Microsoft releases update to reverse problematic Spectre patch

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jan 29, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    48,400
    Likes Received:
    18,597
    GPU:
    AMD | NVIDIA
  2. Noisiv

    Noisiv Ancient Guru

    Messages:
    8,230
    Likes Received:
    1,494
    GPU:
    2070 Super
    Quick recap:

    [​IMG]



    Protection Class (1) - Subsequently Microcode Update Fixed Processors
    A microcode update is applied, which brings new CPU commands, which provide extensive Specter protection (Meltdown is rendered harmless by means of an operating system update). The same costs a bit of performance (supposedly more with older CPUs than with newer ones), but can be made available in a relatively short time by the CPU developers and motherboard manufacturers. As a disadvantage, many older CPUs (despite the technical possibility) no longer receive such a fix because their support has been discontinued.

    Protection class (2) - Factory-fixed by microcode update Processors

    Here again, a microcode update is scheduled, which brings new CPU commands, which provide extensive Specter protection (Meltdown is thereby harmless by means of an operating system update) . The same costs a bit of performance (supposedly less on older processors than on older ones) and is mostly already in the delivery state, which is why the CPU manufacturers then talk about "meltdown / Specter-free processors", although there are actually no changes on real hardware Level has given. But this method can be applied to every newly emerging CPU generation and will probably be realized in the same way for all upcoming CPUs.

    Protection class (3) - Meltdown / Specter-free CPU architectures
     
  3. RealNC

    RealNC Ancient Guru

    Messages:
    4,959
    Likes Received:
    3,235
    GPU:
    4070 Ti Super
    Meanwhile, it seems Linux has opted to mitigate Spectre v2 at the compiler level ("retpoline") and not use the microcode, calling Intel's microcode "crap."

    On my system:

    Code:
    $ cat /sys/devices/system/cpu/vulnerabilities/meltdown
    Mitigation: PTI
    $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
    Mitigation: Full generic retpoline
    
    (There's no mitigation for v1 by anyone yet.)

    AFAICT from the LKML posts, the retpoline method is actually faster than using the microcode. Although it gets a bit confusing for non-kernel people like me to interpret the posts, so I could be wrong.
     
  4. Berke53

    Berke53 Active Member

    Messages:
    65
    Likes Received:
    13
    GPU:
    2x ASUS GTX 1080 Strix OC
    My system is behaving erratically so I downloaded the KB4078130 update. I appears to be a small 25 kB executable. When opening it does ablosutly nothing. There is no installer popping up or something. Is this normal? How to install it properly?
     

  5. Turanis

    Turanis Guest

    Messages:
    1,779
    Likes Received:
    489
    GPU:
    Gigabyte RX500
    In short:

    Enable and disable Spectre Variant 2 mitigation manually


    Microsoft also provides the following registry settings for user who want to enable or disable the Spectre Variant 2 without deploying KB4078130 on their systems:


    To enable Variant 2: CVE 2017-5715 "Branch Target Injection":

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 1 /f

    To disable Variant 2: CVE 2017-5715"Branch Target Injection":

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 1 /f

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 1 /f

    KB4078130 isn’t shipped via Windows Update, and can only be downloaded for Windows 7, 8.1, and 10 from the Update Catalog here.
     
    fOrTy_7 likes this.
  6. Alessio1989

    Alessio1989 Ancient Guru

    Messages:
    2,941
    Likes Received:
    1,239
    GPU:
    .
    Good.

    Hopefully Microsoft will going to use the "retpoline" soluition.
     
  7. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,544
    Likes Received:
    13,563
    GPU:
    GF RTX 4070
    It is faster because you don`t need to call/read/write out-of-core facilities (like MSR) introduced in updated microcode(s).

    The code of all applications you use should be recompiled for that (not only the OS apps/kernel). Linux users can do it themselves (and not only with OS apps/kernel).
     
  8. Alessio1989

    Alessio1989 Ancient Guru

    Messages:
    2,941
    Likes Received:
    1,239
    GPU:
    .
    As is needed for Spectre v1. I do not need Spectre v1 and v2 mitigation on all my applications.
     
  9. Sergio

    Sergio Guest

    Messages:
    254
    Likes Received:
    7
    GPU:
    Asus 760 DirectCU II OC
    It adds/alters 2 registry keys after executing, yes it is normal, no popups.

    Go to Regedit >

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management >

    And check "FeatureSettingsOverride" and "FeatureSettingsOverrideMask" there and both should be "1" after KB execute.

    I tested "FeatureSettingsOverride". Changed it to "0" and executed KB exe. It changed to "1".

    [​IMG]
    [​IMG]
     
    Susahamat, Berke53 and fOrTy_7 like this.
  10. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,544
    Likes Received:
    13,563
    GPU:
    GF RTX 4070
    By the way, Microsoft in its article about mitigations on client Windows wrote about registry values "FeatureSettingsOverride" and "FeatureSettingsOverrideMask" both equals to "3". Taking to account your info we can assume that value "1" is a mask for Spectre mitigation, and value "2" is a mask for Meltdown mitigation.
     

  11. RealNC

    RealNC Ancient Guru

    Messages:
    4,959
    Likes Received:
    3,235
    GPU:
    4070 Ti Super
    Only affected applications need to be recompiled. This means applications that execute third-party code inside their process space. Like web browsers, for example (they execute JavaScript.) Though browsers now seem to switch to having every tab being a separate process.

    So it's mostly kernels and virtual machines that need to be recompiled.
     
  12. BlueRay

    BlueRay Guest

    Messages:
    278
    Likes Received:
    77
    GPU:
    EVGA GTX 1070 FTW
    So why Intel and MS didn't adopt Google's Retpoline solution which doesn't harm performance and works better?
    What the hell those companies did all those months when they knew the vulnerabilities will go public but yet didn't deliver a stable fix and now we have all those problematic fixes which do more harm than good?
    I opted out of those silly patches for now. I didn't flash the microcode BIOS and I don't plan to do so until I will be sure those fixes are working and do not cause issues. Not to mention the botched performance everywhere. I'm glad I didn't jump on the danger-panic wagon so soon. The fixes were rushed out very amateurishly .
     
  13. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,544
    Likes Received:
    13,563
    GPU:
    GF RTX 4070
    Script engines? Office apps? Messengers? Media players? Any apps with plugins?
    Just speculating.
     
  14. TheDeeGee

    TheDeeGee Ancient Guru

    Messages:
    9,638
    Likes Received:
    3,414
    GPU:
    NVIDIA RTX 4070 Ti
    No reboots here, then again i'm on 1703 still.
     
  15. demented brave

    demented brave Master Guru

    Messages:
    307
    Likes Received:
    7
    GPU:
    Gigabyte 4090
    I am still using an ivy bridge 3570k. Doesn't look like there will be much done for older CPUs. I was really considering getting a 8700k but this spectre mess along with the crazy memory prices, guess I'll probably hold out a bit longer.
     

  16. RzrTrek

    RzrTrek Guest

    Messages:
    2,548
    Likes Received:
    741
    GPU:
    -
    I uninstalled kb4056892 a few days ago (kept coming back when I restart) but thankfully this band aid mad it less painful.
     
  17. RealNC

    RealNC Ancient Guru

    Messages:
    4,959
    Likes Received:
    3,235
    GPU:
    4070 Ti Super
    Messengers and media players don't run external code. At least I can't see why they would.

    The rest are only affected if they need to sandbox the code they run. So probably the scripting interpreters of office suits need it (and I'm not sure if they need it if there's no JIT involved.) Apps with plugins don't. Plugins are unsafe by nature and don't need Spectre to become unsafe.
     
  18. fOrTy_7

    fOrTy_7 Guest

    Messages:
    345
    Likes Received:
    36
    GPU:
    N/A
    Great, just yesterday I updated my Win 8.1 with all the Meltdown/Spectre patches thinking they sorted out all this mess by now. Guess I was wrong.

    Anyway this new 'critical' patch doesn't do $hit to my system. I had to manually add those registry keys and reboot the system.

    Not working 'critical' path for a not working 'critical' patch . It's getting better and better. I'm glad I'm still on Win 8.1 and can decide when to update my system in situations like this.
     
  19. waltc3

    waltc3 Maha Guru

    Messages:
    1,445
    Likes Received:
    562
    GPU:
    AMD 50th Ann 5700XT
    The whole thing reminds me of "net neutrality"--a complex, repressive solution in search of real and authentic problems that may or may not ever exist, but for a fact do not currently exist at all. We seem to be getting dumber these days.
     
  20. Rich_Guy

    Rich_Guy Ancient Guru

    Messages:
    13,138
    Likes Received:
    1,091
    GPU:
    MSI 2070S X-Trio

Share This Page