Meltdown/Spectre: Unauthorized Disclosure of Kernel Memory

Message

Hossie · Post by **Hossie** » Thu Mar 29, 2018 8:35 am

1: Skylake and later are not fully fixed with retpoline alone:

https://lwn.net/Articles/743019/

Speculation on Skylake and later requires these patches ("dynamic IBRS")
be used instead of retpoline[1].

2: IBRS is needed for KVM and guests that do not use retpoline, for example RHEL/CentOS. They depend on IBRS being available and passed through to the guest.

PrSo · Post by **PrSo** » Wed Apr 11, 2018 7:18 am

AMD released microcode updates with mitigation against Spectre v2 which covers all CPU's since 2011 (Bulldozer family), but I wonder if it will be included in linux firmware package tough.
https://www.amd.com/en/corporate/security-updates

Tony0945 · Post by **Tony0945** » Wed Apr 11, 2018 8:05 am

PrSo wrote:AMD released microcode updates with mitigation against Spectre v2 which covers all CPU's since 2011 (Bulldozer family), but I wonder if it will be included in linux firmware package tough.
https://www.amd.com/en/corporate/security-updates

Thanks for the heads up. How can we avoid these microcode updates?

Ant P. · Post by **Ant P.** » Wed Apr 11, 2018 10:53 am

If you don't want them, USE=savedconfig on linux-firmware can take care of that.

v_andal · Post by **v_andal** » Sun Apr 29, 2018 9:17 am

Today I've tried to install gentoo-sources-4.4.95. It just refuses to boot on my PC. It freezes early in the boot process and I have to pull the plug, otherwise PC reacts to nothing. Now I guess I understand why newest Windows 10 does not work on my PC, most likely it has the same fixes and brings it to the same absolute freeze

I've also tried to build kernel without new option, but it didn't help. So far I had to mask this version.

Tony0945 · Post by **Tony0945** » Sun Apr 29, 2018 1:49 pm

v_andal wrote:Today I've tried to install gentoo-sources-4.4.95. It just refuses to boot on my PC. It freezes early in the boot process and I have to pull the plug, otherwise PC reacts to nothing. Now I guess I understand why newest Windows 10 does not work on my PC, most likely it has the same fixes and brings it to the same absolute freeze

I've also tried to build kernel without new option, but it didn't help. So far I had to mask this version.

I can boot 4.4.129 on my Bristol Ridge which is a bulldozer derivative. I have not knowingly installed any microcode updates, although I have MSI's latest AM4 BIOS which may have installed some. It does seem slower than when I first got it. Is it the kernel? Profile 17.0? Microcode? Or am I just getting used to the speed and wanting more? NO RETPOLINE or any other mitigation that I know of. The earlier kernels were dropped out of portage and I have heard (hear-say) that some kernel developers are bypassing instructions that would speed up but are Spectre vulnerable regardless of CONFIG settings. Another possibility is that Intel Meltdown vulnerabilities are patched even for AMD processors. After all, everyone uses Intel, don't they?

Try building 4.4.95 for a generic CPU. If that boots then possibly microcode has crippled your CPU.

Post by **NeddySeagoon** » Sun Apr 29, 2018 3:06 pm

Tony0945,

If the Intel microcode update is being done by the kernel, it does not matter what CPU the kernel is built for.
The microcode updater identifies the CPU its running on and if there is an update it can apply, it does it.

Conversely, its enough to disable kernel microcode updating to test the theory.

steveL · Post by **steveL** » Sun Apr 29, 2018 4:42 pm

Ant P. wrote:Everyone should have NoScript/uMatrix plus an adblocker at a bare minimum

I totally agree, and have for years; but it bugs me, that there aren't at least 2 or 3 FLOSS browsers which do not give away any info, as a default.

Tony0945 · Post by **Tony0945** » Sun Apr 29, 2018 5:52 pm

NeddySeagoon wrote:Tony0945,

If the Intel microcode update is being done by the kernel, it does not matter what CPU the kernel is built for.
The microcode updater identifies the CPU its running on and if there is an update it can apply, it does it.

Conversely, its enough to disable kernel microcode updating to test the theory.

The main reason that I suggested building for generic was in case the kernel was using an opcode that the CPU hung on.

The rest of the post was just describing my setup that works with the later kernel. I may have had trouble with .75 also. I'm not sure. I know that at some fairly recent time I also blocked a kernel because it wouldn't build.

roki942 · Post by **roki942** » Sat May 05, 2018 5:29 am

Intel Spectre-NG announced.
https://www.guru3d.com/news-story/eight ... tical.html

https://www.heise.de/ct/artikel/Exclusi ... 40648.html

edited to add 2nd link

ChrisJumper · Post by **ChrisJumper** » Thu Jun 28, 2018 7:07 pm

And one more POC Code for Browsers and Spectre 1. alephsecurity - Overcoming (some) Spectre browser mitigations released a Paper and a javascript proof of concept Code for your Browser.

Right now just the mitigation in the firefox Browser work fine. It runs minutes here without a pair value.

On the stable chromium the poc work and deliver a functional working poc.

Code: Select all

original value: 1100110011001100110011001100110
restored value: 1100110011001100110011001100110

Download poc as zip file. And open Spectre.html with your browser and its web developer Console to show the output of the javascript.
Shortcuts to open the console:
Firefox: ctrl + shift + j
Chromium: ctrl + shift + i

Post by **pjp** » Fri Jul 27, 2018 8:07 pm

Continued in [topic=1084486]Meltdown/Spectre: Read Arbitrary Memory over Network[/topic].