Announcement

Collapse
No announcement yet.

Linux Gets New Patch To Fix AMD Retbleed Mitigation - STIBP Needed With IBPB

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Gets New Patch To Fix AMD Retbleed Mitigation - STIBP Needed With IBPB

    Phoronix: Linux Gets New Patch To Fix AMD Retbleed Mitigation - STIBP Needed With IBPB

    Sent out this morning is a Linux kernel "fix" that now enabled STIBP when using the IBPB mode for Retbleed mitigations on AMD processors. In other words, more protections needed for this enhanced mode of Retbleed mitigation...

    https://www.phoronix.com/news/AMD-Li...eed-STIBP-IBPB

  • #2
    I like the way that TheRegister reports on these Spectre variants, pointing out that they've never been exploited in the wild, are only seen in the lab, and pointing out that for bad actors, there are always plenty of easier exploits and social engineering to employ to get at your uber-valuable data. Such as your pirated games. Your anime collection. Your favorite memes. All that super valuable stuff you are keeping on your Top Secret computer.

    Comment


    • #3
      Originally posted by andyprough View Post
      I like the way that TheRegister reports on these Spectre variants, pointing out that they've never been exploited in the wild, are only seen in the lab, and pointing out that for bad actors, there are always plenty of easier exploits and social engineering to employ to get at your uber-valuable data. Such as your pirated games. Your anime collection. Your favorite memes. All that super valuable stuff you are keeping on your Top Secret computer.
      Nice try at dismissing the importance of people's data and their privacy, a fundamental human right. You're a good tool for the establishment. Keep at it.

      Comment


      • #4
        What's the difference between this and the "SQUIP" vulnerability?

        Comment


        • #5
          Originally posted by jntesteves View Post

          Nice try at dismissing the importance of people's data and their privacy, a fundamental human right. You're a good tool for the establishment. Keep at it.
          I am not dismissing your human right to sacrifice 39% of your CPU performance to keep your stolen copy of six seasons of Golden Girls free from prying eyes. Not at all - in fact, I think you should sacrifice even more performance. Why not 89%?

          Comment


          • #6
            mitigations=off

            Comment


            • #7
              Noice, my AMD E2-2000 (Bobcat, btver1) which I am typing from is not affected.

              Comment


              • #8
                Originally posted by bobbie424242 View Post
                mitigations=off
                Will that still be valid and applicable for the new mitigations coming ?

                Comment


                • #9
                  Originally posted by mrazster View Post

                  Will that still be valid and applicable for the new mitigations coming ?
                  as long as its not firmware based fixes, then yeah. if it is firmware based, don't update cpu firmware. avoid new bios updates and remove intel / amd ucode packages.

                  Comment


                  • #10
                    Originally posted by jntesteves View Post
                    Nice try at dismissing the importance of people's data and their privacy, a fundamental human right. You're a good tool for the establishment. Keep at it.
                    I think you are conflating a few entirely different concepts in your post by including a "social justice" comment like "a fundamental human right"

                    How you setup your computer is still entirely your choice; Linux gives you that choice. It's that simple.

                    The key fact that I think Andy's post was making is the lack of "in the wild" exploits for these issues. WIll there be exploits in the future? Maybe, then again, maybe not; none of us can predict the future (I think).

                    I look at code development like this as providing the end user with the option of "hardening the target"...and I think that having that choice is helpful.

                    As we have all seen with previous CPU attack vector mitigations, Linux coders tend to figure out the solutions first and then they refine them as best they can. The early Spectre and Meltdown attack vector solutions were like that but I think those solutions have been refined; I would have to check Michael's testing posts elsewhere on Phoronix to be certain.


                    Comment

                    Working...
                    X