public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Kernel 4.9.95
@ 2018-04-25 16:06 Peter Humphrey
  2018-04-26  9:52 ` Helmut Jarausch
  0 siblings, 1 reply; 15+ messages in thread
From: Peter Humphrey @ 2018-04-25 16:06 UTC (permalink / raw
  To: gentoo-user

As this version of gentoo-sources has now hit the stable mirrors, would anyone 
like to summarise the position wrt Spectre, Meltdown and anything else that's 
relevant? Just to help us numbskulls sleep at night.

-- 
Regards,
Peter.





^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-25 16:06 [gentoo-user] Kernel 4.9.95 Peter Humphrey
@ 2018-04-26  9:52 ` Helmut Jarausch
  2018-04-26  9:57   ` John Covici
  2018-04-26 10:15   ` [gentoo-user] " Peter Humphrey
  0 siblings, 2 replies; 15+ messages in thread
From: Helmut Jarausch @ 2018-04-26  9:52 UTC (permalink / raw
  To: gentoo-user

On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> As this version of gentoo-sources has now hit the stable mirrors,  
> would anyone
> like to summarise the position wrt Spectre, Meltdown and anything  
> else that's
> relevant? Just to help us numbskulls sleep at night.
> 

I can't say anything about that kernel since I always use the most  
recent kernel available, currently
4.16.4. I haven't had any problems with bleeding edge gentoo-sources.
AFAIR, only work around for this hardware problems have appeared in  
4.14 or 4.15.
I don't know if these have been backported to 4.9.95.

The other fix should be a contained in a recent version  
sys-kernel/linux-firmware (I have 20180416).

You might have a look at


http://kroah.com/log/blog/2018/01/06/meltdown-status/
https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/
https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/
https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/


Helmut

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-26  9:52 ` Helmut Jarausch
@ 2018-04-26  9:57   ` John Covici
  2018-04-26 10:13     ` Adam Carter
  2018-04-26 10:15   ` [gentoo-user] " Peter Humphrey
  1 sibling, 1 reply; 15+ messages in thread
From: John Covici @ 2018-04-26  9:57 UTC (permalink / raw
  To: gentoo-user

On Thu, 26 Apr 2018 05:52:30 -0400,
Helmut Jarausch wrote:
> 
> On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > As this version of gentoo-sources has now hit the stable
> > mirrors, would anyone
> > like to summarise the position wrt Spectre, Meltdown and
> > anything else that's
> > relevant? Just to help us numbskulls sleep at night.
> > 
> 
> I can't say anything about that kernel since I always use the
> most recent kernel available, currently
> 4.16.4. I haven't had any problems with bleeding edge gentoo-sources.
> AFAIR, only work around for this hardware problems have appeared
> in 4.14 or 4.15.
> I don't know if these have been backported to 4.9.95.
> 
> The other fix should be a contained in a recent version
> sys-kernel/linux-firmware (I have 20180416).
> 
> You might have a look at
> 
> 
> http://kroah.com/log/blog/2018/01/06/meltdown-status/
> https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/
> https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/
> https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/
> 

As far as I know anything after 4.9.82 has all the fixes for
meltdown/spectra which have been back ported since this is a long term
release -- I am sure 4.9.95 will be even better and I will go to it
myself in the next days.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici wb2una
         covici@ccs.covici.com


^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-26  9:57   ` John Covici
@ 2018-04-26 10:13     ` Adam Carter
  2018-04-26 10:28       ` Peter Humphrey
  0 siblings, 1 reply; 15+ messages in thread
From: Adam Carter @ 2018-04-26 10:13 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1044 bytes --]

On Thu, Apr 26, 2018 at 7:57 PM, John Covici <covici@ccs.covici.com> wrote:

> On Thu, 26 Apr 2018 05:52:30 -0400,
> Helmut Jarausch wrote:
> >
> > On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > > As this version of gentoo-sources has now hit the stable
> > > mirrors, would anyone
> > > like to summarise the position wrt Spectre, Meltdown and
> > > anything else that's
> > > relevant? Just to help us numbskulls sleep at night.
>
> As far as I know anything after 4.9.82 has all the fixes for
> meltdown/spectra which have been back ported since this is a long term
> release -- I am sure 4.9.95 will be even better and I will go to it
> myself in the next days.
>
>
Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?

For 4.16.3;
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline

[-- Attachment #2: Type: text/html, Size: 1621 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-26  9:52 ` Helmut Jarausch
  2018-04-26  9:57   ` John Covici
@ 2018-04-26 10:15   ` Peter Humphrey
  2018-04-26 20:44     ` Walter Dnes
  1 sibling, 1 reply; 15+ messages in thread
From: Peter Humphrey @ 2018-04-26 10:15 UTC (permalink / raw
  To: gentoo-user

On Thursday, 26 April 2018 10:52:30 BST Helmut Jarausch wrote:
> On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > As this version of gentoo-sources has now hit the stable mirrors,
> > would anyone
> > like to summarise the position wrt Spectre, Meltdown and anything
> > else that's
> > relevant? Just to help us numbskulls sleep at night.
> 
> I can't say anything about that kernel since I always use the most
> recent kernel available, currently 4.16.4. I haven't had any problems with
> bleeding edge gentoo-sources. AFAIR, only work around for this hardware
> problems have appeared in 4.14 or 4.15. I don't know if these have been
> backported to 4.9.95.
> 
> The other fix should be a contained in a recent version
> sys-kernel/linux-firmware (I have 20180416).

The latest stable version is 20180103-r1, which is what I have here. I don't 
think I'll experiment with CPU microcode until it's fully tested and stable.

> You might have a look at
> 
> http://kroah.com/log/blog/2018/01/06/meltdown-status/
> https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown
> -spectre/
> https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltd
> own-and-spectre/
> https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-> meltdown-fixes/

Thanks for the pointers.

-- 
Regards,
Peter.





^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-26 10:13     ` Adam Carter
@ 2018-04-26 10:28       ` Peter Humphrey
  2018-04-26 10:43         ` Adam Carter
  2018-04-27  5:44         ` Nikos Chantziaras
  0 siblings, 2 replies; 15+ messages in thread
From: Peter Humphrey @ 2018-04-26 10:28 UTC (permalink / raw
  To: gentoo-user

On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?

# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline, IBPB, IBRS_FW

-- 
Regards,
Peter.





^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-26 10:28       ` Peter Humphrey
@ 2018-04-26 10:43         ` Adam Carter
  2018-04-26 11:42           ` Mick
  2018-04-27  5:44         ` Nikos Chantziaras
  1 sibling, 1 reply; 15+ messages in thread
From: Adam Carter @ 2018-04-26 10:43 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 834 bytes --]

On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey <peter@prh.myzen.co.uk>
wrote:

> On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
>
> # grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal
> generic ASM retpoline, IBPB, IBRS_FW
>
>
FWIW on my Intel box @4.16.3

/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
retpoline, IBPB, IBRS_FW

[-- Attachment #2: Type: text/html, Size: 1325 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-26 10:43         ` Adam Carter
@ 2018-04-26 11:42           ` Mick
  2018-04-27  5:42             ` [gentoo-user] " Nikos Chantziaras
  0 siblings, 1 reply; 15+ messages in thread
From: Mick @ 2018-04-26 11:42 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1369 bytes --]

On Thursday, 26 April 2018 11:43:23 BST Adam Carter wrote:
> On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey <peter@prh.myzen.co.uk>
> 
> wrote:
> > On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> > > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
> > 
> > # grep . /sys/devices/system/cpu/vulnerabilities/*
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> > pointer sanitization
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal
> > generic ASM retpoline, IBPB, IBRS_FW
> 
> FWIW on my Intel box @4.16.3
> 
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
> retpoline, IBPB, IBRS_FW

Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer 
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic 
retpoline

Are there some kernel options I should have selected manually?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Kernel 4.9.95
  2018-04-26 10:15   ` [gentoo-user] " Peter Humphrey
@ 2018-04-26 20:44     ` Walter Dnes
  0 siblings, 0 replies; 15+ messages in thread
From: Walter Dnes @ 2018-04-26 20:44 UTC (permalink / raw
  To: gentoo-user

On Thu, Apr 26, 2018 at 11:15:23AM +0100, Peter Humphrey wrote

  I installed it today, having run into a few mysterious *TOTAL* lockups
under 4.12.something (could not ssh in and magic-SysRQ didn't work).

  Anyhow, "make oldconfig" asked a couple of questions about "retpoline"
and switching off user access to kernel memory under some context
switches.  I played safe and enabled the protections.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [gentoo-user] Re: Kernel 4.9.95
  2018-04-26 11:42           ` Mick
@ 2018-04-27  5:42             ` Nikos Chantziaras
  2018-04-27  7:01               ` Mick
  2018-04-27 17:20               ` Klaus Ethgen
  0 siblings, 2 replies; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27  5:42 UTC (permalink / raw
  To: gentoo-user

On 26/04/18 14:42, Mick wrote:
> Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
> 
> $ grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
> sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
> retpoline
> 
> Are there some kernel options I should have selected manually?

Do you have the latest sys-firmware/intel-microcode installed and 
configured correctly? You need to enable the "early microcode" kernel 
option, and you also need to add /boot/intel-uc.img to your list of 
initrds to load in grub2. Alternatively, a BIOS update for your 
mainboard (if one exists; most older mainboards won't get updates from 
the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards, 
you need the microcode package.)



^ permalink raw reply	[flat|nested] 15+ messages in thread

* [gentoo-user] Re: Kernel 4.9.95
  2018-04-26 10:28       ` Peter Humphrey
  2018-04-26 10:43         ` Adam Carter
@ 2018-04-27  5:44         ` Nikos Chantziaras
  1 sibling, 0 replies; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27  5:44 UTC (permalink / raw
  To: gentoo-user

On 26/04/18 13:28, Peter Humphrey wrote:
> On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
>> Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
> 
> # grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline, IBPB, IBRS_FW

That means the kernel implements the needed mitigations, except for full 
GCC retpoline, which requires a recent GCC (7.3.0 here.) I don't know if 
6.4.0 supports it.



^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Re: Kernel 4.9.95
  2018-04-27  5:42             ` [gentoo-user] " Nikos Chantziaras
@ 2018-04-27  7:01               ` Mick
  2018-04-27 17:20               ` Klaus Ethgen
  1 sibling, 0 replies; 15+ messages in thread
From: Mick @ 2018-04-27  7:01 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1421 bytes --]

On Friday, 27 April 2018 06:42:56 BST Nikos Chantziaras wrote:
> On 26/04/18 14:42, Mick wrote:
> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
> > 
> > $ grep . /sys/devices/system/cpu/vulnerabilities/*
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> > pointer sanitization
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
> > generic
> > retpoline
> > 
> > Are there some kernel options I should have selected manually?
> 
> Do you have the latest sys-firmware/intel-microcode installed and
> configured correctly? You need to enable the "early microcode" kernel
> option, and you also need to add /boot/intel-uc.img to your list of
> initrds to load in grub2. Alternatively, a BIOS update for your
> mainboard (if one exists; most older mainboards won't get updates from
> the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards,
> you need the microcode package.)

Ahh!  If the 'IBPB' & 'IBRS_FW' components come from the microcode this 
probably explains why I don't have them.  I am (still) running an early i7 
Intel, which means it won't get any more microcode updates.  The latest 
available is 'intel-ucode/06-1e-05' and as we know Intel has abandoned all 
older owners of their hardware.  One good reason for me to abandon them in 
turn.  :-)

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [gentoo-user] Re: Kernel 4.9.95
  2018-04-27  5:42             ` [gentoo-user] " Nikos Chantziaras
  2018-04-27  7:01               ` Mick
@ 2018-04-27 17:20               ` Klaus Ethgen
  2018-04-27 18:51                 ` Nikos Chantziaras
  1 sibling, 1 reply; 15+ messages in thread
From: Klaus Ethgen @ 2018-04-27 17:20 UTC (permalink / raw
  To: gentoo-user

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Am Fr den 27. Apr 2018 um  6:42 schrieb Nikos Chantziaras:
> On 26/04/18 14:42, Mick wrote:
> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
> > 
> > $ grep . /sys/devices/system/cpu/vulnerabilities/*
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
> > sanitization
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
> > retpoline

I did install and compile 4.15.18,  the last version from branch 4.15.
Unfortunatelly I just get the following:
   ~> uname -a
   Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux
   ~> grep . /sys/devices/system/cpu/vulnerabilities/*
   /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
   /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
   /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline

The problem here is, that this is a 32bit system and the CPU is not able
to run 64bit.

So there are some points I want to point to:
- - Meltdown is fully vulnerable. While there is a fix for 64bit kernel, I
  would like to know when or if gentoo will port the mitigation for
  32bit systems.
- - For Spectre 2, there is some mitigation in kernel but the compiler is
  to old to support retpoline.
  When I look to gcc meta data, I see a couples of versions:
      ~> equery m gcc
       * sys-devel/gcc [gentoo]
      Maintainer:  toolchain@gentoo.org (Gentoo Toolchain Project)
      Upstream:    Remote-ID:   cpe:/a:gnu:gcc ID: cpe
		   Remote-ID:   dgcc ID: sourceforge
      Homepage:    https://gcc.gnu.org/
      Location:    /usr/portage/sys-devel/gcc
      Keywords:    2.95.3-r10:2.95.3: ~alpha ~ppc ~sparc ~x86
      Keywords:    3.3.6-r1:3.3.6: ~amd64 ~x86
      Keywords:    3.4.6-r2:3.4.6: alpha amd64 arm ppc ppc64 sparc x86 ~ia64 ~mips ~s390 ~sh -* ~x86-fbsd
      Keywords:    4.0.4:4.0.4: 
      Keywords:    4.1.2:4.1.2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh -* ~x86-fbsd
      Keywords:    4.2.4-r1:4.2.4: hppa ~alpha ~amd64 ~arm ~ia64 ~m68k ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd
      Keywords:    4.3.6-r1:4.3.6: -hppa alpha amd64 arm ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd
      Keywords:    4.4.7:4.4.7: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd
      Keywords:    4.5.4:4.5.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
      Keywords:    4.6.4:4.6.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
      Keywords:    4.7.4-r1:4.7.4: -amd64-fbsd -x86-fbsd alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips
      Keywords:    4.8.5-r1:4.8.5: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
      Keywords:    4.9.4:4.9.4: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
      Keywords:    5.4.0-r4:5.4.0: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
      Keywords:    6.4.0:6.4.0: 
      Keywords:    6.4.0-r1:6.4.0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
      Keywords:    7.2.0:7.2.0: 
      Keywords:    7.2.0-r1:7.2.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd
      Keywords:    7.3.0:7.3.0: 
      Keywords:    7.3.0-r1:7.3.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd
      Keywords:    7.3.0-r2:7.3.0: 
      License:     GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+

  So which version is stable enough to use? 7.3.0, I use on a different
  (non-Gentoo) system. But why -r1 and -r2?

> Do you have the latest sys-firmware/intel-microcode installed and configured
> correctly? You need to enable the "early microcode" kernel option, and you
> also need to add /boot/intel-uc.img to your list of initrds to load in
> grub2. Alternatively, a BIOS update for your mainboard (if one exists; most
> older mainboards won't get updates from the likes of Asus, MSI, Gigabyte,
> etc, etc, etc, so for older boards, you need the microcode package.)

So, coming to firmware. I do not think that intel is releasing firmware
update for that CPU. So I fully rely on kernel (and compiler).

Nevertheless, I need to know for other system what exactly is the way to
use firmware on gentoo. There is no /boot/intel-uc.img on my system and
genkernel complain about firmware compiling (what seems to prove that
there is none for my CPU).

However, if I read correct, genkernel should automatically include
firmware and firmware loading into the generated ramdisk. Right?

Regards
   Klaus
- -- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjW74ACgkQpnwKsYAZ
9qyM5QwAsj0M5TT3O+RYPXana71nzgWjd72m0DuCDO/Yfw+79G0NuWrMFwyU/WkZ
OPlspMBRvOxo1UTuOMuUZ7wVqcQNen9m/3XZOQdmhO7NpqdfI5IozZH5dm0tdUcH
qOEcxkQQPj5h9fLqyfiOjKhOFKEtHIF4FuApaJuR2xGhTd4rV5Blm1zLBBZ1uSU6
ImpizYQ4kvCMj/n9L+1S6dd+iqlF0jQBDYw98mcYp3UU8iziA75Kq2a87ZFtjo0y
mENiyu8A4RS+WBItT5jVYDymozs3zeWsbgmNH8k1O4CTy30OqeLiZQdfGow2MC+x
4D0rLmN7Ky+ZDMZARtUPhvbkdC+nUMkfveOOKZbpe3qaAa+8QwVZVV8rC2I7fK8T
kex6adlaN1e8GU9UyeR7mKc5cjESRudM6wcZSJ1ZEx3uLq03IIcdJAoyyBHQz1OC
oQil2Vf4SP0QMhAEp/D4XziEzbkZxNErXwGJfVDHSPlB9wtRs4Mf3F2PGOI20h6S
71mhfjLK
=BqH+
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [gentoo-user] Re: Kernel 4.9.95
  2018-04-27 17:20               ` Klaus Ethgen
@ 2018-04-27 18:51                 ` Nikos Chantziaras
  2018-04-27 18:53                   ` Nikos Chantziaras
  0 siblings, 1 reply; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27 18:51 UTC (permalink / raw
  To: gentoo-user

On 27/04/18 20:20, Klaus Ethgen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi,
> 
> Am Fr den 27. Apr 2018 um  6:42 schrieb Nikos Chantziaras:
>> On 26/04/18 14:42, Mick wrote:
>>> Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
>>>
>>> $ grep . /sys/devices/system/cpu/vulnerabilities/*
>>> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
>>> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
>>> sanitization
>>> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
>>> retpoline
> 
> I did install and compile 4.15.18,  the last version from branch 4.15.
> Unfortunatelly I just get the following:
>     ~> uname -a
>     Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux
>     ~> grep . /sys/devices/system/cpu/vulnerabilities/*
>     /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
>     /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
>     /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline

4.15 is not a supported kernel. Either you need to stay on the bleeding 
edge, meaning 4.16, or use a supported kernel, like 4.14. See:

   https://www.kernel.org

Basically, you need to always use the "mainline" kernel, or a "longterm" 
kernel. Other kernels do not NOT get any updates whatsoever. They are 
considered dead. 4.15 is a dead kernel.



^ permalink raw reply	[flat|nested] 15+ messages in thread

* [gentoo-user] Re: Kernel 4.9.95
  2018-04-27 18:51                 ` Nikos Chantziaras
@ 2018-04-27 18:53                   ` Nikos Chantziaras
  0 siblings, 0 replies; 15+ messages in thread
From: Nikos Chantziaras @ 2018-04-27 18:53 UTC (permalink / raw
  To: gentoo-user

On 27/04/18 21:51, Nikos Chantziaras wrote:
> 4.15 is not a supported kernel. Either you need to stay on the bleeding 
> edge, meaning 4.16, or use a supported kernel, like 4.14. See:
> 
>    https://www.kernel.org
> 
> Basically, you need to always use the "mainline" kernel, or a "longterm" 
> kernel. Other kernels do not NOT get any updates whatsoever. They are 
> considered dead. 4.15 is a dead kernel.

Sorry, should have said "stable", not "mainline." Mainline is the 
development version.



^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2018-04-27 18:57 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-25 16:06 [gentoo-user] Kernel 4.9.95 Peter Humphrey
2018-04-26  9:52 ` Helmut Jarausch
2018-04-26  9:57   ` John Covici
2018-04-26 10:13     ` Adam Carter
2018-04-26 10:28       ` Peter Humphrey
2018-04-26 10:43         ` Adam Carter
2018-04-26 11:42           ` Mick
2018-04-27  5:42             ` [gentoo-user] " Nikos Chantziaras
2018-04-27  7:01               ` Mick
2018-04-27 17:20               ` Klaus Ethgen
2018-04-27 18:51                 ` Nikos Chantziaras
2018-04-27 18:53                   ` Nikos Chantziaras
2018-04-27  5:44         ` Nikos Chantziaras
2018-04-26 10:15   ` [gentoo-user] " Peter Humphrey
2018-04-26 20:44     ` Walter Dnes

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox