon
Bodhisattva
Bodhisattva


Joined: 14 Jun 2002
Posts: 1375
Location: Albuquerque, NM -- birthplace of Microsoft and Gentoo

PostPosted: Fri Jan 12, 2018 12:26 am    Post subject: Re: Meltdown and Spectre Becoming a Nightmare for Microsoft Reply with quote

Bigun wrote:
How are you coping?


I don't do Windows support. But yesterday several Ubuntu desktops got a new kernel and couldn't boot. The kernel released today fixed those machines. Also today a RHEL6 Server had a kernel panic as well with the patch -- current work around is booting with the previous version kernel. Awaiting a new RHEL6 kernel to try.
_________________
mcgruff wrote:
I can't promise to be civil.


pjp wrote:
The greater evil is voting for the "lesser evil."
Back to top
View user's profile Send private message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1246
Location: Idaho, USA

PostPosted: Fri Jan 12, 2018 6:18 am    Post subject: Re: Meltdown and Spectre Becoming a Nightmare for Microsoft Reply with quote

BonezTheGoon wrote:
Bigun wrote:
How are you coping?


I don't do Windows support. But yesterday several Ubuntu desktops got a new kernel and couldn't boot. The kernel released today fixed those machines. Also today a RHEL6 Server had a kernel panic as well with the patch -- current work around is booting with the previous version kernel. Awaiting a new RHEL6 kernel to try.

Code:
sudo apt update && sudo apt upgr.....   <Backspace> <Backspace> <Backspace>....

_________________
Gun: Glock 19 Gen 4
Sights: XS DXT Big Dot
Holster: StealthGear VentCore IWB
Ammunition: Federal Premium HST 124gr
Light: Inforce APLc
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Fri Jan 12, 2018 7:20 am    Post subject: Reply with quote

Many of the linux users stuck at boot have nvidia GPU and use binary drivers ......
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2484

PostPosted: Fri Jan 12, 2018 8:41 am    Post subject: Reply with quote

Bones McCracker wrote:
So, is it correct that AMD does not have this problem?
Every CPU built in the last 20 years is affected. It has to do with the way the cpu works. Basically, it takes about 4 steps to run 1 instruction. That means 1/3 of the chip us sitting idle wasting processing power. So the computer does is anticipate that it will run the next instruction as well and so forth. This means the CPU runs about 4 instructions simultaneously. If one instruction is for a jump then the speculatively evaluated code is purged and everything is good. Or so the theory goes.

In practice the cache is accessible to debug code so all you need to do is trick the CPU into thinking your a debugger and you can read the data. It isn't arbitrary and it is slow. If you are cleaver you can trick the CPU into loading something worthwhile. Even if one particular CPU is not vulnerable to one particular attack (meltdown) the flaw (spectre) is universal. So far I know of no malware actually exploiting this. It isn't exactly an efficient use of time or easy to get something useful. If you want money it would be much less effort and much more profitable to simply write a locker or pretend to be a Nigerian prince...

(BTW, you block javascript when you browse the web, right?) :wink:
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Fri Jan 12, 2018 12:11 pm    Post subject: Reply with quote

The Doctor wrote:


In practice the cache is accessible to debug code so all you need to do is trick the CPU into thinking your a debugger and you can read the data. It isn't arbitrary and it is slow. If you are cleaver you can trick the CPU into loading something worthwhile.


The solution is also easy, using the PCID CPU extension is possible to mark a region of memory so that only the kernel will be able to access it, in practice the regions of memory used by the kernel will not be accessible to user space processes so even if a user space malware finds something in the cache it can not read it. This fixes Meltdown.

The fix for SPECTRE is a bit more complicated:
https://stackoverflow.com/questions/48089426/what-is-a-retpoline-and-how-does-it-work
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2150

PostPosted: Fri Jan 12, 2018 2:51 pm    Post subject: Re: Meltdown and Spectre Becoming a Nightmare for Microsoft Reply with quote

wswartzendruber wrote:
BonezTheGoon wrote:
Bigun wrote:
How are you coping?


I don't do Windows support. But yesterday several Ubuntu desktops got a new kernel and couldn't boot. The kernel released today fixed those machines. Also today a RHEL6 Server had a kernel panic as well with the patch -- current work around is booting with the previous version kernel. Awaiting a new RHEL6 kernel to try.

Code:
sudo apt update && sudo apt upgr.....   <Backspace> <Backspace> <Backspace>....


:lol:

Makes you want to go back to using pen and paper doesn't it?
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Back to top
View user's profile Send private message
BonezTheGoon
Bodhisattva
Bodhisattva


Joined: 14 Jun 2002
Posts: 1375
Location: Albuquerque, NM -- birthplace of Microsoft and Gentoo

PostPosted: Fri Jan 12, 2018 4:43 pm    Post subject: Reply with quote

erm67 wrote:
Many of the linux users stuck at boot have nvidia GPU and use binary drivers ......


Yeah but usually if you just switch to a different tty you can login and address that. It's QUITE different from a full on kernel panic.
_________________
mcgruff wrote:
I can't promise to be civil.


pjp wrote:
The greater evil is voting for the "lesser evil."
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Fri Jan 12, 2018 5:30 pm    Post subject: Reply with quote

The problem is that the drivers need to be recompiled to be able to work on a kernel that implements KPTI ......
NVIDIA released updated drivers that work with KPTI yesterday.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5475
Location: Removed by Neddy

PostPosted: Fri Jan 12, 2018 6:50 pm    Post subject: Reply with quote

erm67 wrote:
The problem is that the drivers need to be recompiled to be able to work on a kernel that implements KPTI ......
NVIDIA released updated drivers that work with KPTI yesterday.
Not completely true... Kernel-4.15.0-rc6 (the 1st one with kpti) did not cause any kernel panic with nvidia-drivers-387.34 (:a patch was needed to deal with gpl symbols)

nvidia-drivers-390.12 builds without gpl symbol patch and runs on a KPTI kernel quite happily.
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Sat Jan 13, 2018 7:37 pm    Post subject: Reply with quote

I had read it somewhere ... I don't like binary blobs :-) Probably Canonical blaming NVIDIA for their failures

https://blog.linuxmint.com/?p=3496
Quote:
NVIDIA 384.111

If you are using the NVIDIA proprietary drivers, upgrade them to version 384.111.

In Linux Mint 17.x and 18.x, this update is available in the Update Manager.

In LMDE, it is available on the NVIDIA Website.

https://forums.geforce.com/default/topic/1033210/nvidias-response-to-speculative-side-channels-cve-2017-5753-cve-2017-5715-and-cve-2017-5754/

https://usn.ubuntu.com/usn/usn-3521-1/


https://www.nvidia.com/en-us/product-security/
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5475
Location: Removed by Neddy

PostPosted: Sat Jan 13, 2018 7:41 pm    Post subject: Reply with quote

Yer well they are wrong. Been testing with kpti since it was out and with Nvidia drivers
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Tue Jan 16, 2018 12:51 am    Post subject: Reply with quote

Intel Warns Its Patches for Chip Flaws Are Buggy
paywall wrote:
One Intel partner familiar with the document said it is problematic the company is only notifying select customers they should hold off on the patches. The public has “been given the microcode update but has not been given the important technical information that Intel recommends that you don’t use this,” the partner said.

_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5722

PostPosted: Tue Jan 16, 2018 2:37 am    Post subject: Reply with quote

fuck paywalls :?
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17455

PostPosted: Tue Jan 16, 2018 4:39 am    Post subject: Reply with quote

Yeah, that's why I referenced it. I figured the gist was what mattered, and if people were interested, they could look for another source.
_________________
Slowly I turned. Step by step.
Back to top
View user's profile Send private message
erm67
Apprentice
Apprentice


Joined: 01 Nov 2005
Posts: 238
Location: Where the black men cannot enter

PostPosted: Thu Jan 18, 2018 7:37 am    Post subject: Reply with quote

Sounds like FUD (aka secret documents shared with secret customers):


http://www.zdnet.com/article/meltdown-spectre-firmware-glitch-intel-warns-of-risk-of-sudden-reboots/
Quote:
Intel has revealed that a glitch in its patch for the Meltdown and Spectre CPU attacks is causing problems on PCs and datacenter equipment.

Intel's firmware, which is delivered by hardware OEMs, is causing higher system reboots on systems with older Broadwell and Haswell CPUs.

Everybody knows that ... but sensationalized news can boost the sales.
_________________
True ignorance is not the absence of knowledge, but the refusal to acquire it.
A posse ad esse non valet consequentia
Πάντα ῥεῖ
Back to top
View user's profile Send private message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2150

PostPosted: Fri Jan 19, 2018 5:13 pm    Post subject: Reply with quote

Fuck me this is annoying, we use Symantec at work and it's hosed now.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Back to top
View user's profile Send private message
BonezTheGoon
Bodhisattva
Bodhisattva


Joined: 14 Jun 2002
Posts: 1375
Location: Albuquerque, NM -- birthplace of Microsoft and Gentoo

PostPosted: Fri Jan 19, 2018 8:10 pm    Post subject: Reply with quote

Bigun wrote:
Fuck me this is annoying, we use Symantec at work and it's hosed now.


Yeah I saw some emails at my work regarding SEP being horribly effected.

Sorry man! I'm so glad I do almost NOTHING with Windows anymore!!!
_________________
mcgruff wrote:
I can't promise to be civil.


pjp wrote:
The greater evil is voting for the "lesser evil."
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum