Kitz Forum

Computers & Hardware => PC Hardware => Topic started by: broadstairs on August 17, 2018, 08:40:33 AM

Title: New vulnerability in Intel processors
Post by: broadstairs on August 17, 2018, 08:40:33 AM: A new issue has arisen with Intel processors, not present in AMD though. See https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/ (https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/) here for one description. This could be as bad as Meltdown etc.....

Stuart
Title: Re: New vulnerability in Intel processors
Post by: Peguero on August 17, 2018, 02:00:56 PM: Do you think we can expect another drop in performance after they fix this? That would suck.
Title: Re: New vulnerability in Intel processors
Post by: Weaver on August 17, 2018, 03:26:35 PM: Not much detail in the stuff I read but I suspect that they have been able to improve things without crucifying performance. Disabling hyper threading in one case will knock out what 5-15% performance in some cases but I do not like hyper threading much as I suspect there are even cases where unfortunate software can end up going slower with hyper threading on than off and it is better to turn it off.
Title: Re: New vulnerability in Intel processors
Post by: ejs on August 17, 2018, 03:40:54 PM: Linux 4.18.1, my cpu bug list is getting quite long:

Code: [Select]
$ cat /proc/cpuinfo model name : Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
Title: Re: New vulnerability in Intel processors
Post by: burakkucat on August 17, 2018, 03:45:30 PM: Here's a simple shell script that might be useful --

Code: [Select]
#!/bin/sh /bin/echo -e "Kernel -- \c" /bin/uname -r if [ -d /sys/devices/system/cpu/vulnerabilities ]; then if [ -r /sys/devices/system/cpu/vulnerabilities/l1tf ]; then /bin/echo -e "L1tf -- \c" /bin/cat /sys/devices/system/cpu/vulnerabilities/l1tf fi if [ -r /sys/devices/system/cpu/vulnerabilities/meltdown ]; then /bin/echo -e "Meltdown -- \c" /bin/cat /sys/devices/system/cpu/vulnerabilities/meltdown fi if [ -r /sys/devices/system/cpu/vulnerabilities/spec_store_bypass ]; then /bin/echo -e "Speculative Store Bypass -- \c" /bin/cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass fi if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v1 ]; then /bin/echo -e "Spectre v1 -- \c" /bin/cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 fi if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v2 ]; then /bin/echo -e "Spectre v2 -- \c" /bin/cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 fi else /bin/echo " -- No data available." fi exit 0
Title: Re: New vulnerability in Intel processors
Post by: Weaver on August 17, 2018, 03:46:02 PM: They do need to start and think what they are doing, need a department if black hats against the design teams doing the evil before the processors get released.
Title: Re: New vulnerability in Intel processors
Post by: roseway on August 17, 2018, 04:39:39 PM: Quote from: burakkucat on August 17, 2018, 03:45:30 PM
Here's a simple shell script that might be useful --

Nice one:

Code: [Select]
eric@great-tit:~$ ./vulnerability-check Kernel -- 4.9.0-7-amd64 Meltdown -- Mitigation: PTI Speculative Store Bypass -- Vulnerable Spectre v1 -- Mitigation: __user pointer sanitization Spectre v2 -- Mitigation: Full generic retpoline, IBPB, IBRS_FW eric@great-tit:~$
Title: Re: New vulnerability in Intel processors
Post by: burakkucat on June 12, 2020, 01:26:39 AM: Having recently become aware of the latest vulnerability, SRBDS, I thought it was time to update the shell-script.

Code: [Select]
#!/bin/bash echo -e "Kernel -- \c" uname -r if [ -d /sys/devices/system/cpu/vulnerabilities ]; then if [ -r /sys/devices/system/cpu/vulnerabilities/itlb_multihit ]; then echo -e "Itlb Multihit -- \c" cat /sys/devices/system/cpu/vulnerabilities/itlb_multihit fi if [ -r /sys/devices/system/cpu/vulnerabilities/l1tf ]; then echo -e "L1TF -- \c" cat /sys/devices/system/cpu/vulnerabilities/l1tf fi if [ -r /sys/devices/system/cpu/vulnerabilities/mds ]; then echo -e "MDS -- \c" cat /sys/devices/system/cpu/vulnerabilities/mds fi if [ -r /sys/devices/system/cpu/vulnerabilities/meltdown ]; then echo -e "Meltdown -- \c" cat /sys/devices/system/cpu/vulnerabilities/meltdown fi if [ -r /sys/devices/system/cpu/vulnerabilities/spec_store_bypass ]; then echo -e "Speculative Store Bypass -- \c" cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass fi if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v1 ]; then echo -e "Spectre v1 -- \c" cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 fi if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v2 ]; then echo -e "Spectre v2 -- \c" cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 fi if [ -r /sys/devices/system/cpu/vulnerabilities/srbds ]; then echo -e "Srbds -- \c" cat /sys/devices/system/cpu/vulnerabilities/srbds fi if [ -r /sys/devices/system/cpu/vulnerabilities/tsx_async_abort ]; then echo -e "TSX Async Abort -- \c" cat /sys/devices/system/cpu/vulnerabilities/tsx_async_abort fi else echo " -- No data available." fi exit 0
Title: Re: New vulnerability in Intel processors
Post by: Alex Atkin UK on June 12, 2020, 07:40:09 PM: Quote from: Weaver on August 17, 2018, 03:26:35 PM
Not much detail in the stuff I read but I suspect that they have been able to improve things without crucifying performance. Disabling hyper threading in one case will knock out what 5-15% performance in some cases but I do not like hyper threading much as I suspect there are even cases where unfortunate software can end up going slower with hyper threading on than off and it is better to turn it off.

That's a very random theory you have there, can't say I've seen a shred of evidence to back that up on current software.

I mean sure, maybe a decade or so ago that was true, but today hyperthreading make a big difference.