You are not logged in.

#1 2019-05-15 12:30:32

linux-mate
Member
Registered: 2018-06-28
Posts: 44

[SOLVED] MDS vulnerability.

Lately arch is too slow in kernel upgrades. There is already 5.1.2 released and also 5.0.16 and arch is still on 5.0.13 which does not include latest MDS vulnerability mitigation techniques. I wanted to include in the kernel some moduls so i decided to compile latest kernel myself 5.1.2 and i just booted it with kernel parameter mds=full,nosmt. But when i check for vulnerabilities specter-meltdown checker says this.

http://www.picz.ge/img/s4/1905/15/9/923a9bb31a83.jpg


Kernel includes MDS mitigation function MD_CLEAR and i also disabled HyperThreading but why is it still vulnerable? I thought because of microcode. It says it can be updated but i can't update it. I tried manualy but still it's 0x24 version where as this specter-meltdown checker says it can be updated to 0x25 version.

Here is that line: * CPU microcode is the latest known available version:  NO  (latest version is 0x25 dated 2019/02/26 according to builtin MCExtractor DB v110 - 2019/05/11)


moderator edit -- replaced oversized image with link.
Pasting pictures and code

Last edited by linux-mate (2019-05-15 18:42:33)

Offline

#2 2019-05-15 12:36:22

loqs
Member
Registered: 2014-03-06
Posts: 7,853

Re: [SOLVED] MDS vulnerability.

intel-ucode 20190514-1 is in testing

Offline

#3 2019-05-15 14:47:47

HalosGhost
Forum Moderator
From: Twin Cities, MN
Registered: 2012-06-22
Posts: 1,772
Website

Re: [SOLVED] MDS vulnerability.

Note, linux 5.1.2 is also in testing.

All the best,

-HG


"All errors are ᴘᴇʙᴋᴀᴄ errors—It's just a matter of narrowing down which keyboard and chair." -Trilby
\ldots

Offline

#4 2019-05-15 17:25:31

linux-mate
Member
Registered: 2018-06-28
Posts: 44

Re: [SOLVED] MDS vulnerability.

HalosGhost wrote:

Note, linux 5.1.2 is also in testing.

All the best,

-HG

Yeah, it just updated. It looks like arch tests kernel then comes newer and suddenly they release and jump 3-4 kernel update at once. From 5.0.13 to 5.1.2 like today. I just wanted to faster path this vulnerabilities, but it seems it's not mitigated even after update. I do not know what else to do. I disabled HT but still my laptop is vulnerable. Yeah better to get AMD thinkpad then intel one sad

It seems all the speed improvement for intels CPUs came because of these vulnerabilities. Cause they stopped caring about safety.

Offline

#5 2019-05-15 17:33:46

loqs
Member
Registered: 2014-03-06
Posts: 7,853

Re: [SOLVED] MDS vulnerability.

If /sys/devices/system/cpu/vulnerabilities/mds shows Vulnerable with intel-ucode 20190514-1 with SMT disabled what is the CPU family,  model and stepping?
Edit:
Have you ensured the microcode update is being applied?
There can only be a single version of linux in the testing repository so  5.1.0 being in testing means 5.0.14 can not be in testing e.t.c.

Last edited by loqs (2019-05-15 17:35:59)

Offline

#6 2019-05-15 18:42:17

linux-mate
Member
Registered: 2018-06-28
Posts: 44

Re: [SOLVED] MDS vulnerability.

loqs wrote:

If /sys/devices/system/cpu/vulnerabilities/mds shows Vulnerable with intel-ucode 20190514-1 with SMT disabled what is the CPU family,  model and stepping?
Edit:
Have you ensured the microcode update is being applied?
There can only be a single version of linux in the testing repository so  5.1.0 being in testing means 5.0.14 can not be in testing e.t.c.

It seems it did not update intel-ucode. Now i confirmed it's updated 0x25 and mitigation successfull.

After all this mitigations my i5 4300u is like core 2 duo. I think intel MUST refund partialy, because we paid for faster CPUs and now they are like 30-40% slower!

I'll mark this thread as solved.

Offline

Board footer

Powered by FluxBB