Intel CPU security flaw

Unofficial support for the KXStudio Linux distribution and applications.
More info at http://kxstudio.linuxaudio.org/

Moderators: MattKingUSA, khz

hyenaz
Established Member
Posts: 28
Joined: Mon May 16, 2016 8:05 pm

Intel CPU security flaw

Post by hyenaz »

https://www.theregister.co.uk/2018/01/0 ... sign_flaw/

Has anyone else been following this? Can we expect a performance hit in music applications?
folderol
Established Member
Posts: 2066
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Has thanked: 223 times
Been thanked: 398 times
Contact:

Re: Intel CPU security flaw

Post by folderol »

From what I've read, we probably (mostly) dodged the bullet.
It seems the fix will mostly affect I/O not processor intensive tasks.
Building up a buffer full of sound will be fine, but there may be a bit of a bottleneck getting each buffer to the soundcard
The Yoshimi guy {apparently now an 'elderly'}
hyenaz
Established Member
Posts: 28
Joined: Mon May 16, 2016 8:05 pm

Re: Intel CPU security flaw

Post by hyenaz »

Good to hear. I don't want to lose 30% of CPU speed.

This was really funny:

"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers."
User avatar
thetotalchaos
Established Member
Posts: 211
Joined: Mon Sep 29, 2014 8:29 pm
Has thanked: 51 times
Been thanked: 9 times
Contact:

Re: Intel CPU security flaw

Post by thetotalchaos »

hyenaz wrote: Has anyone else been following this? Can we expect a performance hit in music applications?
I hope not. In less than a year, both Intel and Mozilla, two of the finest examples of freedom respecting companies, betrayed us and let us down. And although i am quite happy, using Chromium and Epiphany, I am not ready to assemble a new AMD Based home system. My configuration is less then an year old, Intel based.....s*it.
You can listen to my music at: https://totalchaos-music.bandcamp.com/

Take a journey to wonderland with The Butterfly Effect 2016
https://totalchaos-music.bandcamp.com/a ... fly-effect
hyenaz
Established Member
Posts: 28
Joined: Mon May 16, 2016 8:05 pm

Re: Intel CPU security flaw

Post by hyenaz »

Reading Intel's PR statement, it basically translates to:

There is no problem, and the problem effects all chip manufacturers, and the problem will be minor for most users, and the problem will be mitigated in the long term.

So hopefully fixes in the longer term will mitigate any CPU hit.
windeguy
Established Member
Posts: 14
Joined: Mon Feb 18, 2013 12:14 am
Location: Dominican Republic

Re: Intel CPU security flaw

Post by windeguy »

folderol
Established Member
Posts: 2066
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Has thanked: 223 times
Been thanked: 398 times
Contact:

Re: Intel CPU security flaw

Post by folderol »

Intel are doing their usual mixture of flat out lies plus bait and switch.

There are very real and serious problems and there are two separate issues.

The first, is immediately and easily exploitable. It is specific to all Intel processors since 2009, and also one (as yet unreleased) class of ARM processors. it doesn't affect AMD nor any other class of processors. This is the 'Meltdown' one that devs all round the world have been working flat out for months to work-around it. Note this is not a fix. A proper fix has to be done with new CPU hardware.

The other one (spectre) is much harder to exploit, and requires more uninterrupted attack time - unfortunately it is also much harder to fix. This one affects just about all modern processors. Browser makers are working to produce blocks in javascript to close that particular attack vector. Once more, this is not a fix, and again, eventually hardware solutions need to be found.

The final gotcha is that new hardware doesn't solve the problem for old systems that for one reason or another can't be replaced. For them, there will always need to be some form of software hack.

On the plus side, there have already been a lot of benchmark tests done on the new code, and we should get off pretty lightly.

The people who will be in the worst position are relatively small ISPs who's machines are doing mostly net and storage accessing.
The Yoshimi guy {apparently now an 'elderly'}
m.lp.ql.m
Established Member
Posts: 33
Joined: Fri Nov 23, 2012 5:51 pm

Re: Intel CPU security flaw

Post by m.lp.ql.m »

Related, but more selfish question: I was just about to start putting together a new system. Any guesses as to when the new, "fixed," hardware will be available?
User avatar
English Guy
Established Member
Posts: 525
Joined: Wed Oct 17, 2012 7:28 pm
Location: England
Has thanked: 8 times
Been thanked: 7 times

Re: Intel CPU security flaw

Post by English Guy »

I want to keep an old kernel on hand and run it on an offline system when I work
Lyberta
Established Member
Posts: 681
Joined: Sat Nov 01, 2014 8:15 pm
Location: The Internet
Been thanked: 1 time

Re: Intel CPU security flaw

Post by Lyberta »

English Guy wrote:I want to keep an old kernel on hand and run it on an offline system when I work
KPTI can be disabled with runtime switch. If you don't run untrusted code, you can easily turn it off.
User avatar
briandc
Established Member
Posts: 1442
Joined: Sun Apr 29, 2012 3:17 pm
Location: Italy
Has thanked: 58 times
Been thanked: 28 times
Contact:

Re: Intel CPU security flaw

Post by briandc »

Kinda sounds to me like a big scare to get people buying new computers.


brian
Have your PC your way: use linux!
My sound synthesis biome: http://www.linuxsynths.com
tavasti
Established Member
Posts: 2041
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Has thanked: 369 times
Been thanked: 207 times
Contact:

Re: Intel CPU security flaw

Post by tavasti »

briandc wrote:Kinda sounds to me like a big scare to get people buying new computers.
Problem is real. Current state, any website can put javascript reading all your passwords from your browsers password manager or from your keepass if it is open. Same goes for office documents, reading memory with word doc macros is possible. However, implementing word doc which works also in libreoffice in linux might be bit harder :-)

So if there is update for your browser available, update now.

Linux veteran & Novice musician

Latest track: https://www.youtube.com/watch?v=ycVrgGtrBmM

tavasti
Established Member
Posts: 2041
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Has thanked: 369 times
Been thanked: 207 times
Contact:

Re: Intel CPU security flaw

Post by tavasti »

m.lp.ql.m wrote:Related, but more selfish question: I was just about to start putting together a new system. Any guesses as to when the new, "fixed," hardware will be available?
https://twitter.com/securelyfitz/status ... 0652196864

That says maybe some minor fixes on summer. Something bit better 2019-2010. Full fix 2021.
That isn't word of god, but anyway guess from somebody who knows workflow and constrants on processor industry.

Linux veteran & Novice musician

Latest track: https://www.youtube.com/watch?v=ycVrgGtrBmM

tavasti
Established Member
Posts: 2041
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Has thanked: 369 times
Been thanked: 207 times
Contact:

Re: Intel CPU security flaw

Post by tavasti »

42low wrote:
m.lp.ql.m wrote:Any guesses as to when the new, "fixed," hardware will be available?
I've read on a linux forum that the software fix is to be expected this weekend. Then the hardware bug isn't a problem anymore.
Fix for meltdown, which gives access to kernel memory to all processes will be fixed, and this will cause slowdown.

For spectre, which will allows reading memory from other process there won't be single fix, but many fixes here and there. Most likely it can't be fixed fully in software. Never ever. And this problem is also in amd processors.

Linux veteran & Novice musician

Latest track: https://www.youtube.com/watch?v=ycVrgGtrBmM

Jack Winter
Established Member
Posts: 381
Joined: Sun May 28, 2017 3:52 pm

Re: Intel CPU security flaw

Post by Jack Winter »

Spectre is arguably the bigger problem...
Reaper/KDE/Archlinux. i7-2600k/16GB + i7-4700HQ/16GB, RME Multiface/Babyface, Behringer X32, WA273-EQ, 2 x WA-412, ADL-600, Tegeler TRC, etc 8) For REAPER on Linux information: https://wiki.cockos.com/wiki/index.php/REAPER_for_Linux
Post Reply