LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 02-09-2018, 08:04 AM   #601
Paulo2
Member
 
Registered: Aug 2012
Distribution: Slackware64-current (started with 13.37(32))
Posts: 359

Rep: Reputation: 108Reputation: 108

Quote:
Originally Posted by Lysander666 View Post
In 64bit. 32bit users are being rather left behind here. No mitigation for Meltdown as yet.
I think they should release all fixes at same time, at least for the same kernel version.
Is that because Meltdown affects only Intel? Maybe it is hard to fix.

4.14.18 and 4.15.2 for x86_64 seem ok now.
Code:
root@paulobash~# cat 4.14.18-x86_64 
/sys/devices/system/cpu/vulnerabilities/meltdown:       Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full AMD retpoline
root@paulobash~# cat 4.15.2-custom-x86_64 
/sys/devices/system/cpu/vulnerabilities/meltdown:       Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full AMD retpoline
 
1 members found this post helpful.
Old 02-11-2018, 07:27 PM   #602
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,737
Blog Entries: 1

Original Poster
Rep: Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035
The 4.16 "Mainline" Development Kernel has been released and
RC-1 is now available for testing.

https://www.kernel.org/

The tarball, https://git.kernel.org/torvalds/t/linux-4.16-rc1.tar.gz

Mr. Torvalds' announcement, http://lkml.iu.edu/hypermail/linux/k...utm_source=anz

Last edited by cwizardone; 02-11-2018 at 10:33 PM.
 
Old 02-12-2018, 11:28 AM   #603
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,737
Blog Entries: 1

Original Poster
Rep: Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035
The latest Stable Kernel update, 4.15.3, is now available at, https://www.kernel.org/.

The change logs,

https://cdn.kernel.org/pub/linux/ker...angeLog-4.15.3

Last edited by cwizardone; 02-12-2018 at 12:20 PM.
 
1 members found this post helpful.
Old 02-12-2018, 11:49 AM   #604
Pixxt
Member
 
Registered: May 2008
Distribution: Slackware, Debian,
Posts: 142

Rep: Reputation: 53
Wrong thread sorry.

Last edited by Pixxt; 02-12-2018 at 11:52 AM.
 
Old 02-12-2018, 12:34 PM   #605
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,737
Blog Entries: 1

Original Poster
Rep: Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035
FWIW, to date, all the 4.15.x releases have ran perfectly in -current with the latest Nvidia "Long Lived Branch" driver.
 
2 members found this post helpful.
Old 02-13-2018, 12:13 PM   #606
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,737
Blog Entries: 1

Original Poster
Rep: Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035
Kernel updates 4.14.19 and 4.9.81 are now available at, https://www.kernel.org/.

The change logs,

https://cdn.kernel.org/pub/linux/ker...ngeLog-4.14.19

https://cdn.kernel.org/pub/linux/ker...angeLog-4.9.81
 
2 members found this post helpful.
Old 02-17-2018, 08:09 AM   #607
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,184

Rep: Reputation: 596Reputation: 596Reputation: 596Reputation: 596Reputation: 596Reputation: 596
4.15.4, 4.14.20, 4.9.82, 4.4.116, 3.18.95, 3.16.54 and 3.2.99

All --

Kernels 4.15.4, 4.14.20, 4.9.82, 4.4.116, 3.18.95, 3.16.54 and 3.2.99 are now available.

Handy Links:
Code:
stable:    4.15.4        Source ChangeLog [CVE] 2018-02-16
longterm:  4.14.20       Source ChangeLog [CVE] 2018-02-16 ( Slackware-current )
longterm:  4.9.82        Source ChangeLog [CVE] 2018-02-17
longterm:  4.4.116       Source ChangeLog [CVE] 2018-02-16 ( Slackware-14.2 )
longterm:  3.18.95 [EOL] Source ChangeLog [CVE] 2018-02-16
longterm:  3.16.54       Source ChangeLog [CVE] 2018-02-13
longterm:  3.2.99        Source ChangeLog [CVE] 2018-02-13 ( Slackware-14.0 )
CVE References:

ChangeLog-4.15.4 references CVE-2017-5715 and CVE-2017-5754.

ChangeLog-4.14.20 references CVE-2017-5715, CVE-2017-5754 and CVE-2017-8824.

ChangeLog-4.9.82 references CVE-2017-8824.

ChangeLog-4.4.116 references CVE-2017-8824.

ChangeLog-3.18.95 references CVE-2017-8824.

ChangeLog-3.16.54 references CVE-2011-1161 and CVE-2017-1000410.

ChangeLog-3.2.99 references CVE-2011-1161.

Check for the Latest Updates at www.kernel.org.

Have Fun All'Y'All !

-- kjh
 
3 members found this post helpful.
Old 02-17-2018, 09:03 AM   #608
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,184

Rep: Reputation: 596Reputation: 596Reputation: 596Reputation: 596Reputation: 596Reputation: 596
Built and booted 4.4.116

While I am still vulnerable to Spectre Variant 1 ( see below ), there are a couple worthwhile backports into 4.4.116 for AMD and AMD hypervisors.

From the 4.4.116 ChangeLog:

Code:
commit ba929f5f3c263f3b975a3b95328f66203a57b536
Author: Borislav Petkov <bp@suse.de>
Date:   Thu Oct 12 13:23:16 2017 +0200

    x86/microcode: Do the family check first
    
    commit 1f161f67a272cc4f29f27934dd3f74cb657eb5c4 upstream with adjustments.
    
    On CPUs like AMD's Geode, for example, we shouldn't even try to load
    microcode because they do not support the modern microcode loading
    interface.
    ...
and
Code:
commit 3fe9cdee4205a4876154f469247c7a3176ccaac7
Author: Borislav Petkov <bp@suse.de>
Date:   Sun Dec 18 17:44:13 2016 +0100

    x86/microcode/AMD: Do not load when running on a hypervisor
    
    commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 upstream with minor
    adjustments.
    
    Doing so is completely void of sense for multiple reasons so prevent
    it. Set dis_ucode_ldr to true and thus disable the microcode loader by
    default to address xen pv guests which execute the AP path but not the
    BSP path.
...
Have fun All'Y'All !

-- kjh

According to the 4.4.116 Kernel:
Code:
# gawk '{ print FILENAME ":\t" $0 }' /sys/devices/system/cpu/vulnerabilities/*  

/sys/devices/system/cpu/vulnerabilities/meltdown:       Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full generic retpoline
And sccording to the latest spectre-meltdown-checker.sh
Code:
# /home/dld/spectre-meltdown-checker/spectre-meltdown-checker-0.35/spectre-meltdown-checker.sh

Spectre and Meltdown mitigation detection tool v0.35

Checking for vulnerabilities on current system
Kernel is Linux 4.4.116.kjh #1 SMP Sat Feb 17 07:20:06 CST 2018 x86_64
CPU is Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
Possible disrepancy between your running kernel and the image we found (/boot/vmlinuz), results might be incorrect

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 94 stepping 3 ucode 0xba)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  YES 
  * Vulnerable to Variant 2:  YES 
  * Vulnerable to Variant 3:  YES 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel has array_index_mask_nospec:  NO 
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Checking count of LFENCE instructions following a jump in kernel...  NO  (only 15 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  VULNERABLE  (Kernel source needs to be patched to mitigate the vulnerability)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO 
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO 
    * IBRS enabled for User space:  NO 
    * IBPB enabled:  NO 
* Mitigation 2
  * Kernel compiled with retpoline option:  YES 
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES 
* PTI enabled and active:  YES 
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer
 
2 members found this post helpful.
Old 02-17-2018, 01:31 PM   #609
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,737
Blog Entries: 1

Original Poster
Rep: Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035
Installed the DUSK 4.15.4 kernel a few hours ago and all is well..... so far.


https://dusk.idlemoor.tk/

Last edited by cwizardone; 02-17-2018 at 01:33 PM.
 
Old 02-18-2018, 10:30 PM   #610
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 3,737
Blog Entries: 1

Original Poster
Rep: Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035Reputation: 1035
Release Candidate 2, of the 4.16 "Mainline" Development Kernel is now available for testing.

https://www.kernel.org/

The tarball, https://git.kernel.org/torvalds/t/linux-4.16-rc2.tar.gz

Mr. Torvalds' announcement, https://lkml.org/lkml/2018/2/18/188
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux.conf.au: Latest Linux kernel release due early March DragonSlayer48DX Linux - News 0 01-18-2010 11:43 PM
No video on latest kernel release Tralce Linux - Kernel 3 11-30-2006 08:48 AM
What is the latest Redhat release TILEMANN Linux - Software 5 11-20-2006 11:48 PM
LXer: News: OpenVZ To Release Support, Patches for Latest Kernel LXer Syndicated Linux News 0 11-01-2006 11:54 PM
latest debian release? doralsoral Linux - Software 5 12-25-2004 01:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration