[geeks] How?

Tue Feb 6 15:17:57 CST 2018

On Tue, 9 Jan 2018 21:23:46 -0600 (CST), Jonathan Patschke wrote:
> All three CPU makers support ucode updates from a running system (ex:
> loaded by the OS), but it's more typical that the updates are applied
> from firmware.

Tuning in late (again).

As far as I know, Windows relies on firmware to update microcode, OSX
doesn't let you know what goes on in the perfumed prison, and Linux
relies on (Debian) packages: intel-microcode and amd64-microcode.
There's a gotcha with that - with Debian-based (at least on all my
Linux boxen) systems, those aren't installed by default.

Where microcode updates are few and far between, installing the Linux
packages may be a sensible move.

On Tue, Jan 9, 2018 at 2:22 PM, Lionel Peterson <lionel4287 at gmail.com>
wrote:
> Protected Kernel space by executing a certain instruction designed to
> move protected memory into a register despite the instruction being
> invalid, based
> on process authorization.

The microcode updates are to alleviate some aspects of Spectre not
Meltdown (which is described above). Of course, seeing as the relevant
Intel microcode update has been released and withdrawn because of
issues on some systems, there isn't currently a microcode update to
apply.

The work-around for Meltdown is to move kernel memory space into it's
own address space at the cost of reprogramming the MMU when making a
system call (which is where the up to 30% performance hit comes from).

--
Mike Meredith (http://zonky.org/)
  "Spammers on the Internet are like hula hoops, pet rocks, or subway
   alligators; only incredibly fertile, incontinent, and able to fly.
And it's still illegal to shoot them, so bring an umbrella." SC, on
SPAM-L.

[demime 1.01d removed an attachment of type application/pgp-signature]