Quick recap: https://abload.de/img/screenshot2018-01-291e3sh7.png Protection Class (1) - Subsequently Microcode Update Fixed Processors A microcode update is applied, which brings new CPU commands, which provide extensive Specter protection (Meltdown is rendered harmless by means of an operating system update). The same costs a bit of performance (supposedly more with older CPUs than with newer ones), but can be made available in a relatively short time by the CPU developers and motherboard manufacturers. As a disadvantage, many older CPUs (despite the technical possibility) no longer receive such a fix because their support has been discontinued. Protection class (2) - Factory-fixed by microcode update Processors Here again, a microcode update is scheduled, which brings new CPU commands, which provide extensive Specter protection (Meltdown is thereby harmless by means of an operating system update) . The same costs a bit of performance (supposedly less on older processors than on older ones) and is mostly already in the delivery state, which is why the CPU manufacturers then talk about "meltdown / Specter-free processors", although there are actually no changes on real hardware Level has given. But this method can be applied to every newly emerging CPU generation and will probably be realized in the same way for all upcoming CPUs. Protection class (3) - Meltdown / Specter-free CPU architectures

Meanwhile, it seems Linux has opted to mitigate Spectre v2 at the compiler level ("retpoline") and not use the microcode, calling Intel's microcode "crap." On my system:

$ cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline

(There's no mitigation for v1 by anyone yet.) AFAICT from the LKML posts, the retpoline method is actually faster than using the microcode. Although it gets a bit confusing for non-kernel people like me to interpret the posts, so I could be wrong.

Good. Hopefully Microsoft will going to use the "retpoline" soluition.

RealNC:

Meanwhile, it seems Linux has opted to mitigate Spectre v2 at the compiler level ("retpoline") and not use the microcode, calling Intel's microcode "crap." On my system:

$ cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline

(There's no mitigation for v1 by anyone yet.) AFAICT from the LKML posts, the retpoline method is actually faster than using the microcode. Although it gets a bit confusing for non-kernel people like me to interpret the posts, so I could be wrong.

It is faster because you don`t need to call/read/write out-of-core facilities (like MSR) introduced in updated microcode(s).

Alessio1989:

Good. Hopefully Microsoft will going to use the "retpoline" soluition.

The code of all applications you use should be recompiled for that (not only the OS apps/kernel). Linux users can do it themselves (and not only with OS apps/kernel).

mbk1969:

It is faster because you don`t need to call/read/write out-of-core facilities (like MSR) introduced in updated microcode(s). The code of all applications you use should be recompiled for that (not only the OS apps/kernel). Linux users can do it themselves (and not only with OS apps/kernel).

As is needed for Spectre v1. I do not need Spectre v1 and v2 mitigation on all my applications.

By the way, Microsoft in its article about mitigations on client Windows wrote about registry values "FeatureSettingsOverride" and "FeatureSettingsOverrideMask" both equals to "3". Taking to account your info we can assume that value "1" is a mask for Spectre mitigation, and value "2" is a mask for Meltdown mitigation.

mbk1969:

The code of all applications you use should be recompiled for that (not only the OS apps/kernel). Linux users can do it themselves (and not only with OS apps/kernel).

Only affected applications need to be recompiled. This means applications that execute third-party code inside their process space. Like web browsers, for example (they execute JavaScript.) Though browsers now seem to switch to having every tab being a separate process. So it's mostly kernels and virtual machines that need to be recompiled.

RealNC:

Only affected applications need to be recompiled. This means applications that execute third-party code inside their process space. Like web browsers, for example (they execute JavaScript.) Though browsers now seem to switch to having every tab being a separate process. So it's mostly kernels and virtual machines that need to be recompiled.

Script engines? Office apps? Messengers? Media players? Any apps with plugins? Just speculating.

No reboots here, then again i'm on 1703 still.

I am still using an ivy bridge 3570k. Doesn't look like there will be much done for older CPUs. I was really considering getting a 8700k but this spectre mess along with the crazy memory prices, guess I'll probably hold out a bit longer.

mbk1969:

Script engines? Office apps? Messengers? Media players? Any apps with plugins? Just speculating.

Messengers and media players don't run external code. At least I can't see why they would. The rest are only affected if they need to sandbox the code they run. So probably the scripting interpreters of office suits need it (and I'm not sure if they need it if there's no JIT involved.) Apps with plugins don't. Plugins are unsafe by nature and don't need Spectre to become unsafe.

The whole thing reminds me of "net neutrality"--a complex, repressive solution in search of real and authentic problems that may or may not ever exist, but for a fact do not currently exist at all. We seem to be getting dumber these days.

Nothing to do with this one https://support.microsoft.com/en-us/help/4056897/windows-7-update-kb4056897 ?, as ive got this one on, and all fine. EDIT: Ahh, its for those who who experience restart/reboot problems.

waltc3:

The whole thing reminds me of "net neutrality"--a complex, repressive solution in search of real and authentic problems that may or may not ever exist, but for a fact do not currently exist at all. We seem to be getting dumber these days.

Disagree on your analogy. Net neutrality may be trying to fix something that doesn't exist but many of the issues will exist, it's not an IF its just WHEN since so many ISP's have consolidated over the last decade. We all have seen it over and over companies consolidate to a point they can no longer buy the other guy since all that is left is a few giant companies. So they try to find ways for growth since stockholders demand it and bam you start seeing all sorts of shenanigans.

Hilbert Hagedoorn:

What a mess this is becoming. Over the weekend Microsoft released an update (in the weekend even) outside of its usual monthly schedule, end-users who experience restart/reboot problems can now disabl... Microsoft releases update to reverse problematic Spectre patch

Been saying this since day one , that this is one huge mess the way this info about these flaws was released into public was bad, and they way the CPU makers MS and everyone else supposed to be fixing and pluging the issue, is being handled is just as bad., they all seem to opt of the option mean the less work Either way this "update" disable something i have installed but not enable cause i need microcode. Like it be said by others, maybe MS just do retpoline, which seems to have no performance hit and will solve everyone problem with update? cause microcode updates arnt the way to go protect everyone, cause of the nature of how there need to be done majority of people will never do it. MS need do pick solution that will protect the most people, there current solution isnt not it.

arg stupid dbl posts