Announcement

Collapse
No announcement yet.

Spectre & Meltdown Defined January 2018

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • phoronix
    started a topic Spectre & Meltdown Defined January 2018

    Spectre & Meltdown Defined January 2018

    Phoronix: Spectre & Meltdown Defined January 2018

    A majority of last month was spent looking at and testing/benchmarking the Linux code to mitigate the much talked about Spectre and Meltdown CPU vulnerabilities...

    http://www.phoronix.com/scan.php?pag...ectre-Meltdown

  • raom
    replied
    Originally posted by numacross View Post

    I don't have any AMD hardware on hand to test, but you can use a PowerShell module to check if your hardware requires that fix: https://gallery.technet.microsoft.co...ntrol-e36f0050 or follow the direct PowerShell on-line installation as specified here https://support.microsoft.com/en-us/...erabilities-in

    You're interested in:

    Code:
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is enabled: True
    Thank you. It is false on both counts for my Phenom II machine.

    Leave a comment:


  • numacross
    replied
    Originally posted by dungeon View Post
    BTW, why you wanna disable these? It is not recommended to disable it particulary now that everybody knows much about these and attack samples identified by antivirus companies are on raise by every day...
    For some the performance implications might be a good reason. Even Microsoft doesn't enable those mitigations on their Server versions by default but only on consumer ones.

    Leave a comment:


  • dungeon
    replied
    Originally posted by raom View Post
    Anyone here knows if there is a way to disable the meltdown and spectre patches on Windows for AMD processors?
    BTW, why you wanna disable these? It is not recommended to disable it particulary now that everybody knows much about these and attack samples identified by antivirus companies are on raise by every day...



    Maybe if you like pictures

    http://www.zdnet.com/article/meltdow...-by-attackers/

    Leave a comment:


  • dungeon
    replied
    Originally posted by raom View Post
    Is the meltdown fix enabled for AMD processors at all?
    It isn't , but even if somehow it is - it shouldn't be:

    A third technique is based on a software performance optimization. Software running in a lesser privilege mode
    typically has page table mappings for more privileged code present in the page table context that is running. This
    allows for high performance switching between the two modes and the software uses extra page table attributes
    enforced by the hardware to restrict access to the privileged data when in lesser privileged modes. However, on
    some processors it has been observed that if software accesses the more privileged data when the processor
    is in a lesser privileged mode, the architectural fault may be delayed. This opens up a window for a speculative
    execution attack where privileged data is then forwarded to subsequent instructions for speculative execution.
    This is referred to as a variant 3 (Google Project Zero and Meltdown). No AMD processor has been designed with
    this behavior and so we are not discussing mitigation steps in the rest of the document for this variant but we
    are including it here for completeness. Software developers should use CPUID vendor ID checks to identify AMD
    processors to avoid implementing variant 3 mitigations
    .
    https://developer.amd.com/wp-content...Processors.pdf

    Early on, during Linux kernel development that was enabled by mistake for AMD too, but now it isn't:

    Code:
    meltdown    spectre_v1  spectre_v2  
    > cat /sys/devices/system/cpu/vulnerabilities/*
    Not affected
    Vulnerable
    Mitigation: Full AMD retpoline

    Leave a comment:


  • numacross
    replied
    Originally posted by raom View Post
    That's only for spectre variant 2. Is the meltdown fix enabled for AMD processors at all?
    I don't have any AMD hardware on hand to test, but you can use a PowerShell module to check if your hardware requires that fix: https://gallery.technet.microsoft.co...ntrol-e36f0050 or follow the direct PowerShell on-line installation as specified here https://support.microsoft.com/en-us/...erabilities-in

    You're interested in:

    Code:
    Hardware requires kernel VA shadowing: True
    Windows OS support for kernel VA shadow is enabled: True

    Leave a comment:


  • raom
    replied
    Originally posted by DanL View Post

    https://techreport.com/news/33172/op...re-mitigations

    I can't even even get my Llano laptop and Brisbane desktop to apply the mitigation patch successfully, even though MS supposedly fixed it.
    That's only for spectre variant 2. Is the meltdown fix enabled for AMD processors at all?

    Leave a comment:


  • DanL
    replied
    Originally posted by raom View Post
    Anyone here knows if there is a way to disable the meltdown and spectre patches on Windows for AMD processors?
    https://techreport.com/news/33172/op...re-mitigations

    I can't even even get my Llano laptop and Brisbane desktop to apply the mitigation patch successfully, even though MS supposedly fixed it.

    Leave a comment:


  • raom
    replied
    Anyone here knows if there is a way to disable the meltdown and spectre patches on Windows for AMD processors?

    Leave a comment:


  • dungeon
    replied
    February was defined as shortest month, could we patch that somehow

    Leave a comment:

Working...
X