Get the most out of your Centmin Mod LEMP stack
Become a Member

Security Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 3, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Nvidia updates https://www.bizjournals.com/sanjose/news/2018/01/10/nvidia-gpu-chips-meltdown-spectre-intc-amd.html

    Security Bulletin: NVIDIA Driver Security Updates for CPU Speculative Side Channel Vulnerabilities | NVIDIA

     
  2. bassie

    bassie Active Member

    835
    192
    43
    Apr 29, 2016
    Ratings:
    +587
    Local Time:
    5:03 AM
    @eva2000 Grammatically worthless, punctuation bad. Resuming. Just as bad as..... :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    well getting back on topic KPTI + Retpoline Linux Benchmarking On Older Clarksfield / Penryn ThinkPads - Phoronix

     
  4. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Linode updates Linode Blog » CPU Vulnerabilities: Meltdown & Spectre

     
  5. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Intel's Security-First Pledge :)

     
  6. bassie

    bassie Active Member

    835
    192
    43
    Apr 29, 2016
    Ratings:
    +587
    Local Time:
    5:03 AM
    What I have my concern with:
    If you read quickly you think about speed improvements to fix the performance that occurs after applying security fixes.

    The article is talking about: "We know that impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique. We commit to provide frequent progress reports of patch progress, performance data and other information."

    This could be a data analysis of the improved secured firmware with speed adjustments or an analysis that with security adjustment and without speed adjustments. And that the performance loss is negligible according to Intel.

    And if they make speed improvements in their firmware.
    Then the question is whether you get them.

    There is no problem for servers, the support of new firmwares is well regulated from the manufacturer.

    But consumers hardware. I don't believe that you will get a firmware update with Intel improvements on your 3 year old Acer laptop.

    Not that Intel does not offer that, no Acer does not carry it through.
    There you are with your slow device. Thats the problem.
     
    Last edited: Jan 12, 2018
  7. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah from Intel CEO latter seems to mean that by Jan 31, 2018 all cpus within past 5yrs will get updates and older cpus after that date.

    AMD more vulnerable that initially thought AMD CPUs Are Potentially Vulnerable To Spectre / Variant 2 - Phoronix ?

     
  8. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    updates from Online.net Important note about the security flaw impacting ARM & Intel hardware

    peformance impact from graph looks like 5x times higher cpu usage there !
     
  9. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Not good news at all, Intel cpu microcode updates causing system crashes Intel Xeon E5 V3 and V4 Servers See More Reboots After Meltdown and Spectre Fixes :(

     
  10. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    DigitalOcean A Message About Intel Security Findings

     
  11. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Just amazing the pace at which Michael from Phoronix pumps out benchmark articles Debian vs. Ubuntu vs. CentOS vs. openSUSE vs. Clear Linux Post-Meltdown Performance - Phoronix :D

    just a typo for Debian as Meltdown fixes are KPTI and waiting on Spectre so mixed them up in statement
     
  12. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Woah Solarwinds folks report huge performance losses on Amazon AWS Visualizing Meltdown on AWS - AppOptics Blog

    @Matt IIRC your work place also would have been impacted by this ?
     
  13. Matt

    Matt Moderator Staff Member

    756
    341
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +507
    Local Time:
    4:03 AM
    1.7.1
    MariaDB 10
    Solarwinds is running on internal hardware. We are however, running Splunk in the AWS Cloud..........
     
    • Informative Informative x 1
  14. bassie

    bassie Active Member

    835
    192
    43
    Apr 29, 2016
    Ratings:
    +587
    Local Time:
    5:03 AM
    • Informative Informative x 1
  15. bassie

    bassie Active Member

    835
    192
    43
    Apr 29, 2016
    Ratings:
    +587
    Local Time:
    5:03 AM
    Another post because of another topic.
    About Linode and Spectre & Meltdown.

    All my German servers are being migrated to new hardware with the latest patches.

    "As part of our ongoing efforts to patch the recent Meltdown and Spectre CPU vulnerabilities, your Linode has been scheduled for a migration that will relocate your Linode to a physical machine with our latest security patches already in place."

    All English servers are patched on site.

    "In order to address the disclosed vulnerabilities, the physical hardware on which your Linode resides will need to undergo maintenance. This update will require at least two separate reboots in order to fully mitigate the vulnerabilities."

    Different approach. What about you, fellow members?
     
    • Informative Informative x 1
  16. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yeah Intel not having much luck with microcode and bios updates right now. I haven't received any emails from Linode for mine but majority are on Intel E5-2680v2 Ivybridge so Intel probably hasn't gotten to those older cpus yet.

    hmm stackoverflow updated kernels resulted in between 65-275% increase in cpu utilisation at peak https://twitter.com/mnewswanger/status/951518987925499904 !
    https://twitter.com/mnewswanger/status/951540572799602690
    really messy The Hidden Toll of Fixing Meltdown and Spectre
     
  17. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    AWS Cloud ouch.. cpu utilisation up ?
     
  18. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    Intel providing some benchmark numbers before vs after Intel Security Issue Update: Initial Performance Data Results for Client Systems

    upload_2018-1-14_13-55-0.png
     
  19. eva2000

    eva2000 Administrator Staff Member

    34,276
    7,586
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,668
    Local Time:
    1:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    some relief for AWS users Ian Chan on Twitter
     
  20. Xon

    Xon Active Member

    143
    57
    28
    Nov 16, 2015
    Ratings:
    +186
    Local Time:
    11:03 AM
    1.13.x
    MariaDB 10.1.x
    I've started getting maintenance window notifications from Linode for my various VMs
     
    • Informative Informative x 1
..