Learn about Centmin Mod LEMP Stack today
Register Now

Security Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 3, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Nvidia updates https://www.bizjournals.com/sanjose/news/2018/01/10/nvidia-gpu-chips-meltdown-spectre-intc-amd.html

    Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities | NVIDIA


     
  2. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    4:49 AM
    @eva2000 Grammatically worthless, punctuation bad. Resuming. Just as bad as..... :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    well getting back on topic KPTI + Retpoline Linux Benchmarking On Older Clarksfield / Penryn ThinkPads - Phoronix

     
  4. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Linode updates Linode Blog » CPU Vulnerabilities: Meltdown & Spectre

     
  5. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Intel's Security-First Pledge :)

     
  6. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    4:49 AM
    What I have my concern with:
    If you read quickly you think about speed improvements to fix the performance that occurs after applying security fixes.

    The article is talking about: "We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information."

    This could be a data analysis of the improved secured firmware with speed adjustments or an analysis that with security adjustment and without speed adjustments. And that the performance loss is negligible according to Intel.

    And if they make speed improvements in their firmware.
    Then the question is whether you get them.

    There is no problem for servers, the support of new firmwares is well regulated from the manufacturer.

    But consumers hardware. I don't believe that you will get a firmware update with Intel improvements on your 3 year old Acer laptop.

    Not that Intel does not offer that, no Acer does not carry it through.
    There you are with your slow device. Thats the problem.
     
    Last edited: Jan 12, 2018
  7. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah from Intel CEO latter seems to mean that by Jan 31, 2018 all cpus within past 5yrs will get updates and older cpus after that date.

    AMD more vulnerable that initially thought AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2 - Phoronix ?

     
  8. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    updates from Online.net Important note about the security flaw impacting ARM & Intel hardware

    peformance impact from graph looks like 5x times higher cpu usage there !
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Not good news at all, Intel cpu microcode updates causing system crashes Intel Xeon E5 V3 and V4 Servers See More Reboots After Meltdown and Spectre Fixes :(

     
  10. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    DigitalOcean A Message About Intel Security Findings

     
  11. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just amazing the pace at which Michael from Phoronix pumps out benchmark articles Debian vs. Ubuntu vs. CentOS vs. openSUSE vs. Clear Linux Post-Meltdown Performance - Phoronix :D

    just a typo for Debian as Meltdown fixes are KPTI and waiting on Spectre so mixed them up in statement
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Woah Solarwinds folks report huge performance losses on Amazon AWS Visualizing Meltdown on AWS - AppOptics Blog

    @Matt IIRC your work place also would have been impacted by this ?
     
  13. Matt

    Matt Well-Known Member

    925
    414
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +669
    Local Time:
    3:49 AM
    1.5.15
    MariaDB 10.2
    Solarwinds is running on internal hardware. We are however, running Splunk in the AWS Cloud..........
     
  14. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    4:49 AM
  15. buik

    buik “The best traveler is one without a camera.”

    1,990
    518
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,647
    Local Time:
    4:49 AM
    Another post because of another topic.
    About Linode and Spectre & Meltdown.

    All my German servers are being migrated to new hardware with the latest patches.

    "As part of our ongoing efforts to patch the recent Meltdown and Spectre CPU vulnerabilities, your Linode has been scheduled for a migration that will relocate your Linode to a physical machine with our latest security patches already in place."

    All English servers are patched on site.

    "In order to address the disclosed vulnerabilities, the physical hardware on which your Linode resides will need to undergo maintenance. This update will require at least two separate reboots in order to fully mitigate the vulnerabilities."

    Different approach. What about you, fellow members?
     
  16. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah Intel not having much luck with microcode and bios updates right now. I haven't received any emails from Linode for mine but majority are on Intel E5-2680v2 Ivybridge so Intel probably hasn't gotten to those older cpus yet.

    hmm stackoverflow updated kernels resulted in between 65-275% increase in cpu utilisation at peak https://twitter.com/mnewswanger/status/951518987925499904 !
    https://twitter.com/mnewswanger/status/951540572799602690
    really messy The Hidden Toll of Fixing Meltdown and Spectre
     
  17. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    AWS Cloud ouch.. cpu utilisation up ?
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Intel providing some benchmark numbers before vs after Intel Security Issue Update: Initial Performance Data Results for Client Systems

    upload_2018-1-14_13-55-0.png
     
  19. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:49 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    some relief for AWS users Ian Chan on Twitter
     
  20. Xon

    Xon Active Member

    173
    61
    28
    Nov 16, 2015
    Ratings:
    +229
    Local Time:
    10:49 AM
    1.15.x
    MariaDB 10.3.x
    I've started getting maintenance window notifications from Linode for my various VMs