Intel CPU security flaw

Official support for the KXStudio Linux distribution and applications.
More info at http://kxstudio.linuxaudio.org/

Moderators: falkTX, MattKingUSA, khz

hyenaz
Established Member
Posts: 24
Joined: Mon May 16, 2016 8:05 pm

Intel CPU security flaw

Postby hyenaz » Wed Jan 03, 2018 6:56 pm

https://www.theregister.co.uk/2018/01/0 ... sign_flaw/

Has anyone else been following this? Can we expect a performance hit in music applications?

folderol
Established Member
Posts: 743
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Contact:

Re: Intel CPU security flaw

Postby folderol » Wed Jan 03, 2018 8:13 pm

From what I've read, we probably (mostly) dodged the bullet.
It seems the fix will mostly affect I/O not processor intensive tasks.
Building up a buffer full of sound will be fine, but there may be a bit of a bottleneck getting each buffer to the soundcard

hyenaz
Established Member
Posts: 24
Joined: Mon May 16, 2016 8:05 pm

Re: Intel CPU security flaw

Postby hyenaz » Wed Jan 03, 2018 10:09 pm

Good to hear. I don't want to lose 30% of CPU speed.

This was really funny:

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."

User avatar
thetotalchaos
Established Member
Posts: 129
Joined: Mon Sep 29, 2014 8:29 pm
Contact:

Re: Intel CPU security flaw

Postby thetotalchaos » Fri Jan 05, 2018 2:34 pm

hyenaz wrote: Has anyone else been following this? Can we expect a performance hit in music applications?


I hope not. In less than a year, both Intel and Mozilla, two of the finest examples of freedom respecting companies, betrayed us and let us down. And although i am quite happy, using Chromium and Epiphany, I am not ready to assemble a new AMD Based home system. My configuration is less then an year old, Intel based.....s*it.
Check out my latest music album The Butterfly Effect
https://soundcloud.com/biser-angelov/sets/the-butterfly-effect

hyenaz
Established Member
Posts: 24
Joined: Mon May 16, 2016 8:05 pm

Re: Intel CPU security flaw

Postby hyenaz » Fri Jan 05, 2018 4:05 pm

Reading Intel's PR statement, it basically translates to:

There is no problem, and the problem effects all chip manufacturers, and the problem will be minor for most users, and the problem will be mitigated in the long term.

So hopefully fixes in the longer term will mitigate any CPU hit.

windeguy
Established Member
Posts: 11
Joined: Mon Feb 18, 2013 12:14 am
Location: Dominican Republic

Re: Intel CPU security flaw

Postby windeguy » Fri Jan 05, 2018 5:50 pm


folderol
Established Member
Posts: 743
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Contact:

Re: Intel CPU security flaw

Postby folderol » Fri Jan 05, 2018 5:56 pm

Intel are doing their usual mixture of flat out lies plus bait and switch.

There are very real and serious problems and there are two separate issues.

The first, is immediately and easily exploitable. It is specific to all Intel processors since 2009, and also one (as yet unreleased) class of ARM processors. it doesn't affect AMD nor any other class of processors. This is the 'Meltdown' one that devs all round the world have been working flat out for months to work-around it. Note this is not a fix. A proper fix has to be done with new CPU hardware.

The other one (spectre) is much harder to exploit, and requires more uninterrupted attack time - unfortunately it is also much harder to fix. This one affects just about all modern processors. Browser makers are working to produce blocks in javascript to close that particular attack vector. Once more, this is not a fix, and again, eventually hardware solutions need to be found.

The final gotcha is that new hardware doesn't solve the problem for old systems that for one reason or another can't be replaced. For them, there will always need to be some form of software hack.

On the plus side, there have already been a lot of benchmark tests done on the new code, and we should get off pretty lightly.

The people who will be in the worst position are relatively small ISPs who's machines are doing mostly net and storage accessing.

m.lp.ql.m
Established Member
Posts: 32
Joined: Fri Nov 23, 2012 5:51 pm

Re: Intel CPU security flaw

Postby m.lp.ql.m » Fri Jan 05, 2018 7:12 pm

Related, but more selfish question: I was just about to start putting together a new system. Any guesses as to when the new, "fixed," hardware will be available?

User avatar
English Guy
Established Member
Posts: 423
Joined: Wed Oct 17, 2012 7:28 pm
Location: England

Re: Intel CPU security flaw

Postby English Guy » Fri Jan 05, 2018 8:14 pm

I want to keep an old kernel on hand and run it on an offline system when I work

User avatar
Lyberta
Established Member
Posts: 650
Joined: Sat Nov 01, 2014 8:15 pm
Location: The Internet
Contact:

Re: Intel CPU security flaw

Postby Lyberta » Sat Jan 06, 2018 9:20 am

English Guy wrote:I want to keep an old kernel on hand and run it on an offline system when I work


KPTI can be disabled with runtime switch. If you don't run untrusted code, you can easily turn it off.

User avatar
briandc
Established Member
Posts: 1321
Joined: Sun Apr 29, 2012 3:17 pm
Contact:

Re: Intel CPU security flaw

Postby briandc » Sat Jan 06, 2018 9:33 am

Kinda sounds to me like a big scare to get people buying new computers.


brian
Have your PC your way: use linux!
My sound synthesis biome: http://www.linuxsynths.com

tavasti
Established Member
Posts: 523
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Postby tavasti » Sat Jan 06, 2018 9:51 am

briandc wrote:Kinda sounds to me like a big scare to get people buying new computers.

Problem is real. Current state, any website can put javascript reading all your passwords from your browsers password manager or from your keepass if it is open. Same goes for office documents, reading memory with word doc macros is possible. However, implementing word doc which works also in libreoffice in linux might be bit harder :-)

So if there is update for your browser available, update now.
Linux veteran & Novice musician

Hear my music at https://audiu.net/users/tawaste

tavasti
Established Member
Posts: 523
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Postby tavasti » Sat Jan 06, 2018 11:16 am

m.lp.ql.m wrote:Related, but more selfish question: I was just about to start putting together a new system. Any guesses as to when the new, "fixed," hardware will be available?


https://twitter.com/securelyfitz/status ... 0652196864

That says maybe some minor fixes on summer. Something bit better 2019-2010. Full fix 2021.
That isn't word of god, but anyway guess from somebody who knows workflow and constrants on processor industry.
Linux veteran & Novice musician

Hear my music at https://audiu.net/users/tawaste

tavasti
Established Member
Posts: 523
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Postby tavasti » Sun Jan 07, 2018 6:18 am

42low wrote:
m.lp.ql.m wrote:Any guesses as to when the new, "fixed," hardware will be available?

I've read on a linux forum that the software fix is to be expected this weekend. Then the hardware bug isn't a problem anymore.

Fix for meltdown, which gives access to kernel memory to all processes will be fixed, and this will cause slowdown.

For spectre, which will allows reading memory from other process there won't be single fix, but many fixes here and there. Most likely it can't be fixed fully in software. Never ever. And this problem is also in amd processors.
Linux veteran & Novice musician

Hear my music at https://audiu.net/users/tawaste

Jack Winter
Established Member
Posts: 293
Joined: Sun May 28, 2017 3:52 pm

Re: Intel CPU security flaw

Postby Jack Winter » Sun Jan 07, 2018 1:43 pm

Spectre is arguably the bigger problem...
Reaper/KDE/Archlinux. i7-2600k/16GB + i7-4700HQ/16GB, RME Multiface/Babyface, Behringer X32, WA273-EQ, 2 x WA-412, ADL-600, Tegeler TRC, etc 8) For REAPER on Linux information: https://wiki.cockos.com/wiki/index.php/REAPER_for_Linux


Return to “KXStudio Discussion”

Who is online

Users browsing this forum: No registered users and 1 guest