[opensuse] Meltdown & Spectre list of cpus affected?
I can't seem to pin down whether the Core 2 or Pentium 4/Ms are affected by either of these issues. Most reports say since 1995 or Pentium Pro & Newer. Intel's list starts with the Core ix series and doesn't go back further. Of course I can't find the list on their site, but I found this one: https://www.tweaktown.com/news/60411/heres-list-intel-cpus-affected-spectre-... Also what about AMD? Their arch has differences. Is there a list for them? Athlon, AthlonXP, Athlon64? I've read that even the POWER chips have a spectre vuln(which seems to be more mitigatable).. While there seems to be a great deal of hype about all this, I have to wonder how easy it is to compromise a system. Most reports save having to already have access to the machine. If that's the case, then I think you are already in trouble. It's also hard to tell how long the spy agencies have known about this and been (ab)using it. I dunno. I just can't see that much interest in mitigating this on older chips/systems(even though a lot of us find them perfectly usable). Looks like a forced upgrade is going to be contemplated for many even though it's really hard to tell how many other issues are going to be found all things considering. We could all rush out and get the "fixed" hardware when it's released only to end up in the same boat sooner or later. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Jan 08, 2018 at 02:50:09PM -0500, Larry Stotler wrote:
I can't seem to pin down whether the Core 2 or Pentium 4/Ms are affected by either of these issues. Most reports say since 1995 or Pentium Pro & Newer. Intel's list starts with the Core ix series and doesn't go back further. Of course I can't find the list on their site, but I found this one:
https://www.tweaktown.com/news/60411/heres-list-intel-cpus-affected-spectre-...
Also what about AMD? Their arch has differences. Is there a list for them? Athlon, AthlonXP, Athlon64?
Meltdown affects Intel chips. I think Core 2 for sure, Pentium 4 unclear. FWIW, there is a Meltdown exploit available for testing. https://github.com/paboldin/meltdown-exploit Spectre affects both Intel and AMD chips.
I've read that even the POWER chips have a spectre vuln(which seems to be more mitigatable)..
This is also our current understanding.
While there seems to be a great deal of hype about all this, I have to wonder how easy it is to compromise a system. Most reports save having to already have access to the machine. If that's the case, then I think you are already in trouble. It's also hard to tell how long the spy agencies have known about this and been (ab)using it.
I dunno. I just can't see that much interest in mitigating this on older chips/systems(even though a lot of us find them perfectly usable). Looks like a forced upgrade is going to be contemplated for many even though it's really hard to tell how many other issues are going to be found all things considering. We could all rush out and get the "fixed" hardware when it's released only to end up in the same boat sooner or later.
One thing is that Javascript in Firefox and Chrome was/is able to exploit Meltdown. This makes an attack over the web possible. (Firefox and Chrome javascript engines had high precision timers available and some form of direct byte buffer access. They want to make the high precission timers less precise.) Spectre is only beginning to be understood, it is actually more tricky from a Mitigation point of view. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Jan 8, 2018 at 2:59 PM, Marcus Meissner <meissner@suse.de> wrote:
Meltdown affects Intel chips. I think Core 2 for sure, Pentium 4 unclear.
FWIW, there is a Meltdown exploit available for testing.
https://github.com/paboldin/meltdown-exploit
Spectre affects both Intel and AMD chips.
Ran it. Had to recompile it with suggested settings. Got: looking for linux_proc_banner in /proc/kallsyms cached = 70, uncached = 463, threshold 180 read ffffffff81800060 = ff (score=0/1000) read ffffffff81800061 = ff (score=0/1000) read ffffffff81800062 = ff (score=0/1000) read ffffffff81800063 = ff (score=0/1000) read ffffffff81800064 = ff (score=0/1000) read ffffffff81800065 = ff (score=0/1000) read ffffffff81800066 = ff (score=0/1000) read ffffffff81800067 = ff (score=0/1000) read ffffffff81800068 = ff (score=0/1000) read ffffffff81800069 = ff (score=0/1000) read ffffffff8180006a = ff (score=0/1000) read ffffffff8180006b = ff (score=0/1000) read ffffffff8180006c = ff (score=0/1000) read ffffffff8180006d = ff (score=0/1000) read ffffffff8180006e = ff (score=0/1000) read ffffffff8180006f = ff (score=0/1000) NOT VULNERABLE PLEASE POST THIS TO https://github.com/paboldin/meltdown-exploit/issues/22 NOT VULNERABLE ON 3.16.7-53-desktop #1 SMP PREEMPT Fri Dec 2 13:19:28 UTC 2016 (7b4a1f9) x86_64 processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz stepping : 6 microcode : 0xd1 cpu MHz : 2000.000 cache size : 4096 KB physical id : 0 This laptop is still running 13.2/x64. Been lazy. However, it does show not vulnerable, which is encouraging. I do have a more current setup on a Q9000 laptop I will try later.
One thing is that Javascript in Firefox and Chrome was/is able to exploit Meltdown. This makes an attack over the web possible.
(Firefox and Chrome javascript engines had high precision timers available and some form of direct byte buffer access. They want to make the high precission timers less precise.)
Good thing I run NoScript. Maybe this will get sites to reconsider relying on javascript so much(I'm not a fan).
Spectre is only beginning to be understood, it is actually more tricky from a Mitigation point of view.
crap. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Jan 8, 2018 at 3:09 PM, Larry Stotler <larrystotler@gmail.com> wrote:
This laptop is still running 13.2/x64. Been lazy. However, it does show not vulnerable, which is encouraging. I do have a more current setup on a Q9000 laptop I will try later.
The Q9000 passed as well. However, I did not check it until I had ran the update to 4.4.104-39-default. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, Jan 08, 2018 at 08:45:21PM -0500, Larry Stotler wrote:
On Mon, Jan 8, 2018 at 3:09 PM, Larry Stotler <larrystotler@gmail.com> wrote:
This laptop is still running 13.2/x64. Been lazy. However, it does show not vulnerable, which is encouraging. I do have a more current setup on a Q9000 laptop I will try later.
The Q9000 passed as well. However, I did not check it until I had ran the update to 4.4.104-39-default.
That kernel is fixed for Meltdown ;) I ran it on my Tumbleweed before the update and it reported affecfted. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/08/2018 01:59 PM, Marcus Meissner wrote:
Meltdown affects Intel chips. I think Core 2 for sure, Pentium 4 unclear.
FWIW, there is a Meltdown exploit available for testing.
I'd take the test with a grain-of-salt. I've run in on both i7 and Core2 (both of which are supposed to be affected) and it reports not vulnerable in both cases. I'd be interested if anyone has had it report vulnerable? -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/01/2018 11:29, David C. Rankin wrote:
On 01/08/2018 01:59 PM, Marcus Meissner wrote:
Meltdown affects Intel chips. I think Core 2 for sure, Pentium 4 unclear.
FWIW, there is a Meltdown exploit available for testing.
I'd take the test with a grain-of-salt. I've run in on both i7 and Core2 (both of which are supposed to be affected) and it reports not vulnerable in both cases. I'd be interested if anyone has had it report vulnerable?
Have you updated your kernel yet? My i3-2120 was listed as vulnerable on intels site but it comes up as not vulnerable. My system's already patched though. Just a thought, imagine if meltdown-exploit actually installed an exploit. Dave P -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/09/2018 02:03 AM, Dave Plater wrote:
My i3-2120 was listed as vulnerable on intels site but it comes up as not vulnerable. My system's already patched though. Just a thought, imagine if meltdown-exploit actually installed an exploit.
That wouldn't be the first time that happened, would it? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op dinsdag 9 januari 2018 15:56:57 CET schreef Lew Wolfgang:
On 01/09/2018 02:03 AM, Dave Plater wrote:
My i3-2120 was listed as vulnerable on intels site but it comes up as not vulnerable. My system's already patched though. Just a thought, imagine if meltdown-exploit actually installed an exploit.
That wouldn't be the first time that happened, would it?
Regards, Lew
If you clone the github source, you can read the meltdown-exploit.c file and the Makefile. Or, if you still don't trust it, the included stuff. I did the first and decided it was safe to compile and run. -- Gertjan Lettink, a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Jan 9, 2018 at 4:29 AM, David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
I'd take the test with a grain-of-salt. I've run in on both i7 and Core2 (both of which are supposed to be affected) and it reports not vulnerable in both cases. I'd be interested if anyone has had it report vulnerable?
https://github.com/paboldin/meltdown-exploit/issues/19 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tuesday, 9 January 2018 19:59:10 ACDT David C. Rankin wrote:
On 01/08/2018 01:59 PM, Marcus Meissner wrote:
Meltdown affects Intel chips. I think Core 2 for sure, Pentium 4 unclear.
FWIW, there is a Meltdown exploit available for testing.
I'd take the test with a grain-of-salt. I've run in on both i7 and Core2 (both of which are supposed to be affected) and it reports not vulnerable in both cases. I'd be interested if anyone has had it report vulnerable?
Yes. Same test, same CPU, two different kernels: VULNERABLE ON 4.14.8-1.g674981b-default #1 SMP PREEMPT Wed Dec 20 10:40:41 UTC 2017 (674981b) x86_64 processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz stepping : 7 microcode : 0x29 cpu MHz : 3099.882 cache size : 6144 KB physical id : 0 NOT VULNERABLE ON 4.14.12-2.g7637ae2-default #1 SMP PREEMPT Sat Jan 6 09:10:30 UTC 2018 (7637ae2) x86_64 processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz stepping : 7 microcode : 0x29 cpu MHz : 3099.979 cache size : 6144 KB physical id : 0 -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Yes. Same test, same CPU, two different kernels: NOT VULNERABLE ON 4.14.12-2.g7637ae2-default #1 SMP PREEMPT Sat Jan 6 09:10:30 UTC 2018
The second kernel includes the fix. The check looks for the mitigation, not the flaw. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2018-01-09 at 08:32 -0500, Larry Stotler wrote:
Yes. Same test, same CPU, two different kernels: NOT VULNERABLE ON 4.14.12-2.g7637ae2-default #1 SMP PREEMPT Sat Jan 6 09:10:30 UTC 2018
The second kernel includes the fix. The check looks for the mitigation, not the flaw.
Oh :-( - -- Cheers, Carlos E. R. (from openSUSE 42.2 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlpUyYwACgkQtTMYHG2NR9Vt/ACeJ63r/iTCzHXEMo0MX90eyXvx 6M0AoI7EviCCZ7lu9XhTlG5MV+QQL1P9 =hcuB -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Jan 9, 2018 at 8:54 AM, Carlos E. R. <robin.listas@telefonica.net> wrote:
The second kernel includes the fix. The check looks for the mitigation, not the flaw.
Oh :-(
Which begs the question: Since my one laptop is still running 3.16.7-53, and it showed not vulnerable, is it? Or is the check expecting something that isn't there and not working properly? The check program doesn't say what the minimum kernel version is. However, it does show that the specific exploit isn't working on that system. Even though everyone is saying anything from Pentium Pro forward, it would seem some older chips may not be (as) affected. That's why I was trying to find a better list of affected cpus. It's also possible that while the flaw is there, it's more exploitable on the newer chips. Several people posted 45nm Core2s as being affected. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wednesday, 10 January 2018 0:02:52 ACDT Larry Stotler wrote:
Yes. Same test, same CPU, two different kernels: NOT VULNERABLE ON 4.14.12-2.g7637ae2-default #1 SMP PREEMPT Sat Jan 6 09:10:30 UTC 2018
The second kernel includes the fix. The check looks for the mitigation, not the flaw.
No, the test attempts to exploit the flaw - if successful, it reports as vulnerable (the combination of processor and kernel); if unsuccessful, then either the processor is not vulnerable (as with my Intel Atom tablet) or the kernel has been patched to successfully mitigate the flaw on an otherwise vulnerable processor (hence why I ran 2 tests). The first test shows that the processor is vulnerable - the second that the specific vulnerability being tested has been mitigated by the fix in the later kernel. There are other tests (flagged by others on this list) that test both Spectre and Meltdown vulnerabilities - this specific test is only for Meltdown. The current 4.14.12-2.g7637ae2-default kernel does not mitigate Spectre Variant 2. Regards, Rodney. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Jan 9, 2018 at 4:32 PM, Larry Stotler <larrystotler@gmail.com> wrote:
Yes. Same test, same CPU, two different kernels: NOT VULNERABLE ON 4.14.12-2.g7637ae2-default #1 SMP PREEMPT Sat Jan 6 09:10:30 UTC 2018
The second kernel includes the fix. The check looks for the mitigation, not the flaw.
Boot with "nopti" kernel option. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Jan 10, 2018 at 8:41 AM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Boot with "nopti" kernel option.
Is there any way to create like a live CD that could run the checks regardless of the installed OS? On my machine with the older 3.16 kernel, it showed not vulnerable, but is that the case or is it because the kernel was too old for the check to work properly? Further, something that can do some simple benchmarks to see how much the fixes will slow them down. I have some older Pentium 4 systems that I will have to find time to put up and install a newer install on and see if they show vulnerable. It would be interesting to see if the older machines would need a different type of exploit that the newer chips. If so, then this could create a new second class of older machines that will never see a proper fix since so few of them are still in use. One more way to try to push people to buy newer hardware when what they have is working perfectly fine. Or, it could be that the fix doesn't slow down the older chips as much and they may not have more value since the newest chips are getting the slowdown. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Jan 10, 2018 at 6:34 PM, Larry Stotler <larrystotler@gmail.com> wrote:
Or, it could be that the fix doesn't slow down the older chips as much and they may not have more value since the newest chips are getting the slowdown.
From Phoronix( https://www.phoronix.com/scan.php?page=article&item=linux-more-x86pti&num=1) :
- On that old Clarksfield-era ThinkPad I wasn't going to be surprised if the performance was disastrous, but it wound up being better than I had anticipated given all the ongoing drama... In general purpose workloads there was no reportable performance difference in our frequent benchmark test cases. Under I/O, the PTI-using kernel did yield some slower results but not by the margins seen on the newer systems with faster storage. The laptop consumer-grade HDD in this laptop appeared to be the main bottleneck and kernel inefficiencies weren't causing as dramatic slowdowns. - To some surprise, when carrying out network benchmarks with netperf/iperf3, in at least those contexts PTI didn't have a noticeable impact on the network throughput performance. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2018-01-10 at 18:34 -0500, Larry Stotler wrote:
On Wed, Jan 10, 2018 at 8:41 AM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Boot with "nopti" kernel option.
Is there any way to create like a live CD that could run the checks regardless of the installed OS? On my machine with the older 3.16 kernel, it showed not vulnerable, but is that the case or is it because the kernel was too old for the check to work properly? Further, something that can do some simple benchmarks to see how much the fixes will slow them down.
AFAIK, what the test does is look if the kernel has been patched, not really test for the vulnerability. - -- Cheers, Carlos E. R. (from openSUSE 42.2 x86_64 "Malachite" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlpWr5QACgkQtTMYHG2NR9UhywCfdgLieu507O5IBHLmGOE4ZhLl GtUAn1F8a+l8AqhGKWPnlLjNQB9TzDLr =heOQ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thursday, 11 January 2018 10:57:56 ACDT Carlos E. R. wrote:
On Wednesday, 2018-01-10 at 18:34 -0500, Larry Stotler wrote:
On Wed, Jan 10, 2018 at 8:41 AM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Boot with "nopti" kernel option.
Is there any way to create like a live CD that could run the checks regardless of the installed OS? On my machine with the older 3.16 kernel, it showed not vulnerable, but is that the case or is it because the kernel was too old for the check to work properly? Further, something that can do some simple benchmarks to see how much the fixes will slow them down.
AFAIK, what the test does is look if the kernel has been patched, not really test for the vulnerability.
No, not from what I've seen. If you run it on a non-vulnerable CPU with an unpatched kernel, it reports as non-vulnerable because the exploit fails. I have tested both ways, on both vulnerable and non-vulnerable CPU's. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Larry Stotler wrote:
I can't seem to pin down whether the Core 2 or Pentium 4/Ms are affected by either of these issues. Most reports say since 1995 or Pentium Pro & Newer. Intel's list starts with the Core ix series and doesn't go back further. Of course I can't find the list on their site, but I found this one:
https://www.tweaktown.com/news/60411/heres-list-intel-cpus-affected-spectre-...
Also what about AMD? Their arch has differences. Is there a list for them? Athlon, AthlonXP, Athlon64?
I've read that even the POWER chips have a spectre vuln(which seems to be more mitigatable)..
While there seems to be a great deal of hype about all this, I have to wonder how easy it is to compromise a system. Most reports save having to already have access to the machine. If that's the case, then I think you are already in trouble. It's also hard to tell how long the spy agencies have known about this and been (ab)using it.
I dunno. I just can't see that much interest in mitigating this on older chips/systems(even though a lot of us find them perfectly usable). Looks like a forced upgrade is going to be contemplated for many even though it's really hard to tell how many other issues are going to be found all things considering. We could all rush out and get the "fixed" hardware when it's released only to end up in the same boat sooner or later.
It sounds like it is pretty much all of them. https://www.kb.cert.org/vuls/id/584653 Maybe some old ones would be OK. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Jan 9, 2018 at 2:50 AM, Larry Stotler <larrystotler@gmail.com> wrote:
I can't seem to pin down whether the Core 2 or Pentium 4/Ms are affected by either of these issues. Most reports say since 1995 or Pentium Pro & Newer. Intel's list starts with the Core ix series and doesn't go back further. Of course I can't find the list on their site, but I found this one:
https://www.tweaktown.com/news/60411/heres-list-intel-cpus-affected-spectre-...
Also what about AMD? Their arch has differences. Is there a list for them? Athlon, AthlonXP, Athlon64?
I've read that even the POWER chips have a spectre vuln(which seems to be more mitigatable)..
While there seems to be a great deal of hype about all this, I have to wonder how easy it is to compromise a system. Most reports save having to already have access to the machine. If that's the case, then I think you are already in trouble. It's also hard to tell how long the spy agencies have known about this and been (ab)using it.
I dunno. I just can't see that much interest in mitigating this on older chips/systems(even though a lot of us find them perfectly usable). Looks like a forced upgrade is going to be contemplated for many even though it's really hard to tell how many other issues are going to be found all things considering. We could all rush out and get the "fixed" hardware when it's released only to end up in the same boat sooner or later.
HI, I use https://github.com/speed47/spectre-meltdown-checker My laptop use Intel i5. This is Tumbleweed 20180107 with kernel 4.14.12-1. The result is: CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Checking count of LFENCE opcodes in kernel: YES (77 opcodes found, which is >= 70)
STATUS: NOT VULNERABLE (heuristic to be improved when official patches become available)
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 * Hardware (CPU microcode) support for mitigation: NO * Kernel support for IBRS: YES * IBRS enabled for Kernel space: UNKNOWN * IBRS enabled for User space: UNKNOWN * Mitigation 2 * Kernel compiled with retpoline option: NO * Kernel compiled with a retpoline-aware compiler: NO
STATUS: VULNERABLE (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)
CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: YES
STATUS: NOT VULNERABLE (PTI mitigates the vulnerability)
It is still vulnerable for Spectre Variant 2 with mitigation 2. Regards, -- Edwin -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (11)
-
Andrei Borzenkov -
Carlos E. R. -
Dave Plater -
David C. Rankin -
Knurpht - Gertjan Lettink -
Larry Stotler -
Lew Wolfgang -
Marcus Meissner -
medwinz -
Richmond -
Rodney Baker