Author Topic: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'  (Read 1631 times)

Offline VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5897
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« on: August 02, 2018, 08:46:34 pm »
Quote
Being able to look into the processor's future, the Spectre attack shows, can be dangerous. A Spectre v2 attack involves poisoning the CPU indirect branch predictor so that it speculatively executes code in a way that leaves traces in its cache revealing the contents of arbitrary memory – such as the kernel memory, which the code shouldn't be able to snoop on.

Quote
IBRS refers to Indirect Branch Restricted Speculation, one of three new hardware patches Intel is offering as CPU microcode updates, in addition to the mitigation created by Google called retpoline. You'll need this microcode from Chipzilla to fully mitigate Spectre on Intel CPUs, although, as detailed below, said microcode is unstable at the moment.

LINK: https://goo.gl/o5X6y9
« Last Edit: August 02, 2018, 08:53:01 pm by VinDSL »

Offline pin

  • Veteran
  • ****
  • Posts: 1838
  • Karma: 280
    • View Profile
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #1 on: August 02, 2018, 11:47:24 pm »
Hmm... :-\

I'm I missing something here??
-The Register...22 Jan 2018.

Offline zebedeeboss

  • Global Moderator
  • Hero
  • *****
  • Posts: 3233
  • Karma: 625
  • Life first... Peppermint a close 2nd :)
    • View Profile
  • Peppermint version(s): P10 / P9 Respin
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #2 on: August 02, 2018, 11:48:27 pm »
This is 6 months old ?
Be Kind Whenever Possible...   It is Always Possible - Dalai Lama

P10r x64 Desktop - AMD Threadripper 2950X - 64Gb RAM - NVIDIA RTX2080Ti 11Gb - 2 x 27" 4k

Offline pin

  • Veteran
  • ****
  • Posts: 1838
  • Karma: 280
    • View Profile
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #3 on: August 02, 2018, 11:51:33 pm »
Exactly  :-\
Thought all this had been discussed in https://forum.peppermintos.com/index.php/topic,6462.0.html

 :-\

And Linus using the F word(s) is not exactly new either  :D
« Last Edit: August 02, 2018, 11:54:38 pm by pin »

Offline VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5897
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #4 on: August 03, 2018, 03:34:02 am »
I'm trying to figure out WTF keeps blacklisting the Intel microcode module in modprobe.d, but not amd64.

Starting to feel a little like Linus...  ;D

Offline VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5897
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #5 on: August 03, 2018, 03:40:25 am »
Hmm... :-\

I'm I missing something here??

Exactly  :-\

Thought all this had been discussed in https://forum.peppermintos.com/index.php/topic,6462.0.html

Did I miss the mechanism in that discussion?  WTF   :-\

Offline VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5897
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #6 on: August 03, 2018, 03:48:55 am »
Example:

Code: [Select]
# The microcode module attempts to apply a microcode update when
# it autoloads.  This is not always safe, so we block it by default.
blacklist microcode

WTF is "we"?  :-\

Offline manyroads

  • Jr. Member
  • **
  • Posts: 31
  • Karma: 2
  • New Forum User
    • View Profile
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #7 on: August 03, 2018, 12:50:25 pm »
It is the "royal" we... I am quite certain. :D

Offline pin

  • Veteran
  • ****
  • Posts: 1838
  • Karma: 280
    • View Profile
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #8 on: August 03, 2018, 01:04:10 pm »
So, do I get you right? You would like the Intel Microcode to autoload at boot??
Or, am I still missing something?

All vulnerabilityies have been patched at the kernel level.
Safe or sorry?

EDIT: Remember this, https://github.com/speed47/spectre-meltdown-checker ??
« Last Edit: August 03, 2018, 01:10:44 pm by pin »

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2197
  • Karma: 458
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #9 on: August 03, 2018, 01:24:12 pm »
I'm wondering why both Intel and AMD microcode have appeared on the same systems.

Offline pin

  • Veteran
  • ****
  • Posts: 1838
  • Karma: 280
    • View Profile
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #10 on: August 03, 2018, 02:59:50 pm »
Ok!
Sorry, now I got it  ;)

What if... you edit modprobe.d manually?
I'm still away from my Peppermint laptop... back home on Monday late evening  :(

Offline scifidude79

  • Hero
  • *****
  • Posts: 4029
  • Karma: 870
    • View Profile
  • Peppermint version(s): Peppermint 9
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #11 on: August 03, 2018, 03:37:32 pm »
I'm wondering why both Intel and AMD microcode have appeared on the same systems.

Probably because it's included in the base OS and the unused one never gets uninstalled during installation. So, when patches are released, both get updated, no matter what you have.

Offline VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5897
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #12 on: August 03, 2018, 04:01:24 pm »
I started getting 'bad vibes' when Peppermint 9 was released, and the Ubu kernel was FUBAR.  So, that's part of it. WTF as Linus would say. How could Ubu release that into the wild? It's like Ubu is shooting from the hip these days.

Then, out of curiosity, I was looking around to see which modules were blacklisted by default. You never know what you're going to find in there, in a final release. That's when I saw that the microcode twins were gagged n' blindfolded, even though a lot of updates keep rolling in.

Next, I decided to manually edit the confs. I commented them, uncommented them - commented/uncommented one and not the other. I *think* I even deleted them, and they came back like a virus.

Since these microcode modules are supposedly present inside the kernel now, I decided to purge them, but they've been hardlocked to the kernel, so it wanted to remove the kernel at the same time.

Anyway, I've been playing around with all this, reciting the Linus Torvalds Anthem to myself, when I ran across that old article (linked above) and it took on a whole new meaning for me - Intel patches poisoning the CPU - buggy microcode - Linus' admonitions - the initial Peppermint 9 problems with the janky Ubu kernel - blah, blah, blah.

"We", "they", "them", "us" and so forth are 'unspecified collectives' ...

So, I continue to wonder WTF is going on, now that the dust is starting to settle. Who decided to blacklist those microcode modules - Ubuntu? Mint? Intel? Linus Torvalds? Beelzebub? And, why do these "not always safe"modules keep getting updated and blacklisted, at the same time? If they 'aren't safe' and the CPU is already being poisoned anyway, what's the point?  :-\

Offline pin

  • Veteran
  • ****
  • Posts: 1838
  • Karma: 280
    • View Profile
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #13 on: August 03, 2018, 11:12:30 pm »
Now, this is becoming interesting  8)
Until Monday, I only have access to my NetBSD laptop, but I've looked at what I could on the Void forum...
There the microcode is loaded by the initramfs at boot.
 :-\
Apparently, on Void it's a kernel module and not baken into it.

Hmm... First it would be good to know if it's good or bad to have it. Maybe compile your own kernel, flag the microcode as M (module) instead of Y (yes) and decide later if you want to load it at boot or not?!

Or am I wrong?

EDIT: On the other hand... why, build it in and then blacklist it?
Is this only on the default 4.15, or is it the same behaviour if you load, say 4.17?
« Last Edit: August 03, 2018, 11:25:45 pm by pin »

Offline VinDSL

  • Administrator
  • Hero
  • *****
  • Posts: 5897
  • Karma: 1160
  • Team Peppermint
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Linus Torvalds: 'WHAT THE F*CK IS GOING ON?'
« Reply #14 on: August 04, 2018, 06:29:00 am »
To quote the Spectre and Meltdown mitigation detection tool ...

Code: [Select]
A false sense of security is worse than no security at all, see --disclaimer
Intel got caught with their hand in the NSA cookie jar. I guess they needed to do something to try and keep from getting the pants sued off of them. But these #$%! patches aren't the answer.

It's a sad state of affairs, really.  :(