Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: New vulnerability in Intel processors  (Read 6315 times)

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
New vulnerability in Intel processors
« on: August 17, 2018, 08:40:33 AM »

A new issue has arisen with Intel processors, not present in AMD though. See https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/ here for one description. This could be as bad as Meltdown etc.....

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

Peguero

  • Just arrived
  • *
  • Posts: 1
Re: New vulnerability in Intel processors
« Reply #1 on: August 17, 2018, 02:00:56 PM »

Do you think we can expect another drop in performance after they fix this? That would suck.
Logged
I've had great experience with Noocube over the years.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: New vulnerability in Intel processors
« Reply #2 on: August 17, 2018, 03:26:35 PM »

Not much detail in the stuff I read but I suspect that they have been able to improve things without crucifying performance. Disabling hyper threading in one case will knock out what 5-15% performance in some cases but I do not like hyper threading much as I suspect there are even cases where unfortunate software can end up going slower with hyper threading on than off and it is better to turn it off.
Logged

ejs

  • Kitizen
  • ****
  • Posts: 2078
Re: New vulnerability in Intel processors
« Reply #3 on: August 17, 2018, 03:40:54 PM »

Linux 4.18.1, my cpu bug list is getting quite long:

Code: [Select]
$ cat /proc/cpuinfo
model name : Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: New vulnerability in Intel processors
« Reply #4 on: August 17, 2018, 03:45:30 PM »

Here's a simple shell script that might be useful --

Code: [Select]
#!/bin/sh

/bin/echo -e "Kernel                   -- \c"
/bin/uname -r

if [ -d /sys/devices/system/cpu/vulnerabilities ]; then
if [ -r /sys/devices/system/cpu/vulnerabilities/l1tf ]; then
/bin/echo -e "L1tf                     -- \c"
/bin/cat /sys/devices/system/cpu/vulnerabilities/l1tf
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/meltdown ]; then
/bin/echo -e "Meltdown                 -- \c"
/bin/cat /sys/devices/system/cpu/vulnerabilities/meltdown
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/spec_store_bypass ]; then
/bin/echo -e "Speculative Store Bypass -- \c"
/bin/cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v1 ]; then
/bin/echo -e "Spectre v1               -- \c"
/bin/cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v2 ]; then
/bin/echo -e "Spectre v2               -- \c"
/bin/cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
fi
else
/bin/echo "                         -- No data available."
fi

exit 0
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: New vulnerability in Intel processors
« Reply #5 on: August 17, 2018, 03:46:02 PM »

They do need to start and think what they are doing, need a department if black hats against the design teams doing the evil before the processors get released.
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: New vulnerability in Intel processors
« Reply #6 on: August 17, 2018, 04:39:39 PM »

Here's a simple shell script that might be useful --

Nice one:

Code: [Select]
eric@great-tit:~$ ./vulnerability-check
Kernel                   -- 4.9.0-7-amd64
Meltdown                 -- Mitigation: PTI
Speculative Store Bypass -- Vulnerable
Spectre v1               -- Mitigation: __user pointer sanitization
Spectre v2               -- Mitigation: Full generic retpoline, IBPB, IBRS_FW
eric@great-tit:~$
Logged
  Eric

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: New vulnerability in Intel processors
« Reply #7 on: June 12, 2020, 01:26:39 AM »

Having recently become aware of the latest vulnerability, SRBDS, I thought it was time to update the shell-script.

Code: [Select]
#!/bin/bash

echo -e "Kernel                   -- \c"
uname -r

if [ -d /sys/devices/system/cpu/vulnerabilities ]; then
if [ -r /sys/devices/system/cpu/vulnerabilities/itlb_multihit ]; then
echo -e "Itlb Multihit            -- \c"
cat /sys/devices/system/cpu/vulnerabilities/itlb_multihit
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/l1tf ]; then
echo -e "L1TF                     -- \c"
cat /sys/devices/system/cpu/vulnerabilities/l1tf
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/mds ]; then
echo -e "MDS                      -- \c"
cat /sys/devices/system/cpu/vulnerabilities/mds
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/meltdown ]; then
echo -e "Meltdown                 -- \c"
cat /sys/devices/system/cpu/vulnerabilities/meltdown
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/spec_store_bypass ]; then
echo -e "Speculative Store Bypass -- \c"
cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v1 ]; then
echo -e "Spectre v1               -- \c"
cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/spectre_v2 ]; then
echo -e "Spectre v2               -- \c"
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/srbds ]; then
echo -e "Srbds                    -- \c"
cat /sys/devices/system/cpu/vulnerabilities/srbds
fi

if [ -r /sys/devices/system/cpu/vulnerabilities/tsx_async_abort ]; then
echo -e "TSX Async Abort          -- \c"
cat /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
fi
else
echo "                         -- No data available."
fi

exit 0
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5261
    • Thinkbroadband Quality Monitors
Re: New vulnerability in Intel processors
« Reply #8 on: June 12, 2020, 07:40:09 PM »

Not much detail in the stuff I read but I suspect that they have been able to improve things without crucifying performance. Disabling hyper threading in one case will knock out what 5-15% performance in some cases but I do not like hyper threading much as I suspect there are even cases where unfortunate software can end up going slower with hyper threading on than off and it is better to turn it off.

That's a very random theory you have there, can't say I've seen a shred of evidence to back that up on current software.

I mean sure, maybe a decade or so ago that was true, but today hyperthreading make a big difference.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors