[gentoo-user] Vulnerability info in /sys

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] Vulnerability info in /sys
@ 2018-02-13  3:24 Daniel Frey
  2018-02-13  3:39 ` [gentoo-user] " Ian Zimmerman
  0 siblings, 1 reply; 7+ messages in thread
From: Daniel Frey @ 2018-02-13  3:24 UTC (permalink / raw
  To: gentoo-user

I've read online that there should be vulnerability info (Meltdown,
Spectre) in /sys under /sys/devices/system/cpu/vulnerabilities but this
doesn't exist on my PC.

Another place is in /proc/cpuinfo, no info on meltdown/spectre in there
either.

Yet another place is in dmesg, (grep 'page tables isolation') nothing
there either.

I've updated to gentoo-sources-4.9.76-r1, shouldn't this info be present?

$ uname -a
Linux zatpc 4.9.76-gentoo-r1 #1 SMP Mon Feb 12 09:20:32 PST 2018 x86_64
Intel(R) Core(TM)2 Extreme CPU X9650 @ 3.00GHz GenuineIntel GNU/Linux

$ zgrep PAGE_TABLE_ISO /proc/config.gz
CONFIG_PAGE_TABLE_ISOLATION=y

Or does the page table isolation need to be explicitly turned on?

Dan

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user] Re: Vulnerability info in /sys
  2018-02-13  3:24 [gentoo-user] Vulnerability info in /sys Daniel Frey
@ 2018-02-13  3:39 ` Ian Zimmerman
  2018-02-14  2:38   ` Daniel Frey
  0 siblings, 1 reply; 7+ messages in thread
From: Ian Zimmerman @ 2018-02-13  3:39 UTC (permalink / raw
  To: gentoo-user

On 2018-02-12 19:24, Daniel Frey wrote:

> I've read online that there should be vulnerability info (Meltdown,
> Spectre) in /sys under /sys/devices/system/cpu/vulnerabilities but this
> doesn't exist on my PC.

> I've updated to gentoo-sources-4.9.76-r1, shouldn't this info be present?
> 
> $ uname -a
> Linux zatpc 4.9.76-gentoo-r1 #1 SMP Mon Feb 12 09:20:32 PST 2018 x86_64
> Intel(R) Core(TM)2 Extreme CPU X9650 @ 3.00GHz GenuineIntel GNU/Linux

See the other threads: you need at least 4.9.79 for the /sys bits.

If you've enabled PTI at build time it's enabled, no need to do anything
else.

Later 4.9 kernels also contain patches for spectre (PTI is not relevant
there).

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Re: Vulnerability info in /sys
  2018-02-13  3:39 ` [gentoo-user] " Ian Zimmerman
@ 2018-02-14  2:38   ` Daniel Frey
  2018-02-14  3:19     ` Ian Zimmerman
  2018-02-14 17:29     ` Nikos Chantziaras
  0 siblings, 2 replies; 7+ messages in thread
From: Daniel Frey @ 2018-02-14  2:38 UTC (permalink / raw
  To: gentoo-user

On 02/12/18 19:39, Ian Zimmerman wrote:
> On 2018-02-12 19:24, Daniel Frey wrote:
> 
>> I've read online that there should be vulnerability info (Meltdown,
>> Spectre) in /sys under /sys/devices/system/cpu/vulnerabilities but this
>> doesn't exist on my PC.
> 
>> I've updated to gentoo-sources-4.9.76-r1, shouldn't this info be present?
>>
>> $ uname -a
>> Linux zatpc 4.9.76-gentoo-r1 #1 SMP Mon Feb 12 09:20:32 PST 2018 x86_64
>> Intel(R) Core(TM)2 Extreme CPU X9650 @ 3.00GHz GenuineIntel GNU/Linux
> 
> See the other threads: you need at least 4.9.79 for the /sys bits.
> 
> If you've enabled PTI at build time it's enabled, no need to do anything
> else.
> 
> Later 4.9 kernels also contain patches for spectre (PTI is not relevant
> there).
> 

I'm surprised I missed those threads, I read all messages on here.
According to the thread I found it's actually starts on 4.9.77, I'm just
on the latest stable (.76).

Dan


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user] Re: Vulnerability info in /sys
  2018-02-14  2:38   ` Daniel Frey
@ 2018-02-14  3:19     ` Ian Zimmerman
  2018-02-14 17:29     ` Nikos Chantziaras
  1 sibling, 0 replies; 7+ messages in thread
From: Ian Zimmerman @ 2018-02-14  3:19 UTC (permalink / raw
  To: gentoo-user

On 2018-02-13 18:38, Daniel Frey wrote:

> > See the other threads: you need at least 4.9.79 for the /sys bits.

> I'm surprised I missed those threads, I read all messages on here.
> According to the thread I found it's actually starts on 4.9.77, I'm
> just on the latest stable (.76).

You're probably right; it just so happened that I archived my
gentoo-user mailbox between then and now, so I can't easily read those
messages, I just remember they exist.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for the domain.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user] Re: Vulnerability info in /sys
  2018-02-14  2:38   ` Daniel Frey
  2018-02-14  3:19     ` Ian Zimmerman
@ 2018-02-14 17:29     ` Nikos Chantziaras
  2018-02-15  0:57       ` Daniel Frey
  1 sibling, 1 reply; 7+ messages in thread
From: Nikos Chantziaras @ 2018-02-14 17:29 UTC (permalink / raw
  To: gentoo-user

On 14/02/18 04:38, Daniel Frey wrote:
> On 02/12/18 19:39, Ian Zimmerman wrote:
>> On 2018-02-12 19:24, Daniel Frey wrote:
>>
>>> I've read online that there should be vulnerability info (Meltdown,
>>> Spectre) in /sys under /sys/devices/system/cpu/vulnerabilities but this
>>> doesn't exist on my PC.
>>> [...]
>>
>> See the other threads: you need at least 4.9.79 for the /sys bits.
>> [...]
> 
> I'm surprised I missed those threads, I read all messages on here.
> According to the thread I found it's actually starts on 4.9.77, I'm just
> on the latest stable (.76).

During "special emergencies" like this one, it would be a good idea to 
use the latest 4.9.x, regardless of whether portage marked it "stable" 
or not. At least for a while and until the situation has settled down again.



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Re: Vulnerability info in /sys
  2018-02-14 17:29     ` Nikos Chantziaras
@ 2018-02-15  0:57       ` Daniel Frey
  2018-02-15  1:22         ` Nikos Chantziaras
  0 siblings, 1 reply; 7+ messages in thread
From: Daniel Frey @ 2018-02-15  0:57 UTC (permalink / raw
  To: gentoo-user

On 02/14/18 09:29, Nikos Chantziaras wrote:
> On 14/02/18 04:38, Daniel Frey wrote:
>> On 02/12/18 19:39, Ian Zimmerman wrote:
>>> On 2018-02-12 19:24, Daniel Frey wrote:
>>>
>>>> I've read online that there should be vulnerability info (Meltdown,
>>>> Spectre) in /sys under /sys/devices/system/cpu/vulnerabilities but this
>>>> doesn't exist on my PC.
>>>> [...]
>>>
>>> See the other threads: you need at least 4.9.79 for the /sys bits.
>>> [...]
>>
>> I'm surprised I missed those threads, I read all messages on here.
>> According to the thread I found it's actually starts on 4.9.77, I'm just
>> on the latest stable (.76).
> 
> During "special emergencies" like this one, it would be a good idea to
> use the latest 4.9.x, regardless of whether portage marked it "stable"
> or not. At least for a while and until the situation has settled down
> again.
> 
> 

Nah, I like stability over everything else. I recall lots of pain and
instability in January when everyone rushed to patch the flaws (both
Windows and linux.)

These are my personal computers, not a work environment.

Dan


^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user] Re: Vulnerability info in /sys
  2018-02-15  0:57       ` Daniel Frey
@ 2018-02-15  1:22         ` Nikos Chantziaras
  0 siblings, 0 replies; 7+ messages in thread
From: Nikos Chantziaras @ 2018-02-15  1:22 UTC (permalink / raw
  To: gentoo-user

On 15/02/18 02:57, Daniel Frey wrote:
> On 02/14/18 09:29, Nikos Chantziaras wrote:
>> On 14/02/18 04:38, Daniel Frey wrote:
>>> On 02/12/18 19:39, Ian Zimmerman wrote:
>>>> On 2018-02-12 19:24, Daniel Frey wrote:
>>>>
>>>>> I've read online that there should be vulnerability info (Meltdown,
>>>>> Spectre) in /sys under /sys/devices/system/cpu/vulnerabilities but this
>>>>> doesn't exist on my PC.
>>>>> [...]
>>>>
>>>> See the other threads: you need at least 4.9.79 for the /sys bits.
>>>> [...]
>>>
>>> I'm surprised I missed those threads, I read all messages on here.
>>> According to the thread I found it's actually starts on 4.9.77, I'm just
>>> on the latest stable (.76).
>>
>> During "special emergencies" like this one, it would be a good idea to
>> use the latest 4.9.x, regardless of whether portage marked it "stable"
>> or not. At least for a while and until the situation has settled down
>> again.
>>
>>
> 
> Nah, I like stability over everything else. I recall lots of pain and
> instability in January when everyone rushed to patch the flaws (both
> Windows and linux.)
> 
> These are my personal computers, not a work environment.

Personal preference of course, but I prefer to risk some instability 
compared to risking having a bitcoin miner infesting my PC or some 
botnet worm.

That's just me though.



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-02-15  1:22 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-13  3:24 [gentoo-user] Vulnerability info in /sys Daniel Frey
2018-02-13  3:39 ` [gentoo-user] " Ian Zimmerman
2018-02-14  2:38   ` Daniel Frey
2018-02-14  3:19     ` Ian Zimmerman
2018-02-14 17:29     ` Nikos Chantziaras
2018-02-15  0:57       ` Daniel Frey
2018-02-15  1:22         ` Nikos Chantziaras

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox