* [gentoo-user] Kernel 4.9.95 @ 2018-04-25 16:06 Peter Humphrey 2018-04-26 9:52 ` Helmut Jarausch 0 siblings, 1 reply; 15+ messages in thread From: Peter Humphrey @ 2018-04-25 16:06 UTC (permalink / raw To: gentoo-user As this version of gentoo-sources has now hit the stable mirrors, would anyone like to summarise the position wrt Spectre, Meltdown and anything else that's relevant? Just to help us numbskulls sleep at night. -- Regards, Peter. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-25 16:06 [gentoo-user] Kernel 4.9.95 Peter Humphrey @ 2018-04-26 9:52 ` Helmut Jarausch 2018-04-26 9:57 ` John Covici 2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey 0 siblings, 2 replies; 15+ messages in thread From: Helmut Jarausch @ 2018-04-26 9:52 UTC (permalink / raw To: gentoo-user On 04/25/2018 06:06:32 PM, Peter Humphrey wrote: > As this version of gentoo-sources has now hit the stable mirrors, > would anyone > like to summarise the position wrt Spectre, Meltdown and anything > else that's > relevant? Just to help us numbskulls sleep at night. > I can't say anything about that kernel since I always use the most recent kernel available, currently 4.16.4. I haven't had any problems with bleeding edge gentoo-sources. AFAIR, only work around for this hardware problems have appeared in 4.14 or 4.15. I don't know if these have been backported to 4.9.95. The other fix should be a contained in a recent version sys-kernel/linux-firmware (I have 20180416). You might have a look at http://kroah.com/log/blog/2018/01/06/meltdown-status/ https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/ https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/ https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/ Helmut ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-26 9:52 ` Helmut Jarausch @ 2018-04-26 9:57 ` John Covici 2018-04-26 10:13 ` Adam Carter 2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey 1 sibling, 1 reply; 15+ messages in thread From: John Covici @ 2018-04-26 9:57 UTC (permalink / raw To: gentoo-user On Thu, 26 Apr 2018 05:52:30 -0400, Helmut Jarausch wrote: > > On 04/25/2018 06:06:32 PM, Peter Humphrey wrote: > > As this version of gentoo-sources has now hit the stable > > mirrors, would anyone > > like to summarise the position wrt Spectre, Meltdown and > > anything else that's > > relevant? Just to help us numbskulls sleep at night. > > > > I can't say anything about that kernel since I always use the > most recent kernel available, currently > 4.16.4. I haven't had any problems with bleeding edge gentoo-sources. > AFAIR, only work around for this hardware problems have appeared > in 4.14 or 4.15. > I don't know if these have been backported to 4.9.95. > > The other fix should be a contained in a recent version > sys-kernel/linux-firmware (I have 20180416). > > You might have a look at > > > http://kroah.com/log/blog/2018/01/06/meltdown-status/ > https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/ > https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/ > https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/ > As far as I know anything after 4.9.82 has all the fixes for meltdown/spectra which have been back ported since this is a long term release -- I am sure 4.9.95 will be even better and I will go to it myself in the next days. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici wb2una covici@ccs.covici.com ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-26 9:57 ` John Covici @ 2018-04-26 10:13 ` Adam Carter 2018-04-26 10:28 ` Peter Humphrey 0 siblings, 1 reply; 15+ messages in thread From: Adam Carter @ 2018-04-26 10:13 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1044 bytes --] On Thu, Apr 26, 2018 at 7:57 PM, John Covici <covici@ccs.covici.com> wrote: > On Thu, 26 Apr 2018 05:52:30 -0400, > Helmut Jarausch wrote: > > > > On 04/25/2018 06:06:32 PM, Peter Humphrey wrote: > > > As this version of gentoo-sources has now hit the stable > > > mirrors, would anyone > > > like to summarise the position wrt Spectre, Meltdown and > > > anything else that's > > > relevant? Just to help us numbskulls sleep at night. > > As far as I know anything after 4.9.82 has all the fixes for > meltdown/spectra which have been back ported since this is a long term > release -- I am sure 4.9.95 will be even better and I will go to it > myself in the next days. > > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything? For 4.16.3; $ grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline [-- Attachment #2: Type: text/html, Size: 1621 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-26 10:13 ` Adam Carter @ 2018-04-26 10:28 ` Peter Humphrey 2018-04-26 10:43 ` Adam Carter 2018-04-27 5:44 ` Nikos Chantziaras 0 siblings, 2 replies; 15+ messages in thread From: Peter Humphrey @ 2018-04-26 10:28 UTC (permalink / raw To: gentoo-user On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote: > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything? # grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline, IBPB, IBRS_FW -- Regards, Peter. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-26 10:28 ` Peter Humphrey @ 2018-04-26 10:43 ` Adam Carter 2018-04-26 11:42 ` Mick 2018-04-27 5:44 ` Nikos Chantziaras 1 sibling, 1 reply; 15+ messages in thread From: Adam Carter @ 2018-04-26 10:43 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 834 bytes --] On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey <peter@prh.myzen.co.uk> wrote: > On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote: > > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything? > > # grep . /sys/devices/system/cpu/vulnerabilities/* > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user > pointer sanitization > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal > generic ASM retpoline, IBPB, IBRS_FW > > FWIW on my Intel box @4.16.3 /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW [-- Attachment #2: Type: text/html, Size: 1325 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-26 10:43 ` Adam Carter @ 2018-04-26 11:42 ` Mick 2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras 0 siblings, 1 reply; 15+ messages in thread From: Mick @ 2018-04-26 11:42 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1369 bytes --] On Thursday, 26 April 2018 11:43:23 BST Adam Carter wrote: > On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey <peter@prh.myzen.co.uk> > > wrote: > > On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote: > > > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything? > > > > # grep . /sys/devices/system/cpu/vulnerabilities/* > > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user > > pointer sanitization > > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal > > generic ASM retpoline, IBPB, IBRS_FW > > FWIW on my Intel box @4.16.3 > > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user > pointer sanitization > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic > retpoline, IBPB, IBRS_FW Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? $ grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline Are there some kernel options I should have selected manually? -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95 2018-04-26 11:42 ` Mick @ 2018-04-27 5:42 ` Nikos Chantziaras 2018-04-27 7:01 ` Mick 2018-04-27 17:20 ` Klaus Ethgen 0 siblings, 2 replies; 15+ messages in thread From: Nikos Chantziaras @ 2018-04-27 5:42 UTC (permalink / raw To: gentoo-user On 26/04/18 14:42, Mick wrote: > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? > > $ grep . /sys/devices/system/cpu/vulnerabilities/* > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer > sanitization > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic > retpoline > > Are there some kernel options I should have selected manually? Do you have the latest sys-firmware/intel-microcode installed and configured correctly? You need to enable the "early microcode" kernel option, and you also need to add /boot/intel-uc.img to your list of initrds to load in grub2. Alternatively, a BIOS update for your mainboard (if one exists; most older mainboards won't get updates from the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards, you need the microcode package.) ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Re: Kernel 4.9.95 2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras @ 2018-04-27 7:01 ` Mick 2018-04-27 17:20 ` Klaus Ethgen 1 sibling, 0 replies; 15+ messages in thread From: Mick @ 2018-04-27 7:01 UTC (permalink / raw To: gentoo-user [-- Attachment #1: Type: text/plain, Size: 1421 bytes --] On Friday, 27 April 2018 06:42:56 BST Nikos Chantziaras wrote: > On 26/04/18 14:42, Mick wrote: > > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? > > > > $ grep . /sys/devices/system/cpu/vulnerabilities/* > > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user > > pointer sanitization > > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full > > generic > > retpoline > > > > Are there some kernel options I should have selected manually? > > Do you have the latest sys-firmware/intel-microcode installed and > configured correctly? You need to enable the "early microcode" kernel > option, and you also need to add /boot/intel-uc.img to your list of > initrds to load in grub2. Alternatively, a BIOS update for your > mainboard (if one exists; most older mainboards won't get updates from > the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards, > you need the microcode package.) Ahh! If the 'IBPB' & 'IBRS_FW' components come from the microcode this probably explains why I don't have them. I am (still) running an early i7 Intel, which means it won't get any more microcode updates. The latest available is 'intel-ucode/06-1e-05' and as we know Intel has abandoned all older owners of their hardware. One good reason for me to abandon them in turn. :-) -- Regards, Mick [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Re: Kernel 4.9.95 2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras 2018-04-27 7:01 ` Mick @ 2018-04-27 17:20 ` Klaus Ethgen 2018-04-27 18:51 ` Nikos Chantziaras 1 sibling, 1 reply; 15+ messages in thread From: Klaus Ethgen @ 2018-04-27 17:20 UTC (permalink / raw To: gentoo-user -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras: > On 26/04/18 14:42, Mick wrote: > > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? > > > > $ grep . /sys/devices/system/cpu/vulnerabilities/* > > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer > > sanitization > > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic > > retpoline I did install and compile 4.15.18, the last version from branch 4.15. Unfortunatelly I just get the following: ~> uname -a Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux ~> grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline The problem here is, that this is a 32bit system and the CPU is not able to run 64bit. So there are some points I want to point to: - - Meltdown is fully vulnerable. While there is a fix for 64bit kernel, I would like to know when or if gentoo will port the mitigation for 32bit systems. - - For Spectre 2, there is some mitigation in kernel but the compiler is to old to support retpoline. When I look to gcc meta data, I see a couples of versions: ~> equery m gcc * sys-devel/gcc [gentoo] Maintainer: toolchain@gentoo.org (Gentoo Toolchain Project) Upstream: Remote-ID: cpe:/a:gnu:gcc ID: cpe Remote-ID: dgcc ID: sourceforge Homepage: https://gcc.gnu.org/ Location: /usr/portage/sys-devel/gcc Keywords: 2.95.3-r10:2.95.3: ~alpha ~ppc ~sparc ~x86 Keywords: 3.3.6-r1:3.3.6: ~amd64 ~x86 Keywords: 3.4.6-r2:3.4.6: alpha amd64 arm ppc ppc64 sparc x86 ~ia64 ~mips ~s390 ~sh -* ~x86-fbsd Keywords: 4.0.4:4.0.4: Keywords: 4.1.2:4.1.2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh -* ~x86-fbsd Keywords: 4.2.4-r1:4.2.4: hppa ~alpha ~amd64 ~arm ~ia64 ~m68k ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd Keywords: 4.3.6-r1:4.3.6: -hppa alpha amd64 arm ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords: 4.4.7:4.4.7: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords: 4.5.4:4.5.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords: 4.6.4:4.6.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords: 4.7.4-r1:4.7.4: -amd64-fbsd -x86-fbsd alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips Keywords: 4.8.5-r1:4.8.5: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd Keywords: 4.9.4:4.9.4: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd Keywords: 5.4.0-r4:5.4.0: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd Keywords: 6.4.0:6.4.0: Keywords: 6.4.0-r1:6.4.0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd Keywords: 7.2.0:7.2.0: Keywords: 7.2.0-r1:7.2.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd Keywords: 7.3.0:7.3.0: Keywords: 7.3.0-r1:7.3.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd Keywords: 7.3.0-r2:7.3.0: License: GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+ So which version is stable enough to use? 7.3.0, I use on a different (non-Gentoo) system. But why -r1 and -r2? > Do you have the latest sys-firmware/intel-microcode installed and configured > correctly? You need to enable the "early microcode" kernel option, and you > also need to add /boot/intel-uc.img to your list of initrds to load in > grub2. Alternatively, a BIOS update for your mainboard (if one exists; most > older mainboards won't get updates from the likes of Asus, MSI, Gigabyte, > etc, etc, etc, so for older boards, you need the microcode package.) So, coming to firmware. I do not think that intel is releasing firmware update for that CPU. So I fully rely on kernel (and compiler). Nevertheless, I need to know for other system what exactly is the way to use firmware on gentoo. There is no /boot/intel-uc.img on my system and genkernel complain about firmware compiling (what seems to prove that there is none for my CPU). However, if I read correct, genkernel should automatically include firmware and firmware loading into the generated ramdisk. Right? Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@Ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjW74ACgkQpnwKsYAZ 9qyM5QwAsj0M5TT3O+RYPXana71nzgWjd72m0DuCDO/Yfw+79G0NuWrMFwyU/WkZ OPlspMBRvOxo1UTuOMuUZ7wVqcQNen9m/3XZOQdmhO7NpqdfI5IozZH5dm0tdUcH qOEcxkQQPj5h9fLqyfiOjKhOFKEtHIF4FuApaJuR2xGhTd4rV5Blm1zLBBZ1uSU6 ImpizYQ4kvCMj/n9L+1S6dd+iqlF0jQBDYw98mcYp3UU8iziA75Kq2a87ZFtjo0y mENiyu8A4RS+WBItT5jVYDymozs3zeWsbgmNH8k1O4CTy30OqeLiZQdfGow2MC+x 4D0rLmN7Ky+ZDMZARtUPhvbkdC+nUMkfveOOKZbpe3qaAa+8QwVZVV8rC2I7fK8T kex6adlaN1e8GU9UyeR7mKc5cjESRudM6wcZSJ1ZEx3uLq03IIcdJAoyyBHQz1OC oQil2Vf4SP0QMhAEp/D4XziEzbkZxNErXwGJfVDHSPlB9wtRs4Mf3F2PGOI20h6S 71mhfjLK =BqH+ -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95 2018-04-27 17:20 ` Klaus Ethgen @ 2018-04-27 18:51 ` Nikos Chantziaras 2018-04-27 18:53 ` Nikos Chantziaras 0 siblings, 1 reply; 15+ messages in thread From: Nikos Chantziaras @ 2018-04-27 18:51 UTC (permalink / raw To: gentoo-user On 27/04/18 20:20, Klaus Ethgen wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras: >> On 26/04/18 14:42, Mick wrote: >>> Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ? >>> >>> $ grep . /sys/devices/system/cpu/vulnerabilities/* >>> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI >>> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer >>> sanitization >>> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic >>> retpoline > > I did install and compile 4.15.18, the last version from branch 4.15. > Unfortunatelly I just get the following: > ~> uname -a > Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux > ~> grep . /sys/devices/system/cpu/vulnerabilities/* > /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline 4.15 is not a supported kernel. Either you need to stay on the bleeding edge, meaning 4.16, or use a supported kernel, like 4.14. See: https://www.kernel.org Basically, you need to always use the "mainline" kernel, or a "longterm" kernel. Other kernels do not NOT get any updates whatsoever. They are considered dead. 4.15 is a dead kernel. ^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95 2018-04-27 18:51 ` Nikos Chantziaras @ 2018-04-27 18:53 ` Nikos Chantziaras 0 siblings, 0 replies; 15+ messages in thread From: Nikos Chantziaras @ 2018-04-27 18:53 UTC (permalink / raw To: gentoo-user On 27/04/18 21:51, Nikos Chantziaras wrote: > 4.15 is not a supported kernel. Either you need to stay on the bleeding > edge, meaning 4.16, or use a supported kernel, like 4.14. See: > > https://www.kernel.org > > Basically, you need to always use the "mainline" kernel, or a "longterm" > kernel. Other kernels do not NOT get any updates whatsoever. They are > considered dead. 4.15 is a dead kernel. Sorry, should have said "stable", not "mainline." Mainline is the development version. ^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95 2018-04-26 10:28 ` Peter Humphrey 2018-04-26 10:43 ` Adam Carter @ 2018-04-27 5:44 ` Nikos Chantziaras 1 sibling, 0 replies; 15+ messages in thread From: Nikos Chantziaras @ 2018-04-27 5:44 UTC (permalink / raw To: gentoo-user On 26/04/18 13:28, Peter Humphrey wrote: > On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote: >> Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything? > > # grep . /sys/devices/system/cpu/vulnerabilities/* > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline, IBPB, IBRS_FW That means the kernel implements the needed mitigations, except for full GCC retpoline, which requires a recent GCC (7.3.0 here.) I don't know if 6.4.0 supports it. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-26 9:52 ` Helmut Jarausch 2018-04-26 9:57 ` John Covici @ 2018-04-26 10:15 ` Peter Humphrey 2018-04-26 20:44 ` Walter Dnes 1 sibling, 1 reply; 15+ messages in thread From: Peter Humphrey @ 2018-04-26 10:15 UTC (permalink / raw To: gentoo-user On Thursday, 26 April 2018 10:52:30 BST Helmut Jarausch wrote: > On 04/25/2018 06:06:32 PM, Peter Humphrey wrote: > > As this version of gentoo-sources has now hit the stable mirrors, > > would anyone > > like to summarise the position wrt Spectre, Meltdown and anything > > else that's > > relevant? Just to help us numbskulls sleep at night. > > I can't say anything about that kernel since I always use the most > recent kernel available, currently 4.16.4. I haven't had any problems with > bleeding edge gentoo-sources. AFAIR, only work around for this hardware > problems have appeared in 4.14 or 4.15. I don't know if these have been > backported to 4.9.95. > > The other fix should be a contained in a recent version > sys-kernel/linux-firmware (I have 20180416). The latest stable version is 20180103-r1, which is what I have here. I don't think I'll experiment with CPU microcode until it's fully tested and stable. > You might have a look at > > http://kroah.com/log/blog/2018/01/06/meltdown-status/ > https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown > -spectre/ > https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltd > own-and-spectre/ > https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-> meltdown-fixes/ Thanks for the pointers. -- Regards, Peter. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95 2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey @ 2018-04-26 20:44 ` Walter Dnes 0 siblings, 0 replies; 15+ messages in thread From: Walter Dnes @ 2018-04-26 20:44 UTC (permalink / raw To: gentoo-user On Thu, Apr 26, 2018 at 11:15:23AM +0100, Peter Humphrey wrote I installed it today, having run into a few mysterious *TOTAL* lockups under 4.12.something (could not ssh in and magic-SysRQ didn't work). Anyhow, "make oldconfig" asked a couple of questions about "retpoline" and switching off user access to kernel memory under some context switches. I played safe and enabled the protections. -- Walter Dnes <waltdnes@waltdnes.org> I don't run "desktop environments"; I run useful applications ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2018-04-27 18:57 UTC | newest] Thread overview: 15+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-04-25 16:06 [gentoo-user] Kernel 4.9.95 Peter Humphrey 2018-04-26 9:52 ` Helmut Jarausch 2018-04-26 9:57 ` John Covici 2018-04-26 10:13 ` Adam Carter 2018-04-26 10:28 ` Peter Humphrey 2018-04-26 10:43 ` Adam Carter 2018-04-26 11:42 ` Mick 2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras 2018-04-27 7:01 ` Mick 2018-04-27 17:20 ` Klaus Ethgen 2018-04-27 18:51 ` Nikos Chantziaras 2018-04-27 18:53 ` Nikos Chantziaras 2018-04-27 5:44 ` Nikos Chantziaras 2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey 2018-04-26 20:44 ` Walter Dnes
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox