Intel CPU security flaw

Official support for the KXStudio Linux distribution and applications.
More info at http://kxstudio.linuxaudio.org/

Moderators: ___, khz, MattKingUSA

folderol
Established Member
Posts: 909
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Contact:

Re: Intel CPU security flaw

Postby folderol » Sun Jan 07, 2018 2:02 pm

Jack Winter wrote:Spectre is arguably the bigger problem...

Yes and No.
It's main attack vector is malicious javascript from compromised websites, and all the main browsers are rapidly pushing out patches to deal with it by both reducing the timer resolution available and also randomising it - the exploit relies on being able to accurately time cpu context switching actions.

Ultimately it needs to be sorted out in hardware, but this will take some time of course.

Jack Winter
Established Member
Posts: 376
Joined: Sun May 28, 2017 3:52 pm

Re: Intel CPU security flaw

Postby Jack Winter » Sun Jan 07, 2018 3:18 pm

folderol wrote:
Jack Winter wrote:Spectre is arguably the bigger problem...

Yes and No.
It's main attack vector is malicious javascript from compromised websites, and all the main browsers are rapidly pushing out patches to deal with it by both reducing the timer resolution available and also randomising it - the exploit relies on being able to accurately time cpu context switching actions.

Ultimately it needs to be sorted out in hardware, but this will take some time of course.


Any other app running presents the same issue as a JS in a browser, it's just a question of how it gets on the computer. Granted us linux users are less prone to running binary blobs (disregarding the packaged binaries most of us install). IMO a huge problem for the other OSs, but still a potential issue for us as far as binary plugins, steam games, etc are concerned.
Reaper/KDE/Archlinux. i7-2600k/16GB + i7-4700HQ/16GB, RME Multiface/Babyface, Behringer X32, WA273-EQ, 2 x WA-412, ADL-600, Tegeler TRC, etc 8) For REAPER on Linux information: https://wiki.cockos.com/wiki/index.php/REAPER_for_Linux

Lyberta
Established Member
Posts: 681
Joined: Sat Nov 01, 2014 8:15 pm
Location: The Internet

Re: Intel CPU security flaw

Postby Lyberta » Sun Jan 07, 2018 11:56 pm

Jack Winter wrote:but still a potential issue for us as far as binary plugins, steam games, etc are concerned.


Oh lol. Steam asset flips made for the purposes of money laundering will now be stealing passwords, nice.

tavasti
Established Member
Posts: 784
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Postby tavasti » Mon Jan 08, 2018 7:29 am

Jack Winter wrote:Any other app running presents the same issue as a JS in a browser, it's just a question of how it gets on the computer. Granted us linux users are less prone to running binary blobs (disregarding the packaged binaries most of us install).

That malicious code can be also in source code. Hiding something to what ever experimental code, and you will compile it yourself. Here is example spectre code, it is not perfect and will not work on all CPUs but on most of them, works: https://gist.github.com/ErikAugust/724d ... 2a9e3d4bb6
Linux veteran & Novice musician

Hear my music at https://audiu.net/users/tawaste

Jack Winter
Established Member
Posts: 376
Joined: Sun May 28, 2017 3:52 pm

Re: Intel CPU security flaw

Postby Jack Winter » Tue Jan 09, 2018 9:52 am

tavasti wrote:
Jack Winter wrote:Any other app running presents the same issue as a JS in a browser, it's just a question of how it gets on the computer. Granted us linux users are less prone to running binary blobs (disregarding the packaged binaries most of us install).

That malicious code can be also in source code. Hiding something to what ever experimental code, and you will compile it yourself. Here is example spectre code, it is not perfect and will not work on all CPUs but on most of them, works: https://gist.github.com/ErikAugust/724d ... 2a9e3d4bb6


I think you missed my point which was the following: At the moment software needs to be compiled specifically to protect against spectre, something we can do with opensource. Hopefully this will be taken care of in the kernel thus protecting against all programs attempting a spectre style exploit.
Reaper/KDE/Archlinux. i7-2600k/16GB + i7-4700HQ/16GB, RME Multiface/Babyface, Behringer X32, WA273-EQ, 2 x WA-412, ADL-600, Tegeler TRC, etc 8) For REAPER on Linux information: https://wiki.cockos.com/wiki/index.php/REAPER_for_Linux

User avatar
sadko4u
Established Member
Posts: 688
Joined: Mon Sep 28, 2015 9:03 pm

Re: Intel CPU security flaw

Postby sadko4u » Tue Jan 09, 2018 10:06 am

We've tested spectre code on low-level developer's forum.
No one got it fully working.
Personally I tried to reproduce it on 4 linux machines:
AMD FX(tm)-4100 Quad-Core Processor - doesn't work even with changes from comments below.
AMD FX(tm)-8350 Eight-Core Processor - doesn't work.
AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ - doesn't work.
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz - rare unstable matches of symbols, generally fail.

So people who tested the PoC, made a conclusion that even this works, this works sometimes under some special circumstances that are currently not well-known.
LSP (Linux Studio Plugins) Developer and Maintainer.

tavasti
Established Member
Posts: 784
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Postby tavasti » Tue Jan 09, 2018 10:14 am

sadko4u wrote:We've tested spectre code on low-level developer's forum.
No one got it fully working.
Personally I tried to reproduce it on 4 linux machines:
AMD FX(tm)-4100 Quad-Core Processor - doesn't work even with changes from comments below.
AMD FX(tm)-8350 Eight-Core Processor - doesn't work.
AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ - doesn't work.
Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz - rare unstable matches of symbols, generally fail.

So people who tested the PoC, made a conclusion that even this works, this works sometimes under some special circumstances that are currently not well-known.

Me and my friends tested that, and there was AMD FX processors and old Intels where that PoC code did not work. On all Intel cpu's made after Core2Duo worked. Assumption is that this PoC code is just quick scratch, which does not work on all processors, but it is just matter of more careful engineering to get it working on those also.
Linux veteran & Novice musician

Hear my music at https://audiu.net/users/tawaste

User avatar
khz
Established Member
Posts: 1134
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Postby khz » Wed Jan 10, 2018 3:44 pm

FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
    I don't care about the freedom of speech because I have nothing to say.

User avatar
sadko4u
Established Member
Posts: 688
Joined: Mon Sep 28, 2015 9:03 pm

Re: Intel CPU security flaw

Postby sadko4u » Thu Jan 18, 2018 11:23 am

khz wrote:How to check Linux for Spectre and Meltdown vulnerability
https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/

This checker does not execute PoC code, all checks are indirect. Are there better solutions?
LSP (Linux Studio Plugins) Developer and Maintainer.

tavasti
Established Member
Posts: 784
Joined: Tue Feb 16, 2016 6:56 am
Location: Kangasala, Finland
Contact:

Re: Intel CPU security flaw

Postby tavasti » Tue Jan 23, 2018 7:39 am

42low wrote:You don't have to do anything if you update, incl kernel-updating.
With the updates FF is fixed for this. The kernel is fixed. And the microcode is fixed (to open source). All checked.
At the end my computer is fixed for this bug and i didn't have to do anything for it. And my computers didn't loose any speed.


1) Spectre is such vulnerability, that it won't get 100% fixed with microcode, firmware and all OS fixes together.

2) Those fixes do have speed penalty, but amount depends what you run.

3) Intel says even themselves that firmware fix is buggy https://www.computerworld.com/article/3 ... fixes.html
Linux veteran & Novice musician

Hear my music at https://audiu.net/users/tawaste

Lyberta
Established Member
Posts: 681
Joined: Sat Nov 01, 2014 8:15 pm
Location: The Internet

Re: Intel CPU security flaw

Postby Lyberta » Tue Jan 23, 2018 5:37 pm

KPTI has arrived to Debian Testing and is not enabled on AMD CPUs. Just FYI.

User avatar
khz
Established Member
Posts: 1134
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Postby khz » Thu May 03, 2018 3:56 pm

FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
    I don't care about the freedom of speech because I have nothing to say.

User avatar
lilith
Established Member
Posts: 990
Joined: Fri May 27, 2016 11:41 pm
Location: bLACK fOREST
Contact:

Re: Intel CPU security flaw

Postby lilith » Thu May 03, 2018 5:30 pm

Image

:mrgreen:
https://soundcloud.com/lilith_93

_____________________________
Debian 9 (XFCE) & KXStudio repos

User avatar
khz
Established Member
Posts: 1134
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Postby khz » Tue May 14, 2019 6:04 pm

FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
    I don't care about the freedom of speech because I have nothing to say.

User avatar
khz
Established Member
Posts: 1134
Joined: Thu Apr 17, 2008 6:29 am
Location: German

Re: Intel CPU security flaw

Postby khz » Thu May 16, 2019 4:53 am

FZ - Does humor belongs in Music?
GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
    I don't care about the freedom of speech because I have nothing to say.


Return to “KXStudio Discussion”

Who is online

Users browsing this forum: No registered users and 1 guest