Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 21 Nov 2019, 00:23
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge
Intel problems -This is not technically listed as a vulnerab
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
scsijon

Joined: 23 May 2007
Posts: 1531
Location: the australian mallee

PostPosted: Wed 13 Nov 2019, 20:10    Post subject:  Intel problems -This is not technically listed as a vulnerab
Subject description: extracted from lfs messages for those who don't get them
 

Message: 1

Subject: [lfs-dev] The latest Intel problems

As people who read one or more of El Reg || Phoronix || Toms Hardware
will be aware, there have been some announcements by Intel on
Tuesday.

The first is described as the 'Jump Conditional Code (JCC) Erratum'.
This is not technically listed as a vulnerability. Quoting from
Phoronix:

"Intel is today making public the Jump Conditional Code (JCC) erratum.
This is a bug involving the CPU's Decoded ICache where on Skylake
and derived CPUs where unpredictable behavior could happen when jump
instructions cross cache lines."

Apparently, the new microcode (20191112) fixes this, at the cost of
various slowdowns in both kernel and userspace.

The second and third items _are_ listed as vulnerabilities:

TSX Async Abort (TAA) CVE-2019-11135 (another mds-style vulnerability,
only now disclosed) - according to Toms Hardware this affects certain
Whiskey Lake, Cascade Lake and Coffee Lake R CPUs.

ilTLB Multihit CVE-2018-12207 (malicious guests in a virtualized system)

Further details of these vulnerabilities are at
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html

None of this applies to AMD processors.

There are workarounds for the vulnerabilities in kernels 5.3.11,
4.19.84, 4.14.154, 4.9.201 and 4.4.201 (and I hope nobody here is
using those last three).

>From the release notes for the new microcode I don't think that
anything older than Skylake has got new microcode.

ĸen
---
cut and cleaned up
---
Message: 2
Subject: Re: [lfs-dev] The latest Intel problems

On Wed, Nov 13, 2019 at 02:53:28AM +0000, Ken Moffat via lfs-dev wrote:
> As people who read one or more of El Reg || Phoronix || Toms Hardware
> will be aware, there have been some announcements by Intel on
> Tuesday.
>

And another, again from phoronix: potential privilege escalation or
denial of service by an unprivileged local user on (at least) gen 8/9
graphics hardware (Broadwell to pre Cannonlake / Icelake),
CVE-2019-015{4,5}.

Commits merged in trunk:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=100d46bd72ec689a5582c2f5f4deadc5bcb92d60
and new graphics firmware is being made available.

A quick look suggests these fixes are not yet in any released kernels.

ĸen
--
Whilst all mushrooms are edible, the trick is to eat only those which will prove to be edible more than once. The Celebrated Discworld Almanak recommends you play safe and eat beans on toast.


------------------------------
Back to top
View user's profile Send private message Visit poster's website 
Mike Walsh


Joined: 28 Jun 2014
Posts: 5568
Location: King's Lynn, UK.

PostPosted: Wed 13 Nov 2019, 21:36    Post subject:  

scsijon wrote:
There are workarounds for the vulnerabilities in kernels 5.3.11, 4.19.84, 4.14.154, 4.9.201 and 4.4.201 (and I hope nobody here is
using those last three).


Errm.....what; because they're (gasp) *whispers*....'old'? Shocked Shocked

God in heaven, man, I don't think I'm using a kernel that new anywhere in the kennels. Most of mine are 3-series, with the odd, early 4-series here & there, plus an assortment of 2-series floating around for good measure.

Explain to me, willya; what IS this near-obsession with 'must use the newest kernel the instant it's released', huh? I mean, okay; I consider myself 'tech-savvy', yes.....but I tend to wait and let tech 'prove' itself, y'know?

I didn't invest in my first CD player till the early years of this millennium.... Laughing

Yes, I know; there's always 'security vulnerabilities being addressed'. My hardware is nearly 16 yrs old; it's not Intel, it's always been AMD.....and, just like the malware writers/crackers/hackers, they always tend to target those investing in the newer tech. With the kernel being like 90+% nowt but drivers, there isn't a kernel newer than a 3-series that will support my hardware better than it already is. And the newer you get, they're having to drop support for really old tech simply to stop the damned thing getting too unwieldy.

Nah, I'm sorry, but you'll have to prove the earth will fall down around my ears before I start worrying about all that guff...I've never had the slightest bit of trouble with my 'puters, even back when I was running Windoze.....and definitely not since using Puppy.


Mike. Wink

_________________
MY 'PUPPY' PACKAGES

Back to top
View user's profile Send private message 
nic007


Joined: 13 Nov 2011
Posts: 3141
Location: Cradle of Humankind

PostPosted: Thu 14 Nov 2019, 00:16    Post subject:  

People with new computers will want to use the newest available. They will worry about things like that. Most puppy users (well probably, I'm guessing) use older machines.
Back to top
View user's profile Send private message 
ozsouth

Joined: 01 Jan 2010
Posts: 585
Location: S.E Australia

PostPosted: Thu 14 Nov 2019, 00:29    Post subject:  

My laptops range from 9 years to 1 year old. I find the longterm 4.14 kernels most stable for me - supported until 2024. The newest laptop doesn't like anything after 4.18. I just released an new .cpio file (under Security Topic) with 13Nov19 update. All my Intel CPUs need it.
Back to top
View user's profile Send private message 
Mike Walsh


Joined: 28 Jun 2014
Posts: 5568
Location: King's Lynn, UK.

PostPosted: Thu 14 Nov 2019, 06:21    Post subject:  

nic007 wrote:
People with new computers will want to use the newest available. They will worry about things like that. Most puppy users (well probably, I'm guessing) use older machines.


Oh, you're probably right there, Nic, on both counts.We're all the same when it comes to summat brand-new; we fuss over them like a mother hen, and worry about everything under the sun.....

ozsouth wrote:
My laptops range from 9 years to 1 year old.


Hah. My newest is at least 15 yrs old.....the oldest, getting on for nearly 18.

ozsouth wrote:
All my Intel CPUs need it.


Fair comment. My main rig is a pretty elderly, first-gen dual-core Athlon 64.....and I don't think early, 'cooking' P4s even come into this kinda stuff, do they?

I could be wrong...

EDIT:-

Mike Walsh wrote:
God in heaven, man, I don't think I'm using a kernel that new anywhere in the kennels. Most of mine are 3-series, with the odd, early 4-series here & there, plus an assortment of 2-series floating around for good measure.


Correction; I've told a 'porky' here. I do have one 5-series, running in peebee's UPupBB; it's one of rockedge's compiles.....I came across it on his website, and thought to myself, 'Ah, what the hell; why not?'

Every other Pup has an "oldie-but-goodie".....


Mike. Wink

_________________
MY 'PUPPY' PACKAGES

Back to top
View user's profile Send private message 
rufwoof


Joined: 24 Feb 2014
Posts: 3629

PostPosted: Thu 14 Nov 2019, 08:33    Post subject: Re: Intel problems -This is not technically listed as a vulnerab
Subject description: extracted from lfs messages for those who don't get them
 

scsijon wrote:
There are workarounds for the vulnerabilities in kernels 5.3.11, 4.19.84, 4.14.154, 4.9.201 and 4.4.201 (and I hope nobody here is using those last three)

I'm running 4.14.154 (with the latest stable busybox). Is there a particular reason why you suggest that is unwise? (I track it primarily for its kernel.org Jan 2024 EOL date).

_________________
( ͡° ͜ʖ ͡°) :wq
Fatdog multi-session usb

echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh
Back to top
View user's profile Send private message 
scsijon

Joined: 23 May 2007
Posts: 1531
Location: the australian mallee

PostPosted: Sat 16 Nov 2019, 20:23    Post subject: Re: Intel problems -This is not technically listed as a vulnerab
Subject description: extracted from lfs messages for those who don't get them
 

rufwoof wrote:
scsijon wrote:
There are workarounds for the vulnerabilities in kernels 5.3.11, 4.19.84, 4.14.154, 4.9.201 and 4.4.201 (and I hope nobody here is using those last three)

I'm running 4.14.154 (with the latest stable busybox). Is there a particular reason why you suggest that is unwise? (I track it primarily for its kernel.org Jan 2024 EOL date).


Not personally, that was just what the announcements said, I am just passing it on. Have a look again at the first message as it relates to intel processors only, amd are ok. How you update the microcode in linux I don't know though, I haven't looked at that. And as it says above there are workarounds in your kernel so maybe your ok. Have a look at the changelog on kernel.org for yours is really all I can sugest.
Back to top
View user's profile Send private message Visit poster's website 
ozsouth

Joined: 01 Jan 2010
Posts: 585
Location: S.E Australia

PostPosted: Sun 17 Nov 2019, 00:07    Post subject:  

Quote:
How you update the microcode in linux I don't know though, I haven't looked at that.

See: http://murga-linux.com/puppy/viewtopic.php?p=1030115#1030115
Back to top
View user's profile Send private message 
scsijon

Joined: 23 May 2007
Posts: 1531
Location: the australian mallee

PostPosted: Sun 17 Nov 2019, 06:57    Post subject:  

ozsouth wrote:
Quote:
How you update the microcode in linux I don't know though, I haven't looked at that.

See: http://murga-linux.com/puppy/viewtopic.php?p=1030115#1030115


thanks ozsouth, as I said i hadn't needed it so i hadn't try to find out, it's nice that someone has, maybe rutwolf can followit if he finds he needs it.

And to make some jelous, i've got a Ryzen 9 16core on loan till christmas and been promised the loan of a threadripper after they come out next year. Funny thing is the Ryzen 9 isn't using all it's cores so i suspect there is need for a kernel setting or two, and what a threadripper is going to do with 32 cores/64threads/80meg primary cache I'm not sure, but I don't plan on buying one at present, your most likely going to be talking over $10K for a basic box and double that for a real world one.
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Cutting edge
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1012s ][ Queries: 11 (0.0066s) ][ GZIP on ]