Intel CPU security flaw

Unofficial support for the KXStudio Linux distribution and applications.
More info at http://kxstudio.linuxaudio.org/

Moderators: MattKingUSA, khz

folderol
Established Member
Posts: 1047
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Contact:

Re: Intel CPU security flaw

Post by folderol »

Jack Winter wrote:Spectre is arguably the bigger problem...
Yes and No.
It's main attack vector is malicious javascript from compromised websites, and all the main browsers are rapidly pushing out patches to deal with it by both reducing the timer resolution available and also randomising it - the exploit relies on being able to accurately time cpu context switching actions.

Ultimately it needs to be sorted out in hardware, but this will take some time of course.

Jack Winter
Established Member
Posts: 381
Joined: Sun May 28, 2017 3:52 pm

Re: Intel CPU security flaw

Post by Jack Winter »

folderol wrote:
Jack Winter wrote:Spectre is arguably the bigger problem...
Yes and No.
It's main attack vector is malicious javascript from compromised websites, and all the main browsers are rapidly pushing out patches to deal with it by both reducing the timer resolution available and also randomising it - the exploit relies on being able to accurately time cpu context switching actions.

Ultimately it needs to be sorted out in hardware, but this will take some time of course.
Any other app running presents the same issue as a JS in a browser, it's just a question of how it gets on the computer. Granted us linux users are less prone to running binary blobs (disregarding the packaged binaries most of us install). IMO a huge problem for the other OSs, but still a potential issue for us as far as binary plugins, steam games, etc are concerned.
Reaper/KDE/Archlinux. i7-2600k/16GB + i7-4700HQ/16GB, RME Multiface/Babyface, Behringer X32, WA273-EQ, 2 x WA-412, ADL-600, Tegeler TRC, etc 8) For REAPER on Linux information: https://wiki.cockos.com/wiki/index.php/REAPER_for_Linux

Lyberta
Established Member
Posts: 681
Joined: Sat Nov 01, 2014 8:15 pm
Location: The Internet

Re: Intel CPU security flaw

Post by Lyberta »

Jack Winter wrote:but still a potential issue for us as far as binary plugins, steam games, etc are concerned.
Oh lol. Steam asset flips made for the purposes of money laundering will now be stealing passwords, nice.

tavasti
Established Member
Posts: 1102
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Post by tavasti »

Jack Winter wrote:Any other app running presents the same issue as a JS in a browser, it's just a question of how it gets on the computer. Granted us linux users are less prone to running binary blobs (disregarding the packaged binaries most of us install).
That malicious code can be also in source code. Hiding something to what ever experimental code, and you will compile it yourself. Here is example spectre code, it is not perfect and will not work on all CPUs but on most of them, works: https://gist.github.com/ErikAugust/724d ... 2a9e3d4bb6
Linux veteran & Novice musician

Latest track: https://www.youtube.com/watch?v=ycVrgGtrBmM
More my music https://audiu.net/users/tawaste

Jack Winter
Established Member
Posts: 381
Joined: Sun May 28, 2017 3:52 pm

Re: Intel CPU security flaw

Post by Jack Winter »

tavasti wrote:
Jack Winter wrote:Any other app running presents the same issue as a JS in a browser, it's just a question of how it gets on the computer. Granted us linux users are less prone to running binary blobs (disregarding the packaged binaries most of us install).
That malicious code can be also in source code. Hiding something to what ever experimental code, and you will compile it yourself. Here is example spectre code, it is not perfect and will not work on all CPUs but on most of them, works: https://gist.github.com/ErikAugust/724d ... 2a9e3d4bb6
I think you missed my point which was the following: At the moment software needs to be compiled specifically to protect against spectre, something we can do with opensource. Hopefully this will be taken care of in the kernel thus protecting against all programs attempting a spectre style exploit.
Reaper/KDE/Archlinux. i7-2600k/16GB + i7-4700HQ/16GB, RME Multiface/Babyface, Behringer X32, WA273-EQ, 2 x WA-412, ADL-600, Tegeler TRC, etc 8) For REAPER on Linux information: https://wiki.cockos.com/wiki/index.php/REAPER_for_Linux

User avatar
sadko4u
Established Member
Posts: 769
Joined: Mon Sep 28, 2015 9:03 pm

Re: Intel CPU security flaw

Post by sadko4u »

We've tested spectre code on low-level developer's forum.
No one got it fully working.
Personally I tried to reproduce it on 4 linux machines:
AMD FX(tm)-4100 Quad-Core Processor - doesn't work even with changes from comments below.
AMD FX(tm)-8350 Eight-Core Processor - doesn't work.
AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ - doesn't work.
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz - rare unstable matches of symbols, generally fail.

So people who tested the PoC, made a conclusion that even this works, this works sometimes under some special circumstances that are currently not well-known.
LSP (Linux Studio Plugins) Developer and Maintainer.

tavasti
Established Member
Posts: 1102
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Post by tavasti »

sadko4u wrote:We've tested spectre code on low-level developer's forum.
No one got it fully working.
Personally I tried to reproduce it on 4 linux machines:
AMD FX(tm)-4100 Quad-Core Processor - doesn't work even with changes from comments below.
AMD FX(tm)-8350 Eight-Core Processor - doesn't work.
AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ - doesn't work.
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz - rare unstable matches of symbols, generally fail.

So people who tested the PoC, made a conclusion that even this works, this works sometimes under some special circumstances that are currently not well-known.
Me and my friends tested that, and there was AMD FX processors and old Intels where that PoC code did not work. On all Intel cpu's made after Core2Duo worked. Assumption is that this PoC code is just quick scratch, which does not work on all processors, but it is just matter of more careful engineering to get it working on those also.
Linux veteran & Novice musician

Latest track: https://www.youtube.com/watch?v=ycVrgGtrBmM
More my music https://audiu.net/users/tawaste

User avatar
khz
Established Member
Posts: 1393
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Post by khz »

How to check Linux for Spectre and Meltdown vulnerability
https://www.cyberciti.biz/faq/check-lin ... erability/

Meltdown and Spectre: Security advisories and updates from hardware and software vendors
https://www.heise.de/newsticker/meldung ... 36141.html
FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
  • I don't care about the freedom of speech because I have nothing to say.

User avatar
sadko4u
Established Member
Posts: 769
Joined: Mon Sep 28, 2015 9:03 pm

Re: Intel CPU security flaw

Post by sadko4u »

khz wrote:How to check Linux for Spectre and Meltdown vulnerability
https://www.cyberciti.biz/faq/check-lin ... erability/
This checker does not execute PoC code, all checks are indirect. Are there better solutions?
LSP (Linux Studio Plugins) Developer and Maintainer.

tavasti
Established Member
Posts: 1102
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Post by tavasti »

42low wrote:You don't have to do anything if you update, incl kernel-updating.
With the updates FF is fixed for this. The kernel is fixed. And the microcode is fixed (to open source). All checked.
At the end my computer is fixed for this bug and i didn't have to do anything for it. And my computers didn't loose any speed.
1) Spectre is such vulnerability, that it won't get 100% fixed with microcode, firmware and all OS fixes together.

2) Those fixes do have speed penalty, but amount depends what you run.

3) Intel says even themselves that firmware fix is buggy https://www.computerworld.com/article/3 ... fixes.html
Linux veteran & Novice musician

Latest track: https://www.youtube.com/watch?v=ycVrgGtrBmM
More my music https://audiu.net/users/tawaste

Lyberta
Established Member
Posts: 681
Joined: Sat Nov 01, 2014 8:15 pm
Location: The Internet

Re: Intel CPU security flaw

Post by Lyberta »

KPTI has arrived to Debian Testing and is not enabled on AMD CPUs. Just FYI.

User avatar
khz
Established Member
Posts: 1393
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Post by khz »

Exclusive: Spectre-NG - Multiple new Intel CPU flaws revealed, several serious
https://www.heise.de/ct/artikel/Exclusi ... 40648.html
FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
  • I don't care about the freedom of speech because I have nothing to say.

User avatar
lilith
Established Member
Posts: 1374
Joined: Fri May 27, 2016 11:41 pm
Location: bLACK fOREST
Contact:

Re: Intel CPU security flaw

Post by lilith »

Image

:mrgreen:

User avatar
khz
Established Member
Posts: 1393
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Post by khz »

The show (since ~20 years) continues.
(German) https://www.heise.de/newsticker/meldung ... 21217.html
FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
  • I don't care about the freedom of speech because I have nothing to say.

User avatar
khz
Established Member
Posts: 1393
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Post by khz »

Here Intel has published details about the microcode updates: https://www.intel.com/content/dam/www/p ... 132019.pdf
FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
  • I don't care about the freedom of speech because I have nothing to say.

Post Reply