Navigation

Language Selection

Search

Major Linux redesign in the works to deal with Intel security flaw

Submitted by Roy Schestowitz on Wednesday 3rd of January 2018 10:59:57 PM Filed under

Long ago, Intel made a design mistake in its 64-bit chips -- and now, all Intel-based operating systems and their users must pay the price.

Linux's developers saw this coming early on and patched Linux to deal with it. That's the good news. The bad news is it will cause at least a 5-percent performance drop. Applications may see far more serious performance hits. The popular PostgreSQL database is estimated to see at least a 17-percent slowdown.

How bad will it really be? I asked Linux's creator Linus Torvalds, who said: "There's no one number. It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation."

Login or register to post comments
Printer-friendly version
6177 reads
PDF version

Google and Red Hat

Submitted by Roy Schestowitz on Thursday 4th of January 2018 06:47:16 AM.

Red Hat Says Security Updates for Meltdown & Spectre Bugs May Affect Performance

Red Hat's John Terrill informs Softpedia today that Red Hat is aware of the two hardware bugs (Meltdown and Spectre) affecting most modern microprocessors and they're working on security updates to mitigate them on their supported operating systems.

The Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) were publicly disclosed earlier today as critical hardware flaws affecting modern microprocessors made in the last two decades. These can be exploited by an unprivileged attacker to bypass hardware restrictions through three unique attack paths and gain read access to privileged memory.

Red Hat Product Security provided us with several resources to better understand the impact of these hardware bugs on any of their supported Linux-based operating systems from an open source technology perspective. They said that Intel, AMD, POWER 8, POWER 9, IBM System z, and ARM chips are affected by the newly discovered vulnerabilities.
Google Makes Disclosure About The CPU Vulnerability Affecting Intel / AMD / ARM

We're finally getting actual technical details on the CPU vulnerability leading to the recent race around (K)PTI that when corrected may lead to slower performance in certain situations. Google has revealed they uncovered the issue last year and have now provided some technical bits.

Google says their Project Zero team last year discovered serious flaws in speculative execution that could lead to reading system memory where it shouldn't be authorized. Google was also able to demonstrate an attack where one VM could access the physical memory of the host machine and in turn read memory of other VMs on the same host.

Patched

Submitted by Roy Schestowitz on Thursday 4th of January 2018 09:37:29 AM.

Linux Kernels 4.14.11, 4.9.74, 4.4.109, 3.16.52, and 3.2.97 Patch Meltdown Flaw

Linux kernel maintainers Greg Kroah-Hartman and Ben Hutchings have released new versions of the Linux 4.14, 4.9, 4.4, 3.16, 3.18, and 3.12 LTS (Long Term Support) kernel series that apparently patch one of the two critical security flaws affecting most modern processors.

The Linux 4.14.11, 4.9.74, 4.4.109, 3.16.52, 3.18.91, and 3.2.97 kernels are now available to download from the kernel.org website, and users are urged to update their GNU/Linux distributions to these new versions if they run any of those kernel series immediately. Why update? Because they apparently patch a critical vulnerability called Meltdown.
Howto patch Spectre Vulnerability CVE-2017-5753/CVE-2017-5715 on Linux
How to patch Meltdown CPU Vulnerability CVE-2017-5754 on Linux
Processor flaw exposes 20 years of devices to new attack

More in Tux Machines

Arm Launches Mbed Linux and Extends Pelion IoT Service

Politics and international relations may be fraught with acrimony these days, but the tech world seems a bit friendlier of late. Last week Microsoft joined the Open Invention Network and agreed to grant a royalty-free, unrestricted license of its 60,000-patent portfolio to other OIN members, thereby enabling Android and Linux device manufacturers to avoid exorbitant patent payments. This week, Arm and Intel kept up the happy talk by agreeing to a partnership involving IoT device provisioning. Arm’s recently announced Pelion IoT Platform will align with Intel’s Secure Device Onboard (SDO) provisioning technology to make it easier for IoT vendors and customers to onboard both x86 and Arm-based devices using a common Peleon platform. Arm also announced Pelion related partnerships with myDevices and Arduino (see farther below).

Programming: Version Control With Git, 5 Things Your Team Should Do to Make Pull Requests Less Painful and More GitHub Workflow Automation

How to Use Git Version Control System in Linux [Comprehensive Guide]

Version Control (revision control or source control) is a way of recording changes to a file or collection of files over time so that you can recall specific versions later. A version control system (or VCS in short) is a tool that records changes to files on a filesystem. There are many version control systems out there, but Git is currently the most popular and frequently used, especially for source code management. Version control can actually be used for nearly any type of file on a computer, not only source code.
5 Things Your Team Should Do to Make Pull Requests Less Painful

A user story is a short description of a unit of work that needs doing. It’s normally told from the perspective of the user, hence the name. The journey towards a good pull request starts with a well-written user story. It should be scoped to a single thing that a user can do in the system being built.
More GitHub workflow automation

The more you use computers, the more you see the potentials for automating everything. Who doesn't love that? By building Mergify those last months, we've decided it was time bring more automation to the development workflow.

today's howtos

Making better use of your Linux logs

Linux systems maintain quite a collection of log files, many of which you are probably rarely tempted to view. Some of these log files are quite valuable, though, and options for exploring them might be more interesting and varied than you imagine. Let's look at some system logs and get a handle on some of the ways in which log data might be easier to probe.
A look at fundamental Linux sed commands
How to Password Protect a File in Vim Editor
How To Determine Which System Manager Is Running On Linux System
Chrony – An Alternative NTP Client And Server For Unix-like Systems
Xrdp - Connect Ubuntu Linux Remote Desktop via RDP from Windows
Linux tcpdump Command Tutorial for Beginners (8 Examples)

Games: Cultist Simulator, Planetary Annihilation: TITANS, CrossOver 18, Updated Proton 3.16 Beta, Descenders, Bridge Constructor Portal, Train Valley 2, Sipho

Cultist Simulator has a free update out now along with The Dancer DLC

Developed Weather Factory, some of the same people responsible for Fallen London and Sunless Sea, have pushed out a good free update for Cultist Simulator along with the first DLC.
Planetary Annihilation: TITANS has a new public test build up with lots of improvements

For those not clued up, Planetary Annihilation: TITANS is now being run by a dedicated studio that are going to give it a new life with continued support and plenty of updates. The original Planetary Annihilation is no longer available to buy, with a permanent discount to upgrade to TITANS.
CodeWeavers CrossOver Linux 18 Released With DXVK/VKD3D Support

While CodeWeavers' developers have been busy with improvements to Wine and Valve's downstream "Proton" for allowing a great Windows-on-Linux gaming experience, they haven't parted ways with their core business and today they announced the availability of CrossOver 18.
Proton beta 3.16-2 is out for Valve's Steam Play system

Valve are continuing to polish the next version of Steam Play's Proton with an update to the beta channel.
Updated Proton 3.16 Beta For Steam Play Has DXVK 0.90, D3D11 Fixes

Valve in cooperation with CodeWeavers and other developers continues making rapid progress on Steam Play and their "Proton" downstream flavor of Wine. After re-basing to Wine 3.16 upstream a few days ago rather than the quickly-dated Wine 3.7, the second Proton 3.16 Beta is out this evening. This updated beta has switched over to the new DXVK 0.90 release with Stream Output support but keep in mind that requires the Vulkan driver on your system to support Vulkan's new transform feedback capability -- it's easy if using the NVIDIA Vulkan beta driver but otherwise for Intel ANV or Radeon RADV requires building patched versions of Mesa. DXVK 0.90 also brings various game fixes in its own right.
Looks like the downhill freeriding game 'Descenders' is going to get multiplayer and more tricks

Descenders, the rather good extreme downhill freeriding game from RageSquid looks to be getting some fun updates soon.
Bridge Constructor Portal now has a built-in level editor and Steam Workshop support

Bridge Constructor Portal, the rather amusing cross-over has been updated with a built-in level editor along with Steam Workshop support.
Train Valley 2 adds more official levels and introduces a new electricity game mechanic

The rather good Early Access puzzle game Train Valley 2 has just expanded with a rather big update with lots of new content. The developers said they weren't originally going to be adding in more official levels before the final release, however, given how active the community has been with creating their own content they decided to push this out early. This will also allow them to get more feedback on issues with it. These new levels include the brand new electricity game mechanic and resource, which mixes up the gameplay a little as it works differently. To produce it, you will need to constantly feed power plants for other buildings connected and so it does add a little bit of extra depth to the gameplay as well as present some interesting challenges.
The action-survival game 'Sipho' that has you grow your creature is going to Early Access in November

Developer All Parts Connected has now announced that their action-survival game Sipho is going to enter Early Access. on November 13th.

Latest News

Android Leftovers

Kernel: Keeping Control in the Hands of the User and KUnit

Keeping Control in the Hands of the User

Various efforts always are underway to implement Secure Boot and to add features that will allow vendors to lock users out of controlling their own systems. In that scenario, users would look helplessly on while their systems refused to boot any kernels but those controlled by the vendors. The vendors' motivation is clear—if they control the kernel, they can then stream media on that computer without risking copyright infringement by the user. If the vendor doesn't control the system, the user might always have some secret piece of software ready to catch and store any streamed media that could then be shared with others who would not pay the media company for the privilege. Recently, Chen Yu and other developers tried to submit patches to enhance Secure Boot so that when the user hibernated the system, the kernel itself would encrypt its running image. This would appear to be completely unnecessary, since as Pavel Machek pointed out, there is already uswsusp (userspace software suspend), which encrypts the running image before suspending the system. As Pavel said, the only difference was that uswusp ran in userspace and not kernel space.
Google Engineer Proposes KUnit As New Linux Kernel Unit Testing Framework

Google engineer Brendan Higgins sent out an experimental set of 31 patches today introducing KUnit as a new Linux kernel unit testing framework to help preserve and improve the quality of the kernel's code. KUnit is a unit testing framework designed for the Linux kernel and inspired by the well known JUnit as well as Googletest and other existing unit testing frameworks for designing unit tests and related functionality.

DragonFlyBSD Continues Squeezing More Performance Out Of AMD's Threadripper 2990WX

DragonFlyBSD 5.4 should be a really great release if you are a BSD user and have an AMD Threadripper 2 box, particularly the flagship Threadripper 2990WX 32-core / 64-thread processor. The project leader of this long ago fork from FreeBSD, Matthew Dillon, has been quite outspoken about the Threadripper 2990WX since he purchased one earlier this summer. This prolific BSD developer has been praising the performance out of the Threadripper 2990WX since he got the system working on the current DragonFlyBSD 5.3 development builds. Since getting DragonFlyBSD running on the Threadripper 2 hardware in August, he's routinely been making performance tuning optimizations to DragonFly's kernel to benefit the 2990WX given its NUMA design.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Tux Machines is proud to be hosted by

Support Tux Machines

Help Support TM
Wall of Appreciation

Linux Gizmos

Linux Today

LinuxSecurity.com Advisories

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

Linux.com

DW Latest Releases

Phoronix

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

DistroWatch

LWN

LXer

OpenSource.com

Active forum topics

​Major Linux redesign in the works to deal with Intel security flaw

Comment viewing options