Kernel Page-Table Isolation (KPTI) - severe ARM + Intel CPU bug, hits partly AMD

kernel
intel
security
kpti
kaiser

#1

20th Dec.

26th Dec.
https://lkml.org/lkml/2017/12/27/2

29th Dec.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf

2nd Jan. (german)


[SOLVED] x86 cpu_insecure vulnerabily
Did the Intel microcode update 20180108 fix Spectre?
[Stable Update] 2018-01-05 - Kernels, KPTI, Plasma, Calamares, TLP
Les failles Meltdown et Spectre sur Manjaro
[Testing Update] 2018-01-04 - Kernels, XFCE-Settings, Gimp Development Edition
[Stable Update x32] 2018-01-13 - Kernels, Intel microcode
[Testing Update] 2018-01-03 - Kernels, Plasma, TLP, Calamares, Update-Notifier
[Testing Update] 2018-01-03 - Kernels, Plasma, TLP, Calamares, Update-Notifier
What does the Intel microcode update do?
[Testing Update] 2018-08-18 - Kernels, Adapta, Clipit, Python
[Testing Update] 2018-08-17 - Pamac, Glibc, x264, Xorg-Server, Mesa
[Testing Update] 2018-08-16 - Kernels (L1TF), Firefox, Mate, Virtualbox
[Testing Update] 2018-08-15 - Linux 4.19, LibGLVND, Python, Haskell
[Testing Update] 2018-08-14 - Mesa 18.1.6, JDK8, Adapta-Themes, Video-ATI
[Testing Update] 2018-08-13 - Kernel 4.18, Grub-Themes, Deepin, Kscreenlocker, Systemd
[Testing Update] 2018-08-12 - Deepin, BinUtils, GlibC, Flameshot, linux418-extramodules
[Testing Update] 2018-08-11 - Firefox, Thunderbird, GlibC, Thunar, Linux418
[Testing Update] 2018-08-10 - Kernels, Thunderbird, Firefox, MSM, DBUS, Deepin, Gpodder
[Testing Update] 2018-08-09 - Kernels, Python 3.7, Perl 5.28, LibreOffice, Nvidia, Xorg-Server, Deepin
[Unstable Update] 2018-08-06 - Kernels, Python 3.7, Perl 5.28, LibreOffice
[Stable Update] 2018-08-06 - Kernels, Plasma, Jade, Deepin, Firefox, Haskell
[Testing Update] 2018-08-03 - Kernels, Jade, Adapta, Haskell
[Testing Update] 2018-08-01 - Kernels, Deepin, Firefox, Python
[Testing Update] 2018-07-30 - Kernels, Mesa, Firefox-Dev, Haskell
[Testing Update] 2018-07-27 - Pacman, Adapta-Themes, Deepin, XFCE, Wine, Firmware
[Testing Update] 2018-07-26 - Kernels, Firefox, NetworkManager, Deepin, PulseAudio
[Stable Update] 2018-07-24 - Kernels, Pacman-Mirrors, Vulkan, Nvidia
[Testing Update] 2018-07-23 - Kernels, Nvidia, Vulkan, Pacman-Mirrors
[Stable Update] 2018-07-22 - Kernels, KDE, Gnome, Deepin, Mesa, Browsers, PHP
[Testing Update] 2018-07-21 - Browsers, Pamac-Cli, Deepin, Gnome, LVM2, PHP
[Unstable Update] 2018-07-20 - Palemoon, Deepin, PHP, Nvidia
[Testing Update] 2018-07-19 - Kernels, Themes, DEs, VirtualBox, Haskell
[Unstable Update] 2018-07-18 - Kernels, Themes, KDE, Deepin, Virtualbox, Haskell
[Unstable Update] 2018-07-17 - Kernels, Themes, KDE, Deepin
[Testing Update] 2018-07-17 - PulseAudio, KDE Frameworks, Gnome, Haskell
[Testing Update] 2018-07-16 - PulseAudio, KDE Frameworks, Themes, Settings, Haskell
[Testing Update] 2018-07-14 - Kernels, KDE (Plasma, Apps), Firefox, Thunderbird, Mesa, Haskell
[Stable Update] 2018-07-13 - Kernels, Firefox, Octopi, Adapta, Haskell, Python
[Testing Update] 2018-07-09 - Kernels, Firefox, Octopi, Adapta, Haskell, Python
[Stable Update] 2018-07-06 - Kernels, Firefox, VirtualBox, Python, Haskell
[Testing Update] 2018-07-05 - Cinnamon, Python, Haskell
[Testing Update] 2018-07-04 - Kernels, Firefox, VirtualBox, NetworkManager
[Stable Update] 2018-07-01 - Kernels, KDE, LibreOffice, Browsers, Mesa, Systemd, Deepin
[Testing Update] 2018-06-30 - Manjaro-Tools, Firefox, Pacman-Mirrors, Mesa
[Testing Update] 2018-06-29 - Linux v4.18-rc2, Pamac, Manjaro-Tools-Git, Haskell, Python
[Testing Update] 2018-06-28 - Pacman-Mirrors, Haskell, Python
[Testing Update] 2018-06-27 - Kernels, Plasma 5.13.2, LibreOffice, Firefox, Haskell, Python
[Testing Update] 2018-06-25 - Mesa, Openbox, QT, Gitlab, Timeshift, PacUI
[Testing Update] 2018-06-24 - PHP, Manjaro-Tools, CAL, Python, Haskell
[Testing Update] 2018-06-22 - Systemd v239, Pacman-Mirrors, Adapta, Firefox, Rebuilds
[Testing Update] 2018-06-21 - Kernels, KDE, QT 5.11.1, Breath Theme
[Testing Update] 2018-06-20 - KDE Plasma, Firefox, Python, Haskell
[Testing Update] 2018-06-19 - Realtime Kernel, FFMpeg, Haskell, Python
[Testing Update] 2018-06-18 - Kernels, Mesa, Texlive, XFCE
[Testing Update] 2018-06-16 - Kernels, KDE Plasma, Firefox, Haskell, Python
[Testing Update] 2018-06-13 - Kernels, Nvidia, Deepin, Browsers, KDE Framework
[Stable Update] 2018-06-10 - Kernels, KDE Apps, LibreOffice, Firefox, GCC, Gambas, Deepin
[Testing Update] 2018-06-09 - Kernels, KDE Apps, LibreOffice, Firefox, GCC, Gambas, Deepin
[Stable Update] 2018-06-07 - Kernels, Systemd, Pamac, Octopi, Rebuilds
[Testing Update] 2018-06-03 - Linux417, Systemd, Pamac
[Stable Update] 2018-06-01 - Kernels, Pamac, Pacman 5.1, QT 5.11, Deepin, Browsers
[Testing Update] 2018-05-31 - Kernels, Pacman, Deepin
[Testing Update] 2018-05-30 - Deepin, Kernels, Pacman 5.1, Pamac, Firefox, QT 5.11
[Stable Update] 2018-05-26 - Kernels, Nvidia, Xorg-Server, Mesa, Browsers, Deepin, Calamares, Pamac
[Unstable Update] 2018-05-25 - Kernels, QT5, Xorg-Server, Mesa
[Stable Update] 2018-05-17 - GCC8, Gimp, KDE, Gnome, Deepin, Firefox
[Testing Update] 2018-05-13 - FFMPEG v4.0, ZFS v0.7.9, Gamemode, Usual Updates
[Testing Update] 2018-05-12 - Muffin, Virtualbox, Firefox Development, Deepin
[Testing Update] 2018-05-11 - Kernels, GCC8, Gnome 3.28.2, Cinnamon, KDE Apps 18.04.1, LibreOffice
[Unstable Update] 2018-05-07 - GCC8, Cinnamon, Gnome, Haskell, Python
[Stable Update] 2018-05-07 - Kernels, Mesa, Glibc, PHP, Nvidia, Plasma5, Firefox
[Testing Update] 2018-05-06 - Pamac, Jade, Linux v4.17
[Testing Update] 2018-05-05 - RT-Kernels, Nvidia 390xx, Firefox Dev, MHWD
[Unstable Update] 2018-05-04 - Nvidia-390xx, MHWD, Firefox v61-b1
[Testing Update] 2018-05-03 - Kernels, Mesa v18.0.2, Nvidia v396.24
[Unstable Update] 2018-04-25 - Kernels, PAM, GLIBC, GCC, PHP, Firefox, Gnome-Settings
[Testing Update] 2018-05-02 - KDE Plasma v5.12.5, QEmu
[Testing Update] 2018-05-01 - BFQ Scheduler (v4.16, v4.17), Vulkan, Hyper
[Testing Update] 2018-04-30 - Kernels, Trizen, Compiz
[Testing Update] 2018-04-29 - Kernels, Nvidia, MS-Office-Online, Glibc, Firefox, Vertex
[Stable Update] 2018-04-28 - Kernels, Cinnamon, Browsers, Mesa, KDE Apps, KDE Framework, Virtualbox
[Testing Update] 2018-04-24 - Linux417, Cinnamon, i3, Python
[Testing Update] 2018-04-23 - Cinnamon, XFCE, Adapta Theme
[Testing Update] 2018-04-22 - KDE Apps, Octopi, Linux v4.17, Manjaro Tools
[Testing Update] 2018-04-21 - Kernels, KDE Framework, Mesa, Virtualbox, Browsers, Deepin
[Stable Update] 2018-04-14 - Kernels, Gnome v3.28.1, Libreoffice, Browsers, Mesa, Deepin, Mate
[Testing Update] 2018-04-13 - Kernels, Gnome v3.28.1, Deepin, Haskell, Python
[Testing Update] 2018-04-12 - ALSA, Gnome v3.28.1, Deepin, Python
[Testing Update] 2018-04-11 - ZFS, Firefox, Gnome v3.28.1, Haskell, Python
[Testing Update] 2018-04-10 - Systemd, Gnome v3.28.1, Python, Perl, Haskell
[Testing Update] 2018-04-09 - Kernels, Gnome v3.28.1, Illyria KDE, Haskell, Python
[Testing Update] 2018-04-08 - LibreOffice, Calamares, Inxi, Illyria Alpha 2
[Testing Update] 2018-04-07 - Kernel v4.17-rc0, Python, QCA
[Testing Update] 2018-04-06 - Linux v4.17, Browsers, Mesa, LibreOffice, Upstream fixes
[Testing Update] 2018-04-02 - Kernels, Gnome, Mesa, Pamac, Browsers, GStreamer, LibreOffice, PHP
[Stable Update] 2018-04-02 - Kernels, ZFS, Pamac, Udisks2
[Unstable Update] 2018-03-31 - Kernels, Gnome, Mesa, Pamac, Browsers, GStreamer, LibreOffice, PHP
[Testing Update] 2018-03-31 - Kernels, UDisks2, spl/zfs, Pamac
[Stable Update] 2018-03-27 - Kernels, Krita, Grub, Deepin, Pamac, Pacman-Mirrors, Firefox
[Testing Update] 2018-01-04 - Kernels, XFCE-Settings, Gimp Development Edition
[Testing Update x32] 2018-01-04 - Kernels, Desktop settings, TLP
[SOLVED]Strange problem! cpu_insecure bug appeared after update!Trying to get rid of it?
[Testing Update] 2018-01-06 - Browsers, Nvidia, PHP, Compiz, Repo-Cleanup
[Stable Update x32] 2018-01-06 - Kernels, keyring, TLP, Desktop settings
How to know if my Kernel version contains mitigation of "Intel Meltdown vulnerability"
[Stable Update] 2018-01-07 - Browsers, Nvidia, PHP, Compiz, Adapta
[Unstable Update] 2018-01-07 - Boost Rebuild, GCC
[Testing Update] 2018-01-08 - GCC, Nvidia, AMD, Python, Haskell, Clean-Up
[Stable Update x32] 2018-01-09 - Kernels, many (many) upstream packages updated
[Testing Update] 2018-01-09 - Linux316, Nvidia, GCC, Octopi, Firefox
[Testing Update] 2018-01-11 - Kernels, Systemd, Mesa, Intel Microcode
[Stable Update] 2018-01-12 - Kernels, Microcodes, Nvidia, Firefox, Boost, Cleanup
[Stable Update] 2018-01-12 - Kernels, Microcodes, Nvidia, Firefox, Boost, Cleanup
[Testing Update] 2018-01-13 - Architect, Snap, Mesa, Wine, KDE Apps
[Testing Update] 2018-01-14 - Adapta & Grub Live themes, WebDAD, LibCDIO rebuild
[Testing Update] 2018-01-15 - Vertex, Systemd, Haskell, Python, Linux v4.15
How to avoid installing the Intel Spectre patch?
Spectre & Meltdown Checker: a useful utility for check your cpu's vulnerability
[Stable Update x32] 2018-01-17 - KDE, GCC, Flash, Deepin, lots of other stuff too
[Testing Update] 2018-01-18 - Kernels, Systemd, Pamac, KDE FW, Haskell, Python
[Stable Update] 2018-01-19 - Kernels, KDE Apps & Framework, Browsers, Virtualbox, Systemd, Mesa
[Stable Update] 2018-01-19 - Kernels, KDE Apps & Framework, Browsers, Virtualbox, Systemd, Mesa
[Testing Update] 2018-01-21 - Extramodules, Nvidia, Wine, Haskell, Python
[Stable Update x32] 2018-01-21 - Kernels and extramodules, printer drivers, Palemoon
[Stable Update] 2018-01-26 - Extramodules, Nvidia, Wine, Haskell, Python
[Testing Update] 2018-01-26 - Kernels, Firefox, XFCE-Settings, GCC, Mesa, Haskell
[Testing Update] 2018-01-27 - Adapta, Firefox-Dev, Firmwares, Haskell
[Testing Update] 2018-01-28 - Real-Time Kernels, Linux415-Extra-Modules, Steam, Python, Haskell
[Stable Update] 2018-01-29 - Kernels, Mesa, Xorg-Server, Browsers, MSM, MHWD, GCC
4.15.0-1-MANJARO installed and SPECTRE still NOT SOLVED
[Testing Update] 2018-01-31 - Kernels, Browsers, Python, Haskell
Spectre and Meltdown
[Testing Update] 2018-02-02 - VLC Nightly, Architect, PHP7, Themes
[Stable Update] 2018-02-03 - Kernels, LibreOffice, Browsers, Thunderbird, PHP, Haskell
[Testing Update] 2018-02-08 - Kernels, Browsers, Plasma, GCC, Nvidia, Systemd
[Testing Update] 2018-02-09 - KDE Apps, LibreOffice, Fixed WLAN issues of v4.15
[Unstable Update] 2018-02-11 - LibreOffice, Mate, Systemd, Firefox
[Testing Update] 2018-02-13 - Kernels, LibreOffice, Systemd, Firefox Dev
[Testing Update] 2018-02-15 - Kernels, Firefox Dev, Bluez, Haskell, Python
[Testing Update] 2018-02-14 - Kernels, Plasma, KDE Framework, Themes
Linux 4.10, linux4.11, linux4.12 unsupported?
[Unstable Update] 2018-02-17 - QT 5.10.1, Firefox, Deepin, Haskell, Python
[Stable Update] 2018-02-17 - Kernels, KDE, MATE, Firefox, LibreOffice, Mesa, Systemd
[Stable Update] 2018-02-20 - Kernels, Mesa, KDE fixes, Driver fixes
[Testing Update] 2018-02-21 - Plasma, QT5, Kernel v4.16, Mesa, LibDRM, Haskell, Python
[Testing Update] 2018-02-22 - MHWD, NVIDIA, Hybrid Graphic Setup
[Testing Update] 2018-02-23 - Kernels, Systemd, Haskell, Python
[Stable Update] 2018-02-25 - Kernels, Plasma, Mesa, Systemd, QT5, Browsers
CPU vulnerability & Spectre - what about Meltdown?
[Testing Update] 2018-02-28 - Kernels, Mesa, Browser, Haskell, Python
[Testing Update] 2018-03-01 - Kernels, User-Guide, Haskell & Python
[Testing Update] 2018-03-02 - VirtualBox, XFCE, Firefox, Java, Haskell, Python
[Testing Update] 2018-03-04 - Browsers, Manjaro-ISO-Settings, QT5, Haskell, Python
[Testing Update] 2018-03-05 - Kernels, Grub, XFCE with Compiz, LibreOffice
[Stable Update] 2018-09-13 - Kernels, KDE Framework, SPL/ZFS, Octopi
[Unstable Update] 2018-03-06 - Plasma5, Systemd, Dbus, Browsers, Haskell, Python
[Stable Update] 2018-03-07 - Kernels, LibreOffice, XFCE-Compiz, Haskell, Python
[Testing Update] 2018-03-10 - Kernels, Systemd, KDE Apps & Plasma, Vulkan, Browsers
[Testing Update] 2018-03-11 - Haskell, Foomatic-DB, Vulkan, Rebuilds
[Stable Update] 2018-03-14 - Kernels, Browsers, KDE, Vulkan, Python, Haskell
[Testing Update] 2018-03-16 - Kernels, Deepin, Firefox, Haskell, Python
[Testing Update] 2018-03-17 - Systemd, Firefox, Deepin
[Stable Update] 2018-03-18 - Kernels, Xorg-Stack, Systemd, KDE Frameworks, Firefox, Nvidia, Deepin
[Testing Update] 2018-03-20 - Firefox, Kernel rt , Hplip
[Testing Update] 2018-03-21 - Kernels, Firefox, GCC, VIM, Python, Haskell
[Testing Update] 2018-03-22 - Kernels, Mesa, Pamac, MSM, Python, Haskell
[Stable Update] 2018-03-23 - Kernels, Mesa, Browsers, Deepin, Python, Haskell
[Testing Update] 2018-03-23 - Kernels, Krita v4.0, F2FS support for Grub, Systemd, Deepin
[Testing Update] 2018-03-24 - Pamac, Pacman-Mirrors, Grub, Firefox, Thunderbird
[Unstable Update] 2018-03-25 - Gnome 3.28
[Stable Update] 2018-03-05 - Kernels, Browser, VirtualBox, QT5, Haskell, Python
[Testing Update] 2018-09-11 - Kernels, KDE Framework, SPL/ZFS
[Unstable Update] 2018-09-09 - KDE Framework 5.50
[Stable Update] 2018-09-09 - Kernels, KDE Plasma & Apps, Browsers, Mesa, Deepin, AMDVLK
[Testing Update] 2018-09-08 - Mesa, Firefox-Dev, Ghostscript
[Testing Update] 2018-09-06 - KDE Apps, Deepin, XFCE4-GTK3, Manjaro-Tools, Firefox-Dev
[Testing Update] 2018-09-05 - Kernels, Browsers, GCC, Plasma5, Texlive, VLC
[Stable Update] 2018-09-02 - Deepin, Pamac, Linux419, Firefox-Dev, Upower
[Testing Update] 2018-09-02 - Deepin, Upower, Python
[Testing Update] 2018-09-01 - Deepin, Pamac, linux419, firefox-dev
[Stable Update] 2018-08-31 - Kernels, Mesa, Qemu, Nvidia, Firefox, Python, Haskell
[Testing Update] 2018-08-30 - Kernels, Pamac, Nvidia, Haskell
[Testing Update] 2018-08-29 - Pamac, Firefox, XFCE-GTK3, Linux-RT, Haskell
[Testing Update] 2018-08-28 - Kernel v4.19-rc1, Adapta, Haskell
[Testing Update] 2018-08-26 - Kernels, Firefox, Systemd, AMD-Ucode, Mesa
[Stable Update] 2018-08-25 - Kernels, KDE Apps & Framework, Flatpak 1.0, Nvidia, Cleanup
[Testing Update] 2018-08-24 - Gimp 2.10.6, Jade Desktop 0.6.6, QT4 cleanup
[Testing Update] 2018-08-24 - Lutris, lib32, kde4-drop
[Testing Update] 2018-08-23 - Kernels, Nvidia, LibSSH
[Testing Update] 2018-08-22 - EOL kernel cleanup, Linux419, Nvidia, Firefox, Haskell, Python
[Testing Update] 2018-08-21 - Linux419, Flatpak 1.0, Adapta, LibreOffice
[Testing Update] 2018-08-19 - KDE Apps, KDE Framework, Pamac, VLC, Python
[Stable Update] 2018-08-18 - Kernels, Xorg-Server, Mesa, Deepin, MATE, Perl, Python
#2

(moved from #off-topic to #general-discussion as this is kernel-related so definitely on-topic for Manjaro)


#3

Trivia: it doesn’t affect AMD


#4

Seems for me (as ordinary person) backported to Kernel 4.14.11:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/diff/?id=v4.14.11&id2=v4.14.10&dt=2

  • arch/x86/include/asm/pti.h
  • arch/x86/mm/pti.c
  • include/linux/pti.h

@mirh

I would wait with the party since all cards are on the table!

And how much is the performance loose on Intel CPUs for every specific task…


#5

I’m kinda on the sure side AMD engineers would know their babies…


#6

13 posts were split to a new topic: Kernel Page-Table thread cleaning


#7

We will enable this “feature” for v4.14.11 and see how Intel works. This won’t affect our AMD CPUs, as we already included the fix by AMD into our kernel.


#8

Please look again in the “ComputerBase” article, it got a update today and will get at least one more tomorrow.

loose translation

The stable Linux kernel 4.14.11 released last night (download) contains for the first time the complete PTI implementation (as well as Linux 4.15-rc6). Whether support for PTI is built into the running kernel reveals the execution of the

zgrep CONFIG_PAGE_TABLE_ISOLATION /proc/config.gz

command. If the output is

CONFIG_PAGE_TABLE_ISOLATION = y

then the running kernel will support PTI, otherwise it will not. Whether PTI support is not only available but actually used is indicated by the command

dmesg | grep isolation

If the output is

Kernel / User page tables isolation: enabled

then PTI is active, otherwise not.

Linux 4.14.11 still lacks the patch from the AMD developer that disables PTI on AMD CPUs by default. In Linux 4.14.11 PTI is therefore unnecessarily active on AMD CPUs. You can either manually deactivate PTI using the kernel parameter

pti = off

or wait a few days for Linux 4.14.12 - this will contain the patch from the AMD developer.

In short-run own benchmarks ComputerBase was on a notebook with Intel Core i7-4600U in spontaneously running simple benchmarks of the Phoronix Test Suite no beyond the measurement inaccuracy performance determined (tested were pts / blake2, pts / build-linux-kernel, pts / openssl , pts / phpbench, pts / pybench and pts / sqlite). In the tweet mentioned in this news benchmark “time du -s -x /” (So the totaling of the size of all files on the main file system) but we could also notice a significant performance dip: Without PTI, the command delivered in 0.64 seconds Result, with PTI only after 0.82 seconds, which corresponds to a performance penalty of 28%. However, this “benchmark” is to be described as a worst-case, because it consists almost only consists of performing in a loop for each file the “stat” -Syscall.

The widely used PostgreSQL database is running at around 7 percent slower with a PTI benchmark. Linus Torvalds described this performance loss in an answer as “in line with expectations” but of course highly dependent on the actual workload. Meanwhile, there are further PTI benchmarks on Phoronix, which indicate dramatic factor 2 and higher slumps in synthetic file system benchmarks on NVMe SSDs, significant differences in the lower two-digit percentage range for PostgreSQL and Redis databases, and no measurable differences in Encoding benchmarks like FFmpeg and x264 as well as kernel compilation.

ComputerBase gaming-savvy readers will be pleased to note that there is no measurable performance degradation in Phoronix’s game benchmarks, so gamers can probably lean back and relax, at least assuming that the results of the Linux benchmarks are transferable to Windows you should go out first. As it currently looks like at best the charging times could be negatively influenced by PTI.

Details of the vulnerability are expected to be released tomorrow, January 4, 2018.


[Stable Update x32] 2018-01-06 - Kernels, keyring, TLP, Desktop settings
#12

Phoronix did some tests and benchmarks on PTI

Initial Benchmarks Of The Performance Impact Resulting From Linux’s x86 Security Changes

Linux Gaming Performance Doesn’t Appear Affected By The x86 PTI Work


#13

I would like to measure this myself on my machines. Is there a suitable benchmark that measures “overall performance” of a system (not graphics performance).


#14

Apparently this was tested with Intel/AMD (Vega 64, which uses it’s own independent scheduler).
But Nvidia uses cpu scheduling for draw calls, and this relies on kernel level access. So it’ll be interesting to see an Intel/Nvidia benchmark with PTI.


#15

It’s quite a serious bug.

@philm, does nvidia module compile nicely against kernel 4.14.11?
I’ve read on Phoronix that it makes problems with the new implementation.

You would have to run a battery of tests. I/O, raw CPU performance, graphics and interaction of these three. Have a look at what Phoronix uses for their (synthetic) benchmarks.

Regarding the AMD patch, the only thing it does is to enable CPU_INSECURE for every processor that is not VENDOR_AMD, because apparently AMD are not affected, the microarchitecture uses a different model than Intel.


#16

As a reference point, I compiled 387.34 and it appears to be working fine with 4.14.11.


Regarding performance, you will always get “lower” performance when security features are enabled. For example, compiling Python without -fstack-protector-strong -fno-plt (IIRC) will speed it up by 1-2%.

It’s up to you and, in the case of Linux distros, the maintainers, whether that trade-off is worth it. For example, Ubuntu went for the performance boost, Arch for the extra security.


#17

I’ve cleaned the thread a little; I think there was a bit of miscommunication which went off in the wrong direction.


#18

linux414 v4.14.11-1 is already patched to enable PTI on Intel hardware. You can enable it also on AMD hardware via pti=on. It is recommended to keep it on for Intel. If you must, you can disable it via nopti or pti=off. On some hardware you may loose up to 30% - 50% performance. Games however shouldn’t be affected. To follow all the news about this you can go to our Twitter account. There is also plans to update linux44 and linux49. An updated linux415 will follow also.


#19

Update from AMD:

https://www.amd.com/en/corporate/speculative-execution

Summary table:

Google Project Zero (GPZ) Research Title Details
Variant One Bounds Check Bypass Resolved by software / OS updates to be made available by system vendors and manufacturers. Negligible performance impact expected.
Variant Two Branch Target Injection Differences in AMD architecture mean there is a near zero risk of exploitation of this variant. Vulnerability to Variant 2 has not been demonstrated on AMD processors to date.
Variant Three Rogue Data Cache Load Zero AMD vulnerability due to AMD architecture differences.

So much for Intel’s earlier “suggestion” that the issues were across all CPUs. Hmph.

For more information (and some pretty logos):

https://meltdownattack.com/


#20

#21

We have patched Manjaro within the following kernel releases:

  • linux415: v4.15.r180104.g00a5ae2-1
  • linux414: v4.14.11-1
  • linux49: v4.9.74-2
  • linux44: v4.4.109-2

#22

Has there been any indication of which processors are affected?

I’ve seen things like “any Intel built in the last decade” or similar, but haven’t seen any specifics.

I ask because my CPU falls just outside “the last decade” and if I don’t have to take a 5 - 50% performance hit I’d rather not.


#23

@Orajnam: If you have an Intel CPU within the Pentium generation or later you’re affected. Also some ARM CPUs are affected. AMD however, uses a modern approach and didn’t copy Intel specifications by the letter. Bryan Lunduke explains it in an understandable manner, if you still have some doubts.