Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Well I had an automatic Windows Update overnight on this Ryzen based desktop. It is the patch that has been mentioned several times in this thread -
KB4056892

I have not benchmarked my SSD recently, but I always used to get ~1000 or close to it in AS SSD benchmark. Today I only get ~730 in that same benchmark. This is the same SSD (OCZ Vertex 460A that was part of the Guru3D 2 year SSD test group), same OS, less then 60% full etc...

 

Just found .17 is the fix

info here :- https://www.wilderssecurity.com/threads/bork-tuesday-any-problems-yet.370217/page-147#post-2728947

Can also check here, on which ones are compatible

https://docs.google.com/spreadsheet...iuirADzf3cL42FQ/htmlview?usp=sharing&sle=true (constantly being updated)

Provided by :- https://twitter.com/GossiTheDog

Will get the fix whacked on tomorrow, and it is the KB4056897

 

Seems Ryzen setups are hit harder than Intel ones, you're not the only one.

Fix for especially Intel flaw gimps AMD performance. Great, just great. Thanks a f-in million!

Based on Hilbert's tests Intel setups are almost unaffected.

 

After going thru many other forums and asking some of my friends with Ryzen systems to do performance test on their SSDs and we all came down with the same conclusion , Ryzen systems seems to have taken a bigger hit on performance than Intel. You just confirmed the same thing , dude , this degradation in performance sucks big time for us AM4 Ryzen users.

 

Wikipedia article on Meltdown is an interesting read. Includes the precise mechanism and why the exploit works:

https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)

 

WU doesn't push the update yet for me and for some reason I can't access it via WU catalog either (probably some connection error).

Just as well...

 

List of affected Intel Products: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

Affected products:



For non-Intel based systems please contact your system manufacturer or microprocessor vendor (AMD, ARM, Qualcomm, etc.) for updates.

The following Intel-based platforms are impacted by this issue. Intel may modify this list at a later time. Please check with your system vendor or equipment manufacturer for more information regarding updates for your system.

• Intel® Core™ i3 processor (45nm and 32nm)
• Intel® Core™ i5 processor (45nm and 32nm)
• Intel® Core™ i7 processor (45nm and 32nm)
• Intel® Core™ M processor family (45nm and 32nm)
• 2nd generation Intel® Core™ processors
• 3rd generation Intel® Core™ processors
• 4th generation Intel® Core™ processors
• 5th generation Intel® Core™ processors
• 6th generation Intel® Core™ processors
• 7th generation Intel® Core™ processors
• 8th generation Intel® Core™ processors
• Intel® Core™ X-series Processor Family for Intel® X99 platforms
• Intel® Core™ X-series Processor Family for Intel® X299 platforms
• Intel® Xeon® processor 3400 series
• Intel® Xeon® processor 3600 series
• Intel® Xeon® processor 5500 series
• Intel® Xeon® processor 5600 series
• Intel® Xeon® processor 6500 series
• Intel® Xeon® processor 7500 series
• Intel® Xeon® Processor E3 Family
• Intel® Xeon® Processor E3 v2 Family
• Intel® Xeon® Processor E3 v3 Family
• Intel® Xeon® Processor E3 v4 Family
• Intel® Xeon® Processor E3 v5 Family
• Intel® Xeon® Processor E3 v6 Family
• Intel® Xeon® Processor E5 Family
• Intel® Xeon® Processor E5 v2 Family
• Intel® Xeon® Processor E5 v3 Family
• Intel® Xeon® Processor E5 v4 Family
• Intel® Xeon® Processor E7 Family
• Intel® Xeon® Processor E7 v2 Family
• Intel® Xeon® Processor E7 v3 Family
• Intel® Xeon® Processor E7 v4 Family
• Intel® Xeon® Processor Scalable Family
• Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
• Intel® Atom™ Processor C Series
• Intel® Atom™ Processor E Series
• Intel® Atom™ Processor A Series
• Intel® Atom™ Processor x3 Series
• Intel® Atom™ Processor Z Series
• Intel® Celeron® Processor J Series
• Intel® Celeron® Processor N Series
• Intel® Pentium® Processor J Series
• Intel® Pentium® Processor N Series

 

My guess is that M$oft didn't bother to exclude AMD from the "fix", similar to how the initial Linux patch didn't exclude AMD yesterday.

 

So basically the entire Core i lineup as suspected.

"Intel may modify this list at a later time."

Yes of course! Because "fixed". Lolz!

(sorry, I'm at this mood now... grrr!)

 

Yes , the entire Core line up +

 

From Linus Torvalds (creator of Linux OS):

Subject Re: Avoid speculative indirect calls in kernel

On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <andi@firstfloor.org> wrote:
> This is a fix for Variant 2 in
> https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
>
> Any speculative indirect calls in the kernel can be tricked
> to execute any kernel code, which may allow side channel
> attacks that can leak arbitrary kernel data.

Why is this all done without any configuration options?

A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you crap
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

- Intel never intends to fix anything

OR

- these workarounds should have a way to disable them.

Which of the two is it?

Linus.

https://lkml.org/lkml/2018/1/3/797

 

thats pretty dirty, considering the linux kernel has already accepted a patch to exclude amd processors from the meltdown workaround, I hope microsoft revises the patches soon, if they don`t i guess its just one more reason to ditch windows altogether, we`re getting pretty darn close to the point where you can actually do that without sacrificing anything.

 

The bound-check violation works like a charm on Intel, AMD, ARM (from v7 and beyond) and probably many other CPUs architectures(SPARC and PowerPC anyone?). The branch injection actually still not runned on AMD CPUs due different implementations.
I still consider more dangerous Metldown which gives access to kernel memory then Spectre that "unbox" a single application address area.

 

nevermind.

 

On my Win764 machine, windows update was not giving me latest KB4056894. I read somewhere that installing Microsoft security essentials for win7 may help. Installed Microsoft security essentials, uninstalled Malwarebytes anti-malware (it was updated to "Database Update 1.0.3624" as it says here >>> https://forums.malwarebytes.com/topic/217734-meltdown-mitigation/?tab=comments#comment-1196773 ), HitmanPro, Spywareblaster and WinPatrol.
And finaly KB4056894 showed up. I checked QualityCompat key on regedit and it was there. (previously it was not there) . Hope this helps some of you.

Edit: Forgot to add... I was told not to manualy install patches. So i have to revert them and let windows update install them.
https://www.reddit.com/r/intel/comments/7o5hbi/psa_windows_update_doesnt_automatically_activate/
https://support.microsoft.com/en-us...ive-execution-side-channel-vulnerabilities-in

Script that checks for vulnrability from spectre and meldown >>> https://github.com/ionescu007/SpecuCheck
https://github.com/ionescu007/SpecuCheck/releases

 

Well its in, and she booted, so thats a good sign

Going to whack a game on now, see if owt happens

EDIT:

Well nowt happened, no issues.

 

So x79(4930k) is safe for now?

 

Julio u cant read? Few posts above....

 

@Sergio My bad if this is a dumb question, but the screenshots you applied is that what it should look like if the "Update" from Windows has been correctly applied?

 

Your processor is on the list of affected processors..... You need to install the security patch and BIOS/UEFI update as soon as they become available.