* [gentoo-user] Kernel 4.9.95
@ 2018-04-25 16:06 Peter Humphrey
2018-04-26 9:52 ` Helmut Jarausch
0 siblings, 1 reply; 15+ messages in thread
From: Peter Humphrey @ 2018-04-25 16:06 UTC (permalink / raw
To: gentoo-user
As this version of gentoo-sources has now hit the stable mirrors, would anyone
like to summarise the position wrt Spectre, Meltdown and anything else that's
relevant? Just to help us numbskulls sleep at night.
--
Regards,
Peter.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-25 16:06 [gentoo-user] Kernel 4.9.95 Peter Humphrey
@ 2018-04-26 9:52 ` Helmut Jarausch
2018-04-26 9:57 ` John Covici
2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey
0 siblings, 2 replies; 15+ messages in thread
From: Helmut Jarausch @ 2018-04-26 9:52 UTC (permalink / raw
To: gentoo-user
On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> As this version of gentoo-sources has now hit the stable mirrors,
> would anyone
> like to summarise the position wrt Spectre, Meltdown and anything
> else that's
> relevant? Just to help us numbskulls sleep at night.
>
I can't say anything about that kernel since I always use the most
recent kernel available, currently
4.16.4. I haven't had any problems with bleeding edge gentoo-sources.
AFAIR, only work around for this hardware problems have appeared in
4.14 or 4.15.
I don't know if these have been backported to 4.9.95.
The other fix should be a contained in a recent version
sys-kernel/linux-firmware (I have 20180416).
You might have a look at
http://kroah.com/log/blog/2018/01/06/meltdown-status/
https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/
https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/
https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/
Helmut
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-26 9:52 ` Helmut Jarausch
@ 2018-04-26 9:57 ` John Covici
2018-04-26 10:13 ` Adam Carter
2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey
1 sibling, 1 reply; 15+ messages in thread
From: John Covici @ 2018-04-26 9:57 UTC (permalink / raw
To: gentoo-user
On Thu, 26 Apr 2018 05:52:30 -0400,
Helmut Jarausch wrote:
>
> On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > As this version of gentoo-sources has now hit the stable
> > mirrors, would anyone
> > like to summarise the position wrt Spectre, Meltdown and
> > anything else that's
> > relevant? Just to help us numbskulls sleep at night.
> >
>
> I can't say anything about that kernel since I always use the
> most recent kernel available, currently
> 4.16.4. I haven't had any problems with bleeding edge gentoo-sources.
> AFAIR, only work around for this hardware problems have appeared
> in 4.14 or 4.15.
> I don't know if these have been backported to 4.9.95.
>
> The other fix should be a contained in a recent version
> sys-kernel/linux-firmware (I have 20180416).
>
> You might have a look at
>
>
> http://kroah.com/log/blog/2018/01/06/meltdown-status/
> https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/
> https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/
> https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/
>
As far as I know anything after 4.9.82 has all the fixes for
meltdown/spectra which have been back ported since this is a long term
release -- I am sure 4.9.95 will be even better and I will go to it
myself in the next days.
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici wb2una
covici@ccs.covici.com
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-26 9:57 ` John Covici
@ 2018-04-26 10:13 ` Adam Carter
2018-04-26 10:28 ` Peter Humphrey
0 siblings, 1 reply; 15+ messages in thread
From: Adam Carter @ 2018-04-26 10:13 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1044 bytes --]
On Thu, Apr 26, 2018 at 7:57 PM, John Covici <covici@ccs.covici.com> wrote:
> On Thu, 26 Apr 2018 05:52:30 -0400,
> Helmut Jarausch wrote:
> >
> > On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > > As this version of gentoo-sources has now hit the stable
> > > mirrors, would anyone
> > > like to summarise the position wrt Spectre, Meltdown and
> > > anything else that's
> > > relevant? Just to help us numbskulls sleep at night.
>
> As far as I know anything after 4.9.82 has all the fixes for
> meltdown/spectra which have been back ported since this is a long term
> release -- I am sure 4.9.95 will be even better and I will go to it
> myself in the next days.
>
>
Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
For 4.16.3;
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline
[-- Attachment #2: Type: text/html, Size: 1621 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-26 9:52 ` Helmut Jarausch
2018-04-26 9:57 ` John Covici
@ 2018-04-26 10:15 ` Peter Humphrey
2018-04-26 20:44 ` Walter Dnes
1 sibling, 1 reply; 15+ messages in thread
From: Peter Humphrey @ 2018-04-26 10:15 UTC (permalink / raw
To: gentoo-user
On Thursday, 26 April 2018 10:52:30 BST Helmut Jarausch wrote:
> On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > As this version of gentoo-sources has now hit the stable mirrors,
> > would anyone
> > like to summarise the position wrt Spectre, Meltdown and anything
> > else that's
> > relevant? Just to help us numbskulls sleep at night.
>
> I can't say anything about that kernel since I always use the most
> recent kernel available, currently 4.16.4. I haven't had any problems with
> bleeding edge gentoo-sources. AFAIR, only work around for this hardware
> problems have appeared in 4.14 or 4.15. I don't know if these have been
> backported to 4.9.95.
>
> The other fix should be a contained in a recent version
> sys-kernel/linux-firmware (I have 20180416).
The latest stable version is 20180103-r1, which is what I have here. I don't
think I'll experiment with CPU microcode until it's fully tested and stable.
> You might have a look at
>
> http://kroah.com/log/blog/2018/01/06/meltdown-status/
> https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown
> -spectre/
> https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltd
> own-and-spectre/
> https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-> meltdown-fixes/
Thanks for the pointers.
--
Regards,
Peter.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-26 10:13 ` Adam Carter
@ 2018-04-26 10:28 ` Peter Humphrey
2018-04-26 10:43 ` Adam Carter
2018-04-27 5:44 ` Nikos Chantziaras
0 siblings, 2 replies; 15+ messages in thread
From: Peter Humphrey @ 2018-04-26 10:28 UTC (permalink / raw
To: gentoo-user
On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline, IBPB, IBRS_FW
--
Regards,
Peter.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-26 10:28 ` Peter Humphrey
@ 2018-04-26 10:43 ` Adam Carter
2018-04-26 11:42 ` Mick
2018-04-27 5:44 ` Nikos Chantziaras
1 sibling, 1 reply; 15+ messages in thread
From: Adam Carter @ 2018-04-26 10:43 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 834 bytes --]
On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey <peter@prh.myzen.co.uk>
wrote:
> On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
>
> # grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal
> generic ASM retpoline, IBPB, IBRS_FW
>
>
FWIW on my Intel box @4.16.3
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
retpoline, IBPB, IBRS_FW
[-- Attachment #2: Type: text/html, Size: 1325 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-26 10:43 ` Adam Carter
@ 2018-04-26 11:42 ` Mick
2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras
0 siblings, 1 reply; 15+ messages in thread
From: Mick @ 2018-04-26 11:42 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1369 bytes --]
On Thursday, 26 April 2018 11:43:23 BST Adam Carter wrote:
> On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey <peter@prh.myzen.co.uk>
>
> wrote:
> > On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> > > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
> >
> > # grep . /sys/devices/system/cpu/vulnerabilities/*
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> > pointer sanitization
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal
> > generic ASM retpoline, IBPB, IBRS_FW
>
> FWIW on my Intel box @4.16.3
>
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
> retpoline, IBPB, IBRS_FW
Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
retpoline
Are there some kernel options I should have selected manually?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Kernel 4.9.95
2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey
@ 2018-04-26 20:44 ` Walter Dnes
0 siblings, 0 replies; 15+ messages in thread
From: Walter Dnes @ 2018-04-26 20:44 UTC (permalink / raw
To: gentoo-user
On Thu, Apr 26, 2018 at 11:15:23AM +0100, Peter Humphrey wrote
I installed it today, having run into a few mysterious *TOTAL* lockups
under 4.12.something (could not ssh in and magic-SysRQ didn't work).
Anyhow, "make oldconfig" asked a couple of questions about "retpoline"
and switching off user access to kernel memory under some context
switches. I played safe and enabled the protections.
--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications
^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95
2018-04-26 11:42 ` Mick
@ 2018-04-27 5:42 ` Nikos Chantziaras
2018-04-27 7:01 ` Mick
2018-04-27 17:20 ` Klaus Ethgen
0 siblings, 2 replies; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27 5:42 UTC (permalink / raw
To: gentoo-user
On 26/04/18 14:42, Mick wrote:
> Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
>
> $ grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
> sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
> retpoline
>
> Are there some kernel options I should have selected manually?
Do you have the latest sys-firmware/intel-microcode installed and
configured correctly? You need to enable the "early microcode" kernel
option, and you also need to add /boot/intel-uc.img to your list of
initrds to load in grub2. Alternatively, a BIOS update for your
mainboard (if one exists; most older mainboards won't get updates from
the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards,
you need the microcode package.)
^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95
2018-04-26 10:28 ` Peter Humphrey
2018-04-26 10:43 ` Adam Carter
@ 2018-04-27 5:44 ` Nikos Chantziaras
1 sibling, 0 replies; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27 5:44 UTC (permalink / raw
To: gentoo-user
On 26/04/18 13:28, Peter Humphrey wrote:
> On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
>> Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
>
> # grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline, IBPB, IBRS_FW
That means the kernel implements the needed mitigations, except for full
GCC retpoline, which requires a recent GCC (7.3.0 here.) I don't know if
6.4.0 supports it.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Re: Kernel 4.9.95
2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras
@ 2018-04-27 7:01 ` Mick
2018-04-27 17:20 ` Klaus Ethgen
1 sibling, 0 replies; 15+ messages in thread
From: Mick @ 2018-04-27 7:01 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1421 bytes --]
On Friday, 27 April 2018 06:42:56 BST Nikos Chantziaras wrote:
> On 26/04/18 14:42, Mick wrote:
> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
> >
> > $ grep . /sys/devices/system/cpu/vulnerabilities/*
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> > pointer sanitization
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
> > generic
> > retpoline
> >
> > Are there some kernel options I should have selected manually?
>
> Do you have the latest sys-firmware/intel-microcode installed and
> configured correctly? You need to enable the "early microcode" kernel
> option, and you also need to add /boot/intel-uc.img to your list of
> initrds to load in grub2. Alternatively, a BIOS update for your
> mainboard (if one exists; most older mainboards won't get updates from
> the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards,
> you need the microcode package.)
Ahh! If the 'IBPB' & 'IBRS_FW' components come from the microcode this
probably explains why I don't have them. I am (still) running an early i7
Intel, which means it won't get any more microcode updates. The latest
available is 'intel-ucode/06-1e-05' and as we know Intel has abandoned all
older owners of their hardware. One good reason for me to abandon them in
turn. :-)
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [gentoo-user] Re: Kernel 4.9.95
2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras
2018-04-27 7:01 ` Mick
@ 2018-04-27 17:20 ` Klaus Ethgen
2018-04-27 18:51 ` Nikos Chantziaras
1 sibling, 1 reply; 15+ messages in thread
From: Klaus Ethgen @ 2018-04-27 17:20 UTC (permalink / raw
To: gentoo-user
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras:
> On 26/04/18 14:42, Mick wrote:
> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
> >
> > $ grep . /sys/devices/system/cpu/vulnerabilities/*
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
> > sanitization
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
> > retpoline
I did install and compile 4.15.18, the last version from branch 4.15.
Unfortunatelly I just get the following:
~> uname -a
Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux
~> grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline
The problem here is, that this is a 32bit system and the CPU is not able
to run 64bit.
So there are some points I want to point to:
- - Meltdown is fully vulnerable. While there is a fix for 64bit kernel, I
would like to know when or if gentoo will port the mitigation for
32bit systems.
- - For Spectre 2, there is some mitigation in kernel but the compiler is
to old to support retpoline.
When I look to gcc meta data, I see a couples of versions:
~> equery m gcc
* sys-devel/gcc [gentoo]
Maintainer: toolchain@gentoo.org (Gentoo Toolchain Project)
Upstream: Remote-ID: cpe:/a:gnu:gcc ID: cpe
Remote-ID: dgcc ID: sourceforge
Homepage: https://gcc.gnu.org/
Location: /usr/portage/sys-devel/gcc
Keywords: 2.95.3-r10:2.95.3: ~alpha ~ppc ~sparc ~x86
Keywords: 3.3.6-r1:3.3.6: ~amd64 ~x86
Keywords: 3.4.6-r2:3.4.6: alpha amd64 arm ppc ppc64 sparc x86 ~ia64 ~mips ~s390 ~sh -* ~x86-fbsd
Keywords: 4.0.4:4.0.4:
Keywords: 4.1.2:4.1.2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh -* ~x86-fbsd
Keywords: 4.2.4-r1:4.2.4: hppa ~alpha ~amd64 ~arm ~ia64 ~m68k ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd
Keywords: 4.3.6-r1:4.3.6: -hppa alpha amd64 arm ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd
Keywords: 4.4.7:4.4.7: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd
Keywords: 4.5.4:4.5.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
Keywords: 4.6.4:4.6.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
Keywords: 4.7.4-r1:4.7.4: -amd64-fbsd -x86-fbsd alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips
Keywords: 4.8.5-r1:4.8.5: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
Keywords: 4.9.4:4.9.4: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
Keywords: 5.4.0-r4:5.4.0: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
Keywords: 6.4.0:6.4.0:
Keywords: 6.4.0-r1:6.4.0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
Keywords: 7.2.0:7.2.0:
Keywords: 7.2.0-r1:7.2.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd
Keywords: 7.3.0:7.3.0:
Keywords: 7.3.0-r1:7.3.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd
Keywords: 7.3.0-r2:7.3.0:
License: GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+
So which version is stable enough to use? 7.3.0, I use on a different
(non-Gentoo) system. But why -r1 and -r2?
> Do you have the latest sys-firmware/intel-microcode installed and configured
> correctly? You need to enable the "early microcode" kernel option, and you
> also need to add /boot/intel-uc.img to your list of initrds to load in
> grub2. Alternatively, a BIOS update for your mainboard (if one exists; most
> older mainboards won't get updates from the likes of Asus, MSI, Gigabyte,
> etc, etc, etc, so for older boards, you need the microcode package.)
So, coming to firmware. I do not think that intel is releasing firmware
update for that CPU. So I fully rely on kernel (and compiler).
Nevertheless, I need to know for other system what exactly is the way to
use firmware on gentoo. There is no /boot/intel-uc.img on my system and
genkernel complain about firmware compiling (what seems to prove that
there is none for my CPU).
However, if I read correct, genkernel should automatically include
firmware and firmware loading into the generated ramdisk. Right?
Regards
Klaus
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Comment: Charset: ISO-8859-1
iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjW74ACgkQpnwKsYAZ
9qyM5QwAsj0M5TT3O+RYPXana71nzgWjd72m0DuCDO/Yfw+79G0NuWrMFwyU/WkZ
OPlspMBRvOxo1UTuOMuUZ7wVqcQNen9m/3XZOQdmhO7NpqdfI5IozZH5dm0tdUcH
qOEcxkQQPj5h9fLqyfiOjKhOFKEtHIF4FuApaJuR2xGhTd4rV5Blm1zLBBZ1uSU6
ImpizYQ4kvCMj/n9L+1S6dd+iqlF0jQBDYw98mcYp3UU8iziA75Kq2a87ZFtjo0y
mENiyu8A4RS+WBItT5jVYDymozs3zeWsbgmNH8k1O4CTy30OqeLiZQdfGow2MC+x
4D0rLmN7Ky+ZDMZARtUPhvbkdC+nUMkfveOOKZbpe3qaAa+8QwVZVV8rC2I7fK8T
kex6adlaN1e8GU9UyeR7mKc5cjESRudM6wcZSJ1ZEx3uLq03IIcdJAoyyBHQz1OC
oQil2Vf4SP0QMhAEp/D4XziEzbkZxNErXwGJfVDHSPlB9wtRs4Mf3F2PGOI20h6S
71mhfjLK
=BqH+
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95
2018-04-27 17:20 ` Klaus Ethgen
@ 2018-04-27 18:51 ` Nikos Chantziaras
2018-04-27 18:53 ` Nikos Chantziaras
0 siblings, 1 reply; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27 18:51 UTC (permalink / raw
To: gentoo-user
On 27/04/18 20:20, Klaus Ethgen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras:
>> On 26/04/18 14:42, Mick wrote:
>>> Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
>>>
>>> $ grep . /sys/devices/system/cpu/vulnerabilities/*
>>> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
>>> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
>>> sanitization
>>> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
>>> retpoline
>
> I did install and compile 4.15.18, the last version from branch 4.15.
> Unfortunatelly I just get the following:
> ~> uname -a
> Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux
> ~> grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline
4.15 is not a supported kernel. Either you need to stay on the bleeding
edge, meaning 4.16, or use a supported kernel, like 4.14. See:
https://www.kernel.org
Basically, you need to always use the "mainline" kernel, or a "longterm"
kernel. Other kernels do not NOT get any updates whatsoever. They are
considered dead. 4.15 is a dead kernel.
^ permalink raw reply [flat|nested] 15+ messages in thread
* [gentoo-user] Re: Kernel 4.9.95
2018-04-27 18:51 ` Nikos Chantziaras
@ 2018-04-27 18:53 ` Nikos Chantziaras
0 siblings, 0 replies; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27 18:53 UTC (permalink / raw
To: gentoo-user
On 27/04/18 21:51, Nikos Chantziaras wrote:
> 4.15 is not a supported kernel. Either you need to stay on the bleeding
> edge, meaning 4.16, or use a supported kernel, like 4.14. See:
>
> https://www.kernel.org
>
> Basically, you need to always use the "mainline" kernel, or a "longterm"
> kernel. Other kernels do not NOT get any updates whatsoever. They are
> considered dead. 4.15 is a dead kernel.
Sorry, should have said "stable", not "mainline." Mainline is the
development version.
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2018-04-27 18:57 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-25 16:06 [gentoo-user] Kernel 4.9.95 Peter Humphrey
2018-04-26 9:52 ` Helmut Jarausch
2018-04-26 9:57 ` John Covici
2018-04-26 10:13 ` Adam Carter
2018-04-26 10:28 ` Peter Humphrey
2018-04-26 10:43 ` Adam Carter
2018-04-26 11:42 ` Mick
2018-04-27 5:42 ` [gentoo-user] " Nikos Chantziaras
2018-04-27 7:01 ` Mick
2018-04-27 17:20 ` Klaus Ethgen
2018-04-27 18:51 ` Nikos Chantziaras
2018-04-27 18:53 ` Nikos Chantziaras
2018-04-27 5:44 ` Nikos Chantziaras
2018-04-26 10:15 ` [gentoo-user] " Peter Humphrey
2018-04-26 20:44 ` Walter Dnes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox