Meltdown and Spectre Discussion Sticky

[dirk-lehmann]

Which software kernel solves and protect server against hacking via Intels bug, please see:

OVERVIEW: https://www.intel.com/content/www/us...-products.html

NEWSROOM: https://newsroom.intel.com/news/inte...arch-findings/

Is there a kernel availabe yet, where and which version?

I was wondering if you would and could let me know

DK

[Doug S]

For only 4 days now, Kernel 4.15-rc6 (release candidate 6) has the PIT (Page Isolation Table) stuff included. However, the default kernel configuration still has it disabled, so you would need to compile it yourself with CONFIG_PAGE_TABLE_ISOLATION=y (which I did yesterday). I believe it has also been backported to mainline kernel 4.11.13. I think it will still be awhile before Ubuntu kernels have this stuff.

[oldfred]

More details on amount of performance hit. A lot less than the preliminary quoted 30%.

https://www.phoronix.com/scan.php?pa...e-x86pti&num=1
To see if your system is impacted (but it basically comes down to being Intel x86 CPUs or temporarily for AMD CPUs) can check for "cpu_insecure" on the bug line in the /proc/cpuinfo output if running the Linux 4.15-rc6 or later.
When testing on AMD Ryzen but with PTI active, indeed, there is a similar performance hit to Intel. But if using a mainline kernel until that patch ends up being there, just reiterating you can boot your kernel with the "nopti" kernel parameter. Intel users can also opt for the nopti switch if they want to retain maximum performance, but it's a potential security risk. The Ryzen impact:

[deadflowr]

Ubuntu's current meltdown/spectre status:
https://wiki.ubuntu.com/SecurityTeam...treAndMeltdown

[Doug S]

More details on amount of performance hit. A lot less than the preliminary quoted 30%.

https://www.phoronix.com/scan.php?pa...e-x86pti&num=1

I did some of those same phoronix tests yesterday: no change for kernel compile; 4.2% degradation for himeno test; no degradation for fs-mark test type 1 (1000 Files, 1MB Size); 16% degradation for fs-mark test type 3 (5000 Files, 1MB Size, 4 Threads).

System: Ubuntu server, i7-2600k.

[ra7411]

Does anybody have any info or guesses as to what the Meltdown and Spectre microprocessor flaws mean to Ubuntu users?

[Frogs Hair]

Updates in the works

https://insights.ubuntu.com/2018/01/...lnerabilities/

[mastablasta]

meltdown affects those using intel, spectre affects those using all CPU, but looks like it is not that bad.

keep your systems up to date. you can also setup unnatended upgrades for automatic patching as well as live patch for home use if needed.

[ventrical]

Does anybody have any info or guesses as to what the Meltdown and Spectre microprocessor flaws mean to Ubuntu users?

Basically it means "patch-city". As long as you keep updated it will keep the exploit vulnerability at bay but it will not eliminate the vulnerability as more methods are devised to crack it. This is a basic hardware flaw in many CPU designs.

It is reported that "this will haunt us for some time.".

Researchers have verified Spectre "breaks down the isolation between different applications" and will affect Intel, AMD and Arm.

In a statement Arm said the majority of it's processors are not affected by Spectre or Meltdown but admitted it has been working with Intel , AMD and other partners to develop defences against the vulnerabilites......>

Security patches exist for Linux, Windows and OSX but the fix can potentially slow down a PCs performance by 30%.

source.. Hamza Shaban, The Washington Post with files from The Canadian Press

Edit:
Smartphones as well.

http://windsorstar.com/pmn/business-...9-cbbd68c0e5cc

[ardouronerous]

I was reading this article: Ubuntu will fix Meltdown and Spectre by January 9th and this is what caught my attention:

According to Kirkland, Ubuntu users of “the 64-bit x86 architecture (aka, amd64)” can expect patched kernels, it’s unclear what will happen with 32-bit installs, though.

I have two 32-bit computers are home, my Xubuntu desktop and my dad's Lubuntu laptop, both of which are still running great.