The officially official Devuan Forum!

You are not logged in.

#1 2019-05-16 11:39:27

boycottsystemd
Member
Registered: 2017-09-25
Posts: 82  

ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

There is anoher intel vulnerability which uses hyperthreading.

I've booted ASCII kernel with noht parameter.

I've tried to disable hyperthreading:

sudo -i && echo 0 > /sys/devices/system/cpu/online

but

# cat /sys/devices/system/cpu/online 
0-3

Any idea pls ?

$ uname -a
4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64 GNU/Linux

Offline

#2 2019-05-16 13:56:55

siva
Member
Registered: 2018-01-25
Posts: 207  
Website

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

boycottsystemd wrote:

There is anoher intel vulnerability which uses hyperthreading.

Similar vulnerabilities, especially from Intel, will keep coming.  2018 was the year of microcode exploits.  Until Intel releases a mass-recall to fix their hardware (they won't), just sit back and enjoy the show.

Any idea pls ?

It's good practice to find research whether or not the CVE has been resolved:
https://www.debian.org/security/2019/dsa-4444


the thomos project
thomos support thread
cynwulf wrote: "You should get some more sleep and spend less time on forums."

Offline

#3 2019-05-16 15:21:13

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 295  
Website

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

boycottsystemd wrote:

I've booted ASCII kernel with noht parameter.

The parameter you want is nosmt.

You also need the 2019-05-14 version of the intel-microcode package and the most recent kernel version (4.9.168-1+deb9u2, install the linux-image-amd64 metapackage to get this).

EDIT: you already have the kernel.

Use this to check vulnerabilities:

grep -R . /sys/devices/system/cpu/vulnerabilities

The zombieload vulnerability corresponds to MDS in the /sys checklist.

Last edited by Head_on_a_Stick (2019-05-16 15:23:11)


Fabricando fit faber

Offline

#4 2019-08-26 06:24:05

boycottsystemd
Member
Registered: 2017-09-25
Posts: 82  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

Head_on_a_Stick wrote:
boycottsystemd wrote:

I've booted ASCII kernel with noht parameter.

The parameter you want is nosmt.

You also need the 2019-05-14 version of the intel-microcode package and the most recent kernel version (4.9.168-1+deb9u2, install the linux-image-amd64 metapackage to get this).

EDIT: you already have the kernel.

Use this to check vulnerabilities:

grep -R . /sys/devices/system/cpu/vulnerabilities

The zombieload vulnerability corresponds to MDS in the /sys checklist.

Thank you and apology for delay.

# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, RSB filling
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

Offline

#5 2019-08-26 16:42:29

pcalvert
Member
Registered: 2017-05-15
Posts: 49  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

Here's mine:

# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: EPT disabled
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

Doesn't look good. sad


Phil


“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

Offline

#6 2019-08-27 18:12:58

boycottsystemd
Member
Registered: 2017-09-25
Posts: 82  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

pcalvert wrote:

Here's mine:

# grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: EPT disabled
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

Doesn't look good. sad


Phil

(... I suppose you are using latest firmware...)

Offline

#7 2019-08-28 16:59:07

pcalvert
Member
Registered: 2017-05-15
Posts: 49  

Re: ZombieLoad Attack (CVE-2018-12130), hyperthreading -how to disable it?

boycottsystemd wrote:

(... I suppose you are using latest firmware...)

That is correct.

Phil


“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

Offline

Board footer