Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Meltdown/Spectre: Unauthorized Disclosure of Kernel Memory
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 16, 17, 18 ... 21, 22, 23  Next  
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42841
Location: 56N 3W

PostPosted: Fri Jan 19, 2018 8:07 pm    Post subject: Reply with quote

eccerr0r,

So I can steal your data when the machine is air gapped and phone home with it when it has a network connection?
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7070
Location: almost Mile High in the USA

PostPosted: Sat Jan 20, 2018 1:00 am    Post subject: Reply with quote

Well, no, the assumption is that prior to emerge -e @world it hasn't been compromised, so running emerge -e @world with the unsafe kernel is still secure (emerge requires root permissions anyway), and after that, the system should remain secure. Not sure where it's unsafe unless you get in before the world emerge; in that case one is already screwed and has nothing to do with temporarily running an insecure kernel to build world as fast as possible.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
PrSo
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jun 2017
Posts: 128

PostPosted: Sat Jan 20, 2018 8:32 am    Post subject: Reply with quote

Hossie wrote:
Does anyone know about upstream fixes for Spectre V1? And what will be required for that? A GCC Update and a kernel recompile?


I think the same way as Ska, that for Spectre v1 recompilig kernel would be enough.

Dan Williams wrote:
Note that the BPF fix for Spectre variant1 is merged for 4.15-rc8.


source: https://lwn.net/Articles/744752/

But "prevent bounds-check bypass via speculative execution" has not been mainlined yet thoug.
Back to top
View user's profile Send private message
Spargeltarzan
Apprentice
Apprentice


Joined: 23 Jul 2017
Posts: 289

PostPosted: Sat Jan 20, 2018 3:45 pm    Post subject: Reply with quote

Does somebody know how it is possible that RHEL/CentOS updated/mitigated Spectre v1?
I thought even that reptoline topic is only coming with the new gcc for Spectre v2 and v1 is not resolved/mitigated yet?...
_________________
___________________
Regards

Spargeltarzan

Notebook: Lenovo YOGA 900-13ISK: Gentoo stable amd64, GNOME systemd, KVM/QEMU
Desktop-PC: Intel Core i7-4770K, 8GB Ram, AMD Radeon R9 280X, ZFS Storage, GNOME openrc, Dantrell, Xen
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42841
Location: 56N 3W

PostPosted: Sat Jan 20, 2018 4:10 pm    Post subject: Reply with quote

Spargeltarzan,

Maybe they haven't?
Perhaps it was only partial mitigation before the problem was fully understood.

A false sense of security is worse than no security at all. :)
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17807

PostPosted: Sat Jan 20, 2018 4:19 pm    Post subject: Reply with quote

RHEL lists the overall state as "ongoing," so I don't think it is considered resolved.

https://access.redhat.com/security/vulnerabilities/speculativeexecution
Back to top
View user's profile Send private message
The_Great_Sephiroth
Veteran
Veteran


Joined: 03 Oct 2014
Posts: 1345
Location: Fayetteville, NC, USA

PostPosted: Sat Jan 20, 2018 6:13 pm    Post subject: Reply with quote

Lots of good info here, but I have a question. I have read lots of information on this bug lately and everything I read claims that ARM, Intel, and AMD are affected by this bug, but from what I read here, while a tad dated, AMD is not affected. Why are the big IT sources claiming they are? Is it just fewer CPUs?

I have an old Gateway G6-233 with a P2/233MHz slot1 chip in it. Runs 98SE for old games. Wonder if it will be patched... ;P
_________________
Ever picture systemd as what runs "The Borg"?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42841
Location: 56N 3W

PostPosted: Sat Jan 20, 2018 6:27 pm    Post subject: Reply with quote

The_Great_Sephiroth,

Heres what AMD say.

Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.
Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.
... While we believe that AMD’s processor architectures make it difficult to exploit Variant 2 ...
Variant 3 (Rogue Data Cache Load or Meltdown) is not applicable to AMD processors.

So that's a definite maybe from AMD
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2943
Location: Illinois, USA

PostPosted: Sat Jan 20, 2018 7:06 pm    Post subject: Reply with quote

IIRC, Amd is immune to Meltdown but not Spectre. I really don't know about ARM. Having received a Raspberry Pi for Christmas, I'd really like to know.
Back to top
View user's profile Send private message
Spargeltarzan
Apprentice
Apprentice


Joined: 23 Jul 2017
Posts: 289

PostPosted: Sat Jan 20, 2018 9:06 pm    Post subject: Reply with quote

NeddySeagoon,

This page made me believe RHEL has something

But I see this test result might be wrong positive...
_________________
___________________
Regards

Spargeltarzan

Notebook: Lenovo YOGA 900-13ISK: Gentoo stable amd64, GNOME systemd, KVM/QEMU
Desktop-PC: Intel Core i7-4770K, 8GB Ram, AMD Radeon R9 280X, ZFS Storage, GNOME openrc, Dantrell, Xen
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5596
Location: Removed by Neddy

PostPosted: Sat Jan 20, 2018 9:09 pm    Post subject: Reply with quote

Tony0945 wrote:
IIRC, Amd is immune to Meltdown but not Spectre. I really don't know about ARM. Having received a Raspberry Pi for Christmas, I'd really like to know.
Spectre no, meltdown no.

Meltdown was Intel screwing up. Spectre makes use of a computer science concept that didn't consider rogue training... ANYTHING that uses speculative branching is at risk
Intel, AMD, GPU's from Nvidia, IBM power series, some ARM cores.

The RPi however isn't because the arm-core it is using doesn't make use of speculative branching https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
nivedita
n00b
n00b


Joined: 21 Jan 2018
Posts: 1

PostPosted: Sun Jan 21, 2018 1:30 am    Post subject: Reply with quote

Naib wrote:
krinn wrote:
The info i'm sure about intel release of microcode so far:
- intel said they will release update fix fast (and they did for some) for most cpu made < 5 years
- since the documentation was written, intel has release more microcode (which may include your cpu, you should check latest microcode update)
- intel has also confirm a bug with "haswell" (i don't remember other cpu, but i own an haswell, might be why i remember this one) microcode (the 0x23 early release with fix for the spectre#2) is buggy and face reboot using it.
- intel didn't say anything about cpu past +5 years (which also mean, they didn't say they won't, but they suggest priority on <5years, which "should" imply also fix for +5 years)

you missed: Intel kept it from the public that the updated ucode should not be used (but informed their strategic partners)


They had a blog post about it on the same day as that wsj article, and the buggy microcode is not available from intel in the first place -- not sure if it ever was, gentoo was hosting it separately. It was just a clickbait article from the wsj.
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5823

PostPosted: Sun Jan 21, 2018 3:30 am    Post subject: Reply with quote

nivedita wrote:
They had a blog post about it on the same day as that wsj article, and the buggy microcode is not available from intel in the first place -- not sure if it ever was, gentoo was hosting it separately. It was just a clickbait article from the wsj.


gentoo gets the microcode updates direct from intel.

Code:
SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2943
Location: Illinois, USA

PostPosted: Sun Jan 21, 2018 3:47 am    Post subject: Reply with quote

Naib wrote:
The RPi however isn't because the arm-core it is using doesn't make use of speculative branching https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
Thanks!
Back to top
View user's profile Send private message
mahdi1234
Guru
Guru


Joined: 19 Feb 2005
Posts: 537
Location: far from new world orderia

PostPosted: Sun Jan 21, 2018 7:09 pm    Post subject: Reply with quote

From Greg's blog http://kroah.com/log/blog/2018/01/19/meltdown-status-2/ ...

###############

Is my machine vulnerable?

For this question, it’s now a very simple answer, you can check it yourself.

Just run the following command at a terminal window to determine what the state of your machine is:
Code:
$ grep . /sys/devices/system/cpu/vulnerabilities/*

On my laptop, right now, this shows:
Code:
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic SM retpoline

This shows that my kernel is properly mitigating the Meltdown problem by implementing PTI (Page Table Isolation), and that my system is still vulnerable to the Spectre variant 1, but is trying really hard to resolve the variant 2, but is not quite there (because I did not build my kernel with a compiler to properly support the retpoline feature).

If your kernel does not have that sysfs directory or files, then obviously there is a problem and you need to upgrade your kernel!

###############

just fyi this directory comes with gentoo-sources 4.14.14 ...
_________________
http://gentoo.mahdi.cz <-- gentoo package search engine
Back to top
View user's profile Send private message
Hossie
Tux's lil' helper
Tux's lil' helper


Joined: 08 Dec 2005
Posts: 115

PostPosted: Mon Jan 22, 2018 5:12 pm    Post subject: Reply with quote

Spargeltarzan wrote:
Does somebody know how it is possible that RHEL/CentOS updated/mitigated Spectre v1?
I thought even that reptoline topic is only coming with the new gcc for Spectre v2 and v1 is not resolved/mitigated yet?...


Code:
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  YES
> STATUS:  NOT VULNERABLE  (106 opcodes found, which is >= 70, heuristic to be improved when official patches become available)

uname -r
3.10.0-693.11.6.el7.x86_64


Somehow they still fixed it :P
Back to top
View user's profile Send private message
Hossie
Tux's lil' helper
Tux's lil' helper


Joined: 08 Dec 2005
Posts: 115

PostPosted: Mon Jan 22, 2018 5:14 pm    Post subject: Reply with quote

Btw any news about new QEMU releases to SPEC_CTRL CPUID into VMs?
Back to top
View user's profile Send private message
roki942
Apprentice
Apprentice


Joined: 18 Apr 2005
Posts: 284
Location: Seattle

PostPosted: Mon Jan 22, 2018 9:00 pm    Post subject: Reply with quote

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf
Back to top
View user's profile Send private message
PrSo
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jun 2017
Posts: 128

PostPosted: Tue Jan 23, 2018 9:03 am    Post subject: Reply with quote

Intel is still working on resolving problems with the new microcode mitigations:
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners
Back to top
View user's profile Send private message
The_Great_Sephiroth
Veteran
Veteran


Joined: 03 Oct 2014
Posts: 1345
Location: Fayetteville, NC, USA

PostPosted: Tue Jan 23, 2018 3:33 pm    Post subject: Reply with quote

I checked my Core2Duo laptop and it claims that it has no bugs. This is via cpuinfo. Strange. I'll check via the method in the post a few above this one when I get back to my laptop later today.

I am curious though. This dates all the way back to the Windows 95 era and Pentium CPUs. Was this just a design flaw that was never even considered back then? I don't understand how this can go so far back and never have been discovered. I guess I cannot wrap my mind around it all, but my current thought is that this was like lead being added to gasoline. It made soft valves last forever, but we had no idea we were killing ourselves with it.

*UPDATE*

I do not have all that stuff, but I am running the stable kernel, 4.9.76 I believe.
Code:

9y84mj1 ~ # grep . /sys/devices/system/cpu/
cpu0/       cpuidle/    kernel_max  offline     power/
cpu1/       hotplug/    microcode/  online      present
cpufreq/    isolated    modalias    possible    uevent
9y84mj1 ~ # uname -r
4.9.76-gentoo-r1

_________________
Ever picture systemd as what runs "The Borg"?
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7070
Location: almost Mile High in the USA

PostPosted: Tue Jan 23, 2018 5:14 pm    Post subject: Reply with quote

Core2 Duos are affected, everything from the ppro onwards are affected except itanium and only the in-order atoms (the newer atoms are affected.)

I think it was simply an oversight but there are plenty of conspiracy theories out there.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
The_Great_Sephiroth
Veteran
Veteran


Joined: 03 Oct 2014
Posts: 1345
Location: Fayetteville, NC, USA

PostPosted: Tue Jan 23, 2018 8:05 pm    Post subject: Reply with quote

I assumed mine was affected, but why don't I have the info which should tell me so like you do? Is it simply because I am running an older laptop?
_________________
Ever picture systemd as what runs "The Borg"?
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7070
Location: almost Mile High in the USA

PostPosted: Tue Jan 23, 2018 8:19 pm    Post subject: Reply with quote

Exactly.

The PoC are earlier on this thread but need to be modified to run on the older chips. I was able determine that my Core2 Duo and Core2 Quad are affected by at least Spectre, but the PoC run so poorly that it was successful 15% of the time.

However if it was able to get it 15% of the time, it means that a determined hacker is still able to get the information, just takes longer.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Pearlseattle
Tux's lil' helper
Tux's lil' helper


Joined: 04 Oct 2007
Posts: 149
Location: Switzerland

PostPosted: Tue Jan 23, 2018 8:31 pm    Post subject: Reply with quote

Fyi:
"x11-drivers/nvidia-drivers-340.106" is now available as well in the portage tree => fix for old GPUs (in my case my passively-cooled GT218 / GeForce 210) which includes Page Table Isolation patches (info source here).

Edit:
here updated infos for all other nVidia GPUs.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13595

PostPosted: Wed Jan 24, 2018 3:25 am    Post subject: Reply with quote

The_Great_Sephiroth wrote:
I assumed mine was affected, but why don't I have the info which should tell me so like you do? Is it simply because I am running an older laptop?
If you mean, "Why are the sysfs virtual files missing?", I think the answer is that your kernel is too old. These virtual files were added to stable in sysfs/cpu: Add vulnerability folder, also known as v4.9.76-73-g11ec2df9c020. Therefore, your v4.9.76-0 is 73 commits too old to have them. Upgrade to a later v4.9.x (preferably the latest v4.9.x).

As for how this persisted for two decades, I attribute it to a lack of imagination. The CPU does all the things it is designed and documented to do (at least in this area). This is not an errata. It is a design flaw that can be leveraged by malicious code to do bad things. The designers seemingly never contemplated that abusing microarchitectural quirks was a viable way of attacking the system.
Back to top
View user's profile Send private message
Display posts from previous:   
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Goto page Previous  1, 2, 3 ... 16, 17, 18 ... 21, 22, 23  Next
Page 17 of 23

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum