Announcement

Collapse
No announcement yet.

Spectre & Meltdown Defined January 2018

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spectre & Meltdown Defined January 2018

    Phoronix: Spectre & Meltdown Defined January 2018

    A majority of last month was spent looking at and testing/benchmarking the Linux code to mitigate the much talked about Spectre and Meltdown CPU vulnerabilities...

    http://www.phoronix.com/scan.php?pag...ectre-Meltdown

  • #2
    February was defined as shortest month, could we patch that somehow

    Comment


    • #3
      Anyone here knows if there is a way to disable the meltdown and spectre patches on Windows for AMD processors?

      Comment


      • #4
        Originally posted by raom View Post
        Anyone here knows if there is a way to disable the meltdown and spectre patches on Windows for AMD processors?
        https://techreport.com/news/33172/op...re-mitigations

        I can't even even get my Llano laptop and Brisbane desktop to apply the mitigation patch successfully, even though MS supposedly fixed it.

        Comment


        • #5
          Originally posted by DanL View Post

          https://techreport.com/news/33172/op...re-mitigations

          I can't even even get my Llano laptop and Brisbane desktop to apply the mitigation patch successfully, even though MS supposedly fixed it.
          That's only for spectre variant 2. Is the meltdown fix enabled for AMD processors at all?

          Comment


          • #6
            Originally posted by raom View Post
            That's only for spectre variant 2. Is the meltdown fix enabled for AMD processors at all?
            I don't have any AMD hardware on hand to test, but you can use a PowerShell module to check if your hardware requires that fix: https://gallery.technet.microsoft.co...ntrol-e36f0050 or follow the direct PowerShell on-line installation as specified here https://support.microsoft.com/en-us/...erabilities-in

            You're interested in:

            Code:
            Hardware requires kernel VA shadowing: True
            Windows OS support for kernel VA shadow is enabled: True

            Comment


            • #7
              Originally posted by raom View Post
              Is the meltdown fix enabled for AMD processors at all?
              It isn't , but even if somehow it is - it shouldn't be:

              A third technique is based on a software performance optimization. Software running in a lesser privilege mode
              typically has page table mappings for more privileged code present in the page table context that is running. This
              allows for high performance switching between the two modes and the software uses extra page table attributes
              enforced by the hardware to restrict access to the privileged data when in lesser privileged modes. However, on
              some processors it has been observed that if software accesses the more privileged data when the processor
              is in a lesser privileged mode, the architectural fault may be delayed. This opens up a window for a speculative
              execution attack where privileged data is then forwarded to subsequent instructions for speculative execution.
              This is referred to as a variant 3 (Google Project Zero and Meltdown). No AMD processor has been designed with
              this behavior and so we are not discussing mitigation steps in the rest of the document for this variant but we
              are including it here for completeness. Software developers should use CPUID vendor ID checks to identify AMD
              processors to avoid implementing variant 3 mitigations
              .
              https://developer.amd.com/wp-content...Processors.pdf

              Early on, during Linux kernel development that was enabled by mistake for AMD too, but now it isn't:

              Code:
              meltdown    spectre_v1  spectre_v2  
              > cat /sys/devices/system/cpu/vulnerabilities/*
              Not affected
              Vulnerable
              Mitigation: Full AMD retpoline

              Comment


              • #8
                Originally posted by raom View Post
                Anyone here knows if there is a way to disable the meltdown and spectre patches on Windows for AMD processors?
                BTW, why you wanna disable these? It is not recommended to disable it particulary now that everybody knows much about these and attack samples identified by antivirus companies are on raise by every day...



                Maybe if you like pictures

                http://www.zdnet.com/article/meltdow...-by-attackers/

                Comment


                • #9
                  Originally posted by dungeon View Post
                  BTW, why you wanna disable these? It is not recommended to disable it particulary now that everybody knows much about these and attack samples identified by antivirus companies are on raise by every day...
                  For some the performance implications might be a good reason. Even Microsoft doesn't enable those mitigations on their Server versions by default but only on consumer ones.

                  Comment


                  • #10
                    Originally posted by numacross View Post

                    I don't have any AMD hardware on hand to test, but you can use a PowerShell module to check if your hardware requires that fix: https://gallery.technet.microsoft.co...ntrol-e36f0050 or follow the direct PowerShell on-line installation as specified here https://support.microsoft.com/en-us/...erabilities-in

                    You're interested in:

                    Code:
                    Hardware requires kernel VA shadowing: True
                    Windows OS support for kernel VA shadow is enabled: True
                    Thank you. It is false on both counts for my Phenom II machine.

                    Comment

                    Working...
                    X