'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Paul M

Limeade Addict
Joined
Jun 26, 2006
Messages
3,938
More issues with the fixes, this time affecting Centos 6 on certain VPS configurations.

kernel 2.6.32-696.18.7.el6.x86_64 issues.

This is of particular concern to me as all my servers run Centos 6.9.

The advice seems to be either dont update atm, or make sure you have an image you can revert to.

Of course, its only an issue if you reboot, generally not such a concern as I dont reboot often.
However, given that an update to the VPS node host will cause a reboot, its much more likely to happen atm, and be out of my control.

Edit: Issues with Centos 7 as well : https://bugs.centos.org/view.php?id=14347
 
Last edited:

eva2000

Habitué
Joined
Jan 11, 2004
Messages
1,778
FYI, Phoronix benchmarked KPTI + Retpoline on Ubuntu both Apache and Nginx and saw around 21-26% performance impact for Nginx using apachebench https://www.phoronix.com/scan.php?page=news_item&px=KPTI-Retpoline-Combined-Ubuntu. I tested Centmin Mod Nginx with Siege bench on i7 4790K on CentOS 7.4 with KPTI only Kernel and got around 5.5% performance impact https://community.centminmod.com/th...nux-kernel-kpti-meltdown-spectre-fixes.13694/

More issues with the fixes, this time affecting Centos 6 on certain VPS configurations.

kernel 2.6.32-696.18.7.el6.x86_64 issues.

This is of particular concern to me as all my servers run Centos 6.9.

The advice seems to be either dont update atm, or make sure you have an image you can revert to.

Of course, its only an issue if you reboot, generally not such a concern as I dont reboot often.
However, given that an update to the VPS node host will cause a reboot, its much more likely to happen atm, and be out of my control.

Edit: Issues with Centos 7 as well : https://bugs.centos.org/view.php?id=14347
Those are actually Xen issues :)

edit: actually is Redhat kernel issue https://discussions.citrix.com/topic/392239-new-centos-6-kernel-fails-to-boot-on-xenserver-65/
It appears that RHEL may have released with a version of KPTI that does not know it must be turned off when running under Xen.

KPTI is designed to prevent guest userspace from attacking the guest kernel, but this is prevented by Xen automatically - PV guests can only attack Xen using SP3 because Xen unmaps the guest kernel from the address space while executing guest userspace code.
 
Last edited:
Joined
Jan 6, 2004
Messages
5,956
Thankfully my main reason for needing a recent CPU isn't hit too hard by this (video editing) but it's still crazy how long these exploits have been around without anyone knowing about them. Some of the first machines I built (P2/K6 era) are vulnerable. I'm kinda pissed that I went with a Haswell CPU now for a variety of reasons but this just made it seem like even more of a bad buy.

AMD is really no better all things considered but at least I would get more real cores to work with. I'm happy I didn't pull the trigger on a dual-CPU motherboard last year. People that mine bitcoin have kept me off upgrading anything for now since GPUs and RAM have gotten more expensive than usual.
 
Top