From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-181746-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 067D61382C5
	for <garchives@archives.gentoo.org>; Wed,  3 Jan 2018 20:35:40 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 01677E083D;
	Wed,  3 Jan 2018 20:35:33 +0000 (UTC)
Received: from auth-3.ukservers.net (auth-3.ukservers.net [217.10.138.152])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 92D4CE082D
	for <gentoo-user@lists.gentoo.org>; Wed,  3 Jan 2018 20:35:32 +0000 (UTC)
Received: from [192.168.1.64] (host86-157-202-239.range86-157.btcentralplus.com [86.157.202.239])
	by auth-3.ukservers.net (Postfix smtp) with ESMTPA id D610E5412F4
	for <gentoo-user@lists.gentoo.org>; Wed,  3 Jan 2018 20:35:30 +0000 (GMT)
Subject: Re: [gentoo-user] Re: old kernels are installed during the upgrade
To: gentoo-user@lists.gentoo.org
References: <HE1P189MB0410D7DCD56EB38F8C7A8E9BEF190@HE1P189MB0410.EURP189.PROD.OUTLOOK.COM>
 <2CA973AB-B583-4F4F-A0B3-0FE347A672BD@stellar.eclipse.co.uk>
 <v56the-5ek.ln1@hurikhan77.spdns.de>
 <CAGfcS_nwSFyOxwQVs31=PWs0=Qk-Zuj7fv2u3YG1P5dxtnYCHg@mail.gmail.com>
 <CAC=wYCEG10Cucgpv_9chuLr4cBJHYgkwDy8-hX2bmYyho=TtWw@mail.gmail.com>
From: Wols Lists <antlists@youngman.org.uk>
X-Enigmail-Draft-Status: N1110
Message-ID: <5A4D3E92.5010908@youngman.org.uk>
Date: Wed, 3 Jan 2018 20:35:30 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
In-Reply-To: <CAC=wYCEG10Cucgpv_9chuLr4cBJHYgkwDy8-hX2bmYyho=TtWw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 6d6e69a0-a737-4c81-932e-0f0b7c756443
X-Archives-Hash: 55b56a24eb9937d462e668377cfa7869

On 02/01/18 22:58, Adam Carter wrote:
> AMD coder's patch to disable the new code (to avoid the performance hit)
> where he states the issue doesnt exist on AMD processors;
> https://lkml.org/lkml/2017/12/27/2

Read LWN, specifically the links to the people who covered the bug.

It's a flaw in speculative forward processing, where the security does
not travel with the speculative processing. So user code can trigger a
page fault that references kernel code, causing that page to be
retrieved. OOPPSSSS. AMD keeps security context with the code, causing
an attempt to exploit the bug to fail with "invalid security context".

And as I understand it the code can be disabled with either a compile
time option or command line switch to the kernel. The relevant code is
called KAISER, which forces kernel and user address space into different
contexts, and causes a nasty context-switching overhead on both Intel
and AMD cpus.

Cheers,
Wol