News Companies disagree over Meltdown patch performance impact

Discussion in 'Article Discussion' started by bit-tech, 8 Jan 2018.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    634
    Likes Received:
    12
    Read more
     
  2. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    9,620
    Likes Received:
    362
    And, while I have your attention, enjoy this little am-I-at-risk-from-Meltdown-or-Spectre script for Linux users.

    Sample output on my AMD box:

    Code:
    blacklaw@trioptimum:~/git/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.13
    
    Checking vulnerabilities against Linux 4.10.0-42-generic #46~16.04.1-Ubuntu SMP Mon Dec 4 15:57:59 UTC 2017 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 37 opcodes found, should be >= 70)
    > STATUS:  VULNERABLE
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpolines:  NO
    > STATUS:  NOT VULNERABLE  (your CPU is not vulnerable as per the vendor)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  NO
    * PTI enabled and active:  NO
    > STATUS:  NOT VULNERABLE  (your CPU is not vulnerable as per the vendor)
    ...and my shiny new Intel-powered Dell:

    Code:
    blacklaw@xerxes:~/git/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.13
    
    Checking vulnerabilities against Linux 4.10.0-42-generic #46~16.04.1-Ubuntu SMP Mon Dec 4 15:57:59 UTC 2017 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 37 opcodes found, should be >= 70)
    > STATUS:  VULNERABLE
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpolines:  NO
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpolines are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  NO
    * PTI enabled and active:  NO
    > STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)
     
    Last edited: 8 Jan 2018
  3. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,295
    Likes Received:
    412
    Well trying it on windows [via WSL] wasn't especially helpful... gave it a go anyway for a laugh...

    Code:
    redflames@RF-BigRed:~/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.13
    
    Checking vulnerabilities against Linux 4.4.0-17063-Microsoft #1000-Microsoft Thu Jan 01 PST 2016 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel compiled with LFENCE opcode inserted at the proper places:  UNKNOWN  (couldn't find your kernel image in /boot, if you used netboot, this is normal)
    > STATUS:  UNKNOWN
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  UNKNOWN  (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpolines:  UNKNOWN  (couldn't read your kernel configuration)
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpolines are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  UNKNOWN  (couldn't read your kernel configuration)
    * PTI enabled and active: dmesg: read kernel buffer failed: Function not implemented
     NO
    > STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)
    EDIT: TIL it threw a fit because WSL doesn't use a proper linux kernel... it uses trickery to trick the rest of the WSL instance into thinking the NT kernel is a linux kernel and translates stuff between the two. And that is why a: the script doesn't know where the kernel is and b: the WSL kernel can't be updated.
     
    Last edited: 8 Jan 2018
  4. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,080
    Likes Received:
    55
    I bet this is going to result in the discovery and fixing of plenty of "why does this function make 5 bazillion syscalls?!" bugs.
     
  5. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    8,295
    Likes Received:
    412
    Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems --Microsoft

    It's mainly aimed at those on Intel but...

     
Tags: Add Tags

Share This Page