Security flaw discovered in Intel chips.


Joseph

Recommended Posts

AMD chips are not affected by the flaw.

 

"Patches for Linux systems have been posted privately; although, some developers are said to be frustrated that the comments describing the fix for the open-source software have been redacted to prevent details of the bug from leaking."

 

Full Article

http://www.zdnet.com/article/tech-giants-scramble-to-fix-intel-processor-security-flaw/

 

Is there a patch for unRAID?

 

 

Link to comment

y my pc so slo!?

Hold on,  buying AMD stock.

 

Depending on the reports you read, the slowness will be less noticeable on Desktop/gaming type functionality and more so on server-end stuff.

Not sure how many memory calls unRaid base does, but seeing as most use docker/kvm and Hypervisors are said to be impacted the most by this issue it will be interesting to see what happens. I work in the IT field, so will be fun to follow this fallout.

Edited by ninthwalker
Link to comment

We are about to find out at work. I’d say whatever is done for the “meltdown” patching make sure the patch doesn’t include the AMD chips. Sounds like rumblings are that the current patch in the wild blankets all x86 CPUs. As I’m a Ryzen VM gamer with full gpu passthrough, if there’s a beta patch we can test I’d be happy to help. Haven’t heard word on KVM issues however ESX and Xen specifically have been called out by documentation I’ve read.

Link to comment
12 minutes ago, Dr_Cox1911 said:

Quick question regarding the release-schedule of unRaid: Will the fix once it's public a security update for 6.3.5 or only for the new 6.4 RC?

Interesting point!

 

my guess would be that it will only be done to the 6.4 release as the fix will almost certainly equire a kernel update which would need major regression testing to make it available with 6.3.5.   Hopefully 6.4 is very close to final release so this does not become a significant factor.   Of course the fix itself may delay 6.4 going Final if it has knock-off effects.  

 

In many ways this is likely not to be a significant issue for most unRAID users as it is only a very controlled set of binaries that are run on a typical unRAID system.

 

i wonder if this issue affects VMs?

Link to comment

From Ars Technica "Programs that don't use the kernel much might see a hit of perhaps 2-3 percent" but "a program that does virtually nothing other than call into the kernel saw its performance drop by about 50 percent" and "Benchmarks that use Linux's loopback networking also see a big hit, such as 17 percent".  The issue being that "every time a program makes a call into the kernel —to read from disk, to send data to the network, to open a file, and so on" —it will force the translation lookaside buffer to be flushed, a ton of extra operations.  I'm not feeling good about the impact to unRAID.

Link to comment
2 hours ago, tdallen said:

I'm not feeling good about the impact to unRAID.

 

It likely will not be an option as I am sure LT does not want to maintain two versions, but, if the hit is too great, I would not mind an unpatched version of unRAID with lots of "user beware" warnings. Unfortunately, someone is bound to blame LT if, after installing the unpatched version when a fix is available, they get hit with the issues.

 

Hopefully, the hit to unRAID won't be too great, but, it has the potential to be a "damned if we do, damned if we don't"  situation.  Should the worst case become reality, I am sure LT would not be alone in this boat and that's little consolation.

Edited by Hoopster
Link to comment

Is this as much of a security risk on a home system that isn't directly connected to the net.  Sure I can see the risk of you are on AWS and anyone can buy space on the SAME CPU as you and run code that can break through the VM layer and suck out info.  But for my home server is this an issue?

Link to comment
5 hours ago, wayner said:

But for my home server is this an issue?

Code does have to run on a box in order to exploit Meltdown.  If all you do is run unRAID as a NAS from a trusted vendor like Limetech, you would be fine.  But if you are running a ton of Dockers from random sources, not so much... 

Link to comment
On 1/9/2018 at 1:21 AM, tdallen said:

Code does have to run on a box in order to exploit Meltdown.  If all you do is run unRAID as a NAS from a trusted vendor like Limetech, you would be fine.  But if you are running a ton of Dockers from random sources, not so much... 

We have to be careful when we say things like this now. Unfortunately the days when this was really true are long gone, doubly so due to ransomware.

 

Modern "Security in depth" practices call for essentially a "patch everything" policy because devices, people and WLAN are so ubiquitous now it is really just a matter of when, rather than if, a bad actor gains some foothold code in a "secure" private LAN.

 

Terrible I know but thats the modern reality.

Link to comment
2 minutes ago, Joseph said:

Makes me wonder if data centers will look to do a tech refresh sooner than later to get these chips out of their production boxes and sell them for cheap on eBay! w00t! :D

 

The answer is "yes," but, there isn't anything to buy right now. No way am I comfortable enough yet with AMD's latest products to fill my data center with them.

 

Unfortunately, we aren't allowed to sell anything after it has been decommissioned.  Everything is physically destroyed. :(

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.