Announcement

Collapse
No announcement yet.

Linux 5.19-rc7 Released Following A Tough Week With Retbleed, Intel GPU Firmware Snafu

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Linux 5.19-rc7 Released Following A Tough Week With Retbleed, Intel GPU Firmware Snafu

    Phoronix: Linux 5.19-rc7 Released Following A Tough Week With Retbleed, Intel GPU Firmware Snafu

    Linus Torvalds just released Linux 5.19-rc7 following a busy week due to the Retbleed security mitigation and not only the CPU overhead performance impact it puts on users but the mess it has on kernel development especially when it comes to embargoed issues that make the patches difficult to review/test well prior to embargo lift...

    Linux 5.19-rc7 Released Following A Tough Week With Retbleed, Intel GPU Firmware Snafu - Phoronix
    https://www.phoronix.com/scan.php?page=news_item&px=Linux-5.19-rc7-Released
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    And if this was not enough mitigating AMD phantom jump can induce overhead by 209% ( https://comsec.ethz.ch/research/microarch/retbleed/ )

    I really hope RISC-V moves on due to this. Then architecture would be less important as the ISA should stay the same... Oh wait a tick.... It won't because they hampered this as well with tons of extensions and optional stuff. ...sigh....

    http://www.dirtcellar.net
    • Likes 1

    Comment

    • #3
      At this point, aren't the mitigations doing more harm than the security issues?
      • Likes 4

      Comment

      • #4
        Originally posted by waxhead View Post
        And if this was not enough mitigating AMD phantom jump can induce overhead by 209% ( https://comsec.ethz.ch/research/microarch/retbleed/ )

        I really hope RISC-V moves on due to this. Then architecture would be less important as the ISA should stay the same... Oh wait a tick.... It won't because they hampered this as well with tons of extensions and optional stuff. ...sigh....
        What does RISC-V have to do with a micro-architectural vulnerability?
        • Likes 1

        Comment

        • #5
          Originally posted by Mike Frett View Post
          At this point, aren't the mitigations doing more harm than the security issues?
          only if you value performance over security. unfortunately, spectre-like exploits aren't just theoretical like some other side-channel attacks: Hertzbleed for example, the recent new one, seems virtually impossible to actually exploit en masse, you need a really targeted attack for that one, so most users don't need to care about it.
          • Likes 1

          Comment

          • #6
            Originally posted by Wielkie G View Post

            What does RISC-V have to do with a micro-architectural vulnerability?
            Nothing... That's the beauty of it. In theory it would allow to switch architecture without affecting the software stack and therefore migrating to another architecture simple and easy. Sadly RISC-V is not as clean as it once was and they might as well soon call it MISC-V since there are so many miscellaneous extensions.
            http://www.dirtcellar.net

            Comment

            • #7
              Originally posted by justinkb View Post
              only if you value performance over security. unfortunately, spectre-like exploits aren't just theoretical like some other side-channel attacks: Hertzbleed for example, the recent new one, seems virtually impossible to actually exploit en masse, you need a really targeted attack for that one, so most users don't need to care about it.
              Really? I was pretty sure most of those Spectre-type vulnerabilities are purely academic without being realistically exploitable in real-world scenarios.
              Do you have resources that document successful exploitations?

              Comment

              • #8
                Originally posted by waxhead View Post
                And if this was not enough mitigating AMD phantom jump can induce overhead by 209% ( https://comsec.ethz.ch/research/microarch/retbleed/ )

                I really hope RISC-V moves on due to this. Then architecture would be less important as the ISA should stay the same... Oh wait a tick.... It won't because they hampered this as well with tons of extensions and optional stuff. ...sigh....
                Oh, yeah. RISC-V.

                RISC-V is like Rust but on the hardware side of things. Every single problem in the world is going to get fixed thanks to RISC-V and Rust.
                • Likes 1

                Comment

                • #9
                  Originally posted by david-nk View Post

                  Really? I was pretty sure most of those Spectre-type vulnerabilities are purely academic without being realistically exploitable in real-world scenarios.
                  Do you have resources that document successful exploitations?
                  this is a report on a few found in the wild, https://dustri.org/b/spectre-exploits-in-the-wild.html - one dumps the /etc/shadow file for the attacker, allowing them to gain access to the system using any credentials available.

                  a lot of these are probably flying under the radar because mitigations stop them in their tracks, so the exploit does nothing. it's definitely a mistake to think mitigations are unnecessary for the average person
                  • Likes 3

                  Comment

                  • #10
                    Originally posted by justinkb View Post

                    this is a report on a few found in the wild, https://dustri.org/b/spectre-exploits-in-the-wild.html - one dumps the /etc/shadow file for the attacker, allowing them to gain access to the system using any credentials available.

                    a lot of these are probably flying under the radar because mitigations stop them in their tracks, so the exploit does nothing. it's definitely a mistake to think mitigations are unnecessary for the average person
                    Only works on a few specific distributions and requires a shitty password to run through hashcat. Wouldn't have a chance on any of my systems. If that's the best these exploits can do that's pathetic.

                    Comment

                    Previous template Next
                    Working...
                    X