Meltdown and Spectre

Support for security such as Firewalls and securing linux
popovmd.mdb
Posts: 8
Joined: 2017/05/02 09:04:31

Re: Meltdown and Spectre

Post by popovmd.mdb » 2018/02/14 09:06:35

Hi all,
Please update information for this ticket, when the current patch appears.

branes
Posts: 4
Joined: 2018/03/09 18:54:44

Re: Meltdown and Spectre

Post by branes » 2018/03/12 17:35:47

Hi,

Does anyone know where to find the latest Intel microcode files please? I'm all patched up and ready to load them, but lacking the code.

Intel seem to claim last week that everything's rosy (in particular for the Sandybridge processors I'm currently testing with).

https://newsroom.intel.com/wp-content/u ... idance.pdf

But if I head to the link previously mentioned in this thread (and elsewhere)

https://downloadcenter.intel.com/downlo ... -Data-File

I get dumped here where the latest microcode is from 2017, not even the microcode-20180108.tgz code that's been touted as available previously:

https://downloadcenter.intel.com/download/27337?v=t

Any ideas anyone?

thanks. Tim.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Meltdown and Spectre

Post by TrevorH » 2018/03/12 18:06:34

Sorry but you'll have to ask Intel or the vendor of your hardware. As far as I can gather, everyone got fed up with being burned by the original 2018 microcode release and all of them withdrew it as it caused random reboots. This time Intel haven't made it available except to their partners and they expect them to produce e.g. new BIOS updates to contain the newer microcode. As far as I know, they haven't released the latest update separately. Check with your hardware vendor to see if there's a newer BIOS available.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

branes
Posts: 4
Joined: 2018/03/09 18:54:44

Re: Meltdown and Spectre

Post by branes » 2018/03/12 18:43:06

Thanks - off to HP then.

FWIW, I've been performance testing for the impact of the Meltdown/Spectre mitigations. The Meltdown kernel patch on 6.9 seems to have had negligible impact on my application - essentially an ETL/aggregation application loading the resulting data into an in-memory MySQL DB.

cheers,

branes
Posts: 4
Joined: 2018/03/09 18:54:44

Re: Meltdown and Spectre

Post by branes » 2018/03/12 18:57:56

And another update - should anyone need it HP do seem to have a BIOS update for the DL380G8 which claims to address the SpectreV2 issue. Presumably they're issuing updates for other hardware too. Better than nothing of course, but TBH I was hoping to be able to do it in the OS to simplify switching for performance comparison purposes.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Meltdown and Spectre

Post by TrevorH » 2018/03/12 19:16:30

Be aware that the thing you need the updated microcode for, if enabled, will cause massive cpu usage. Mine almost exactly doubled when running the meltdown 11.6 kernel with the updated (and now withdrawn) microcode. Doubled as in 800% cpu usage became 1600% on a 20 core machine :-(

Possibly this will be better with the latest kernel as it is now built to use retpoline. Maybe.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: Meltdown and Spectre

Post by Whoever » 2018/03/13 04:03:23

Is there a kernel that is safe to run on Xen VMs? If so, what version(s)?

branes
Posts: 4
Joined: 2018/03/09 18:54:44

Re: Meltdown and Spectre

Post by branes » 2018/03/21 12:01:49

Further updates. Perhaps Intel were reading this, as they released updated microcode microcode-20180312.tgz on 12th March:

https://downloadcenter.intel.com/downlo ... roduct=873

As for my applications, as Trevor predicted the microcode update for SpectreV2 had the most significant effect. Still 'only' a max. 6% increase in total processing time for my black box testing though, which was fine for us.

Post Reply