Intel FUBAR ... again - Kernel memory leak in nearly every Intel CPU of the last decade (Spectre hits everyone, Meltdown still Intel exclusive)

Yeah, but EA ain’t fixing this. So a unmodified copy will perpetually have this issue. No Origin or Steam patch to fix this for you. Is the average user likely going to know this can be fixed with a third party mod?

Dunno.
People know the ME HD rework mod exists, in the install guide, it tells you to get the memory and missing texture fix.

2 Likes

I recently moved to 1440p 144hz and this is very interesting for me. My 7700k might get the boot soon. Thanks for this.

Cisco seems to have pulled the 3.2(2e) firmware fix from their UCS (Unified Computing System) equipment which included the spectre fix.

Apparently they were instructed by intel to do so and said that there is an imminent public announcement that will soon be made.

:thinking: :worried:

3D Now extensions where removed.
They’re ancient and I don’t know why earth the game was coded to try and use those anyway.

TLDR: Won’t fix, doesn’t matter.

Something cool regarding Meltdown mitigation on Power CPU’s

https://lkml.org/lkml/2018/1/22/186

2 Likes

Skylake+ (Kabylake etc)
All have extra issues apparently

https://lkml.org/lkml/2018/1/22/166

A false sense of security is worse than no security at all.

1 Like

Remember the Core 2 Duo/Quad?
That:

2 Likes

I struggle with Civ V and linux as it is.

No, enlighten me?

Even mainstream media is beginning to smell the blood in the water.

Somehow…the average person has little or no idea about these new threats.

1 Like

Bugs. Bugs everywhere.

Intel managed to sweep most of them under the rug. But kernel devs where furious. And most of them where never fixed to this day even.

Summary of fix by Intel and why Linus is calling it bullshit.

http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html

Big simplification: Proper way to fix an hardware bug like this, is that newer cpu gets protected by default, and they answer they are when queried.

So you can ask the CPU “what’s your status on bug X” and the cpu answers “i’m good, you don’t need to do anything” (newer fixed chips), or “i know about it but was already built, and need microcode update/special behavior to protect myself” (current chips with microcode update), “no answer / I’m not good” (old chips without update).

So new stuff is protected, and you add more protection (and slowdowns, and special stuff) for older chips that don’t know how to deal with it.

What Intel is trying to do here, is to go the other way: the chips, even the new ones, will stay vulnerable by default, and when queried they say “I have a fix but I don’t use it, you can enable it by asking !” and the kernel is supposed to enable it.

It’s terrible for a lot of reasons, like “boot an older os and it’s vulnerable since it doesn’t know to call this”, “additional code to enable this feature has to run for all of eternity for new chips now, instead of having to run for older chips and being phased out over time”, etc …

The reason why Intel does that seems obvious: by default the chip does not lose speed since the fix is not enabled, and so instead of “intel chips lose 30% speed over night because of a flaw” it becomes “intel adds a special security mode that protects you even more for critical applications, at the cost of some speed”. Purely marketing speech and decision at the cost of proper engineering decisions, and they need and try to get OSes like Linux to play along. That’s what he means by “[it] shows intel had no intention of fixing those flaws”.

Additionally there seems to be a second issue in that the quality and behavior of the patches they submitted are trying to hide this deceptively simple but technically terrible behavior by making it look/sound obtuse and complicated.

In other words, intel is using its presence and weight to try and push a shitty solution, but one that is better for them marketing wise. Linus is flabbergasted to be treated like an idiot or a obedient drone that should apply such obvious abusive patches.

Further details from a HN poster that seems reasonable:

He’s complaining about their “fix” being terrible, but isn’t fully against using it the end since as you said, that’s all there is going to be to have the chips work properly. The reason he refuses those current patches and directly call it a lie/deception is because of what my last two paragraphs related; if you read his message (where the link points to) it’s about half way: Intel tries to disguise it by doing it in a convoluted way. Basically they try to avoid making it obvious when looking at the code, because they don’t want a “if (intel_chip) enable_fix_because_default_is_broken_on_intel();” and instead pushes something that looks like the kernel needs to do lots of complex stuff [aka, “it’s complex, and a fix-on-chip is not enough the kernel needs protection anyway !”, and that means a terrible patch with lots of garbage and filler code.

Intel’s intention is clear in that they specifically pushes this in the same patchset as the “tell the chip to be secure”, trying to mush the two things together to make it looks like it’s all the same thing, whereas in reality it should be two patchset: one to enable the security mode, and bad for intel marketing wise. And a second one to add those “fixes” to the kernel, that would be refused because terrible and in part unecessary since retpoline already protects it. What Linus is saying is “sure I need the first change, but since you’re intent on pushing them together I’m refusing them, because the second one is pure garbage, and you mix them together to hide the first”.

6 Likes

Never a boring read with him :slight_smile:

You seem to have bought into the cool-aid. Please add a healthy dose
of critical thinking. Because this isn’t the kind of cool-aid that
makes for a fun trip with pretty pictures. This is the kind that melts
your brain.

1 Like

I keep thinking of the “cripple code”. I think the OS’s should force the performance hitting patch on all intel devices regardless. That is what they are trying dodge from what I gather.

1 Like

cool… So just like their financial practices, their security practices are just as shitty?

:frowning:

While that makes sense for Windows and OSX, enabled by default but configurable is the proper way to handle it on Linux because of the whole “freedom to run your system how you choose” thing.

but then it goes against a even bigger tenant of making a system as secure as possible. Lets just ignore this big hole in fence. Maybe it will block itself up as your cows wander off :slight_smile:

I guess you missed the part where I said “enabled by default”

ufw has closed port 22 by default. I can open it though.

Yes…associated it to windows. Threw me.