1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Companies disagree over Meltdown patch performance impact

Discussion in 'Article Discussion' started by bit-tech, 8 Jan 2018.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    1,435
    Likes Received:
    25
    Read more
     
  2. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    10,893
    Likes Received:
    977
    And, while I have your attention, enjoy this little am-I-at-risk-from-Meltdown-or-Spectre script for Linux users.

    Sample output on my AMD box:

    Code:
    blacklaw@trioptimum:~/git/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.13
    
    Checking vulnerabilities against Linux 4.10.0-42-generic #46~16.04.1-Ubuntu SMP Mon Dec 4 15:57:59 UTC 2017 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 37 opcodes found, should be >= 70)
    > STATUS:  VULNERABLE
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpolines:  NO
    > STATUS:  NOT VULNERABLE  (your CPU is not vulnerable as per the vendor)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  NO
    * PTI enabled and active:  NO
    > STATUS:  NOT VULNERABLE  (your CPU is not vulnerable as per the vendor)
    ...and my shiny new Intel-powered Dell:

    Code:
    blacklaw@xerxes:~/git/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.13
    
    Checking vulnerabilities against Linux 4.10.0-42-generic #46~16.04.1-Ubuntu SMP Mon Dec 4 15:57:59 UTC 2017 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel compiled with LFENCE opcode inserted at the proper places:  NO  (only 37 opcodes found, should be >= 70)
    > STATUS:  VULNERABLE
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  NO
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpolines:  NO
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpolines are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  NO
    * PTI enabled and active:  NO
    > STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)
     
    Last edited: 8 Jan 2018
  3. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    9,821
    Likes Received:
    879
    Well trying it on windows [via WSL] wasn't especially helpful... gave it a go anyway for a laugh...

    Code:
    redflames@RF-BigRed:~/spectre-meltdown-checker$ sudo ./spectre-meltdown-checker.sh
    Spectre and Meltdown mitigation detection tool v0.13
    
    Checking vulnerabilities against Linux 4.4.0-17063-Microsoft #1000-Microsoft Thu Jan 01 PST 2016 x86_64
    
    CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
    * Kernel compiled with LFENCE opcode inserted at the proper places:  UNKNOWN  (couldn't find your kernel image in /boot, if you used netboot, this is normal)
    > STATUS:  UNKNOWN
    
    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
    * Mitigation 1
    *   Hardware (CPU microcode) support for mitigation:  UNKNOWN  (couldn't read /dev/cpu/0/msr, is msr support enabled in your kernel?)
    *   Kernel support for IBRS:  NO
    *   IBRS enabled for Kernel space:  NO
    *   IBRS enabled for User space:  NO
    * Mitigation 2
    *   Kernel compiled with retpolines:  UNKNOWN  (couldn't read your kernel configuration)
    > STATUS:  VULNERABLE  (IBRS hardware + kernel support OR kernel with retpolines are needed to mitigate the vulnerability)
    
    CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
    * Kernel supports Page Table Isolation (PTI):  UNKNOWN  (couldn't read your kernel configuration)
    * PTI enabled and active: dmesg: read kernel buffer failed: Function not implemented
     NO
    > STATUS:  VULNERABLE  (PTI is needed to mitigate the vulnerability)
    EDIT: TIL it threw a fit because WSL doesn't use a proper linux kernel... it uses trickery to trick the rest of the WSL instance into thinking the NT kernel is a linux kernel and translates stuff between the two. And that is why a: the script doesn't know where the kernel is and b: the WSL kernel can't be updated.
     
    Last edited: 8 Jan 2018
  4. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    2,605
    Likes Received:
    142
    I bet this is going to result in the discovery and fixing of plenty of "why does this function make 5 bazillion syscalls?!" bugs.
     
  5. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    9,821
    Likes Received:
    879
    Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems --Microsoft

    It's mainly aimed at those on Intel but...

     
Tags: Add Tags

Share This Page