LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-09-2018, 09:19 PM   #16
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,650

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498

Uploaded microcode and it's same version number (revision 0x23, date 2017-11-20) than what was provided in Debian package
 
Old 01-09-2018, 09:47 PM   #17
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware Gentoo ARM (eval)
Posts: 205

Rep: Reputation: 81
I was about to let you know that Intel is primarily focusing and has released firmwares only for CPUs manufactured in the last 5 years, but you guys are eager in trying everything that's new Just kiddin'
Here, Intel's CEO speech at CES addressing the updates - skip the circus at the beginning and start at 0:59:00
https://www.youtube.com/watch?v=RlJ9zB74G_U
 
Old 01-10-2018, 12:14 AM   #18
bamunds
Member
 
Registered: Sep 2013
Location: Mounds View MN
Distribution: Slackware64-14.2 Multilib
Posts: 420

Rep: Reputation: 91
Quote:
Originally Posted by abga View Post
I was about to let you know that Intel is primarily focusing and has released firmwares only for CPUs manufactured in the last 5 years...
Actually, I was just letting everyone know that a later release, which I've been asking for a link to has finally hit Intel's download page. I knew that Intel's focus is not going to be on 10 year old technology, wasn't expecting it. But I'm also trying to be prepared for when they finally (maybe by end of January) actually send out the code for the 0xf47 processor signature of the Pentium D 820. BTW rhe KAISER kernel patches are confirmed to now load with 4.4.110 kernel. Back to my other thread. Thanks for the youtube link, it was pablum.
 
Old 01-10-2018, 04:38 AM   #19
GazL
Senior Member
 
Registered: May 2008
Posts: 4,559
Blog Entries: 9

Rep: Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052
Mine (i3-5157u) went up by 3 revisions 25-> 28, Dated: 2017-11-17.
 
Old 01-14-2018, 12:56 AM   #20
Fat_Elvis
Member
 
Registered: Oct 2016
Distribution: FreeDOS 1.2
Posts: 206

Rep: Reputation: 54
Quote:
Originally Posted by FlinchX View Post
I am pretty sure that the CPU industry has a lot of very hard working clever people as well. And they aren't ethically defective.
Can one be certain of this? I've heard that Intel, AMD, and ARM have been doing some very nasty things.
 
1 members found this post helpful.
Old 01-14-2018, 03:58 AM   #21
nobodino
Member
 
Registered: Jul 2010
Location: in France
Distribution: slackware, slackware from scratch, LFS, linux Mint, Niresh (MacOS)...
Posts: 204

Rep: Reputation: 162Reputation: 162
What about the future of slackware 32 bits in that mess?
KPTI is not enabled in that version, and nothing protects against Meltdown.
This week, I switched entirely to 64 version of slackware64-14.2, and slackware64-current, and for all the versions of linux I have on my PCs and laptops.

I upgraded the microcode, compiled kernel-huge-4.14.13 (even on slackware64-14.2), and tested the "meltdown-spectre-checker.sh" script.
There's a lot job to be done to have everything "ok" according to that script (retpoline...), and I don't talk of what that "pandora's box" opened on the darkest side of this.
I looked at the sources of ClearLinux (gcc, glibc and kernel-4.14.13-508), future promises hard times for security people.
I'm (pretty) sure there will be nothing done for the 32 bit version of the kernel.
What do you think of it, all of you?

Last edited by nobodino; 01-14-2018 at 04:14 AM.
 
Old 01-14-2018, 04:54 AM   #22
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 1,963

Rep: Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698
Not all people use the Intellicrap, you know ...

And sooner or later they will port the KPTI also to 32-bit. This arch is not abandoned by the Kernel devs.

Last edited by Darth Vader; 01-14-2018 at 05:17 AM.
 
Old 01-14-2018, 09:05 AM   #23
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,131

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
Finally got around to adding the microcode initrd to the BackUp Box on my LAN ( was running the HUGE Kernel without an initrd before )

My 'bupbox' is a refurb HP ProLiant box I got for cheap from NewEgg with a new pair of 4T drives running RAID 1 ( drives cost more than the box ).

The i3-4150 CPU is now running microcode revision 0x23 / 2017-11-20 on the 4.4.110 Generic Kernel that I compiled on my Laptop.

After all this, I am still vulnerable to Spectre but I am not vulnerable to Meltdown.

This does remind me that I should probably check to see if HP has a BIOS Update for the discontinued Q2'14 Intel i3 Processor ...

-- kjh

Code:
[root@bupbox bin]# dmesg -t |grep -m1 DMI
DMI: HP ProLiant ML10 v2, BIOS J10 02/02/2015
Code:
[root@bupbox bin]# uname -a
Linux bupbox 4.4.111.kjh #1 SMP Wed Jan 10 06:12:42 CST 2018 x86_64 Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz GenuineIntel GNU/Linux
Code:
[root@bupbox bin]# dmesg -t |grep -m1 microcode
microcode: CPU0 microcode updated early to revision 0x23, date = 2017-11-20
P.S. I forgot to mention that `spectre-meltdown-checker.sh` doesn't like my lilo.conf label=Linux44111G -vs- my /boot/vmlinuz-generic-4.4.111.kjh kernel image filename.

When I ran `./spectre-meltdown-checker.sh --live`, I got this error / warning:

Code:
<<snip>>

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  UNKNOWN 
> STATUS:  UNKNOWN  (couldn't check (couldn't find your kernel image in /boot, if you used netboot, this is normal))
That's because the if-block in spectre-meltdown-checker.sh starting at line 464 assumes the BOOT_IMAGE Variable in /proc/cmdline is the same as the kernel image filename.

Mine is not, and I don't imagine anyone running lilo has the same lilo.conf label= and kernel image filename ( ??? maybe it's just me ??? )

Code:
# cat /proc/cmdline

auto BOOT_IMAGE=Linux44111G ro root=900 vt.default_utf8=0 raid=noautodetect md=0,/dev/sda3,/dev/sdb3
As a work-around, I temporarily added a symlink so that `./spectre-meltdown-checker.sh --live` could find my running kernel:

Code:
# ln -s /boot/vmlinuz-generic-4.4.111.kjh /boot/Linux44111G   # make a temp symlink the same as the lilo.conf label= for my running kernel
# ./spectre-meltdown-checker.sh --live
# rm /boot/Linux44111G
when I ran `./spectre-meltdown-checker.sh --live` as in the previous code-block, with the symlink in place, I got:
Code:
<snip>>

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:  NO 
> STATUS:  VULNERABLE  (only 16 opcodes found, should be >= 70, heuristic to be improved when official patches become available)

Last edited by kjhambrick; 01-14-2018 at 09:32 AM. Reason: added P.S.
 
1 members found this post helpful.
Old 01-14-2018, 11:38 AM   #24
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,650

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Or just edit the script so it tests the existence of /boot/vmlinuz rather than /boot/vmlinuz-linux
(assuming /boot/vmlinuz is linked to the running kernel filename)
 
Old 01-14-2018, 02:26 PM   #25
Olek
Member
 
Registered: Jul 2012
Location: Wroclaw Poland
Distribution: Slackware
Posts: 57

Rep: Reputation: Disabled
Quote:
Originally Posted by bamunds View Post
Testing with my old Penium D 820... Cheers
You missed information that You shouldn't expect microcode updates for Intel CPU older than 5 years.
 
Old 01-14-2018, 04:42 PM   #26
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,131

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
Quote:
Originally Posted by keefaz View Post
Or just edit the script so it tests the existence of /boot/vmlinuz rather than /boot/vmlinuz-linux
(assuming /boot/vmlinuz is linked to the running kernel filename)
Thanks keefaz ...

I like your solution better than mucking around with symlinks in the /boot/ directory

The problem is when -or- if I boot a kernel other than the default ... Oh well ...

-- kjh

This patch would fix the script but only if you're running the default, symlinked kernel:

Code:
# diff -Naur spectre-meltdown-checker.orig.sh spectre-meltdown-checker.sh
Code:
--- spectre-meltdown-checker.orig.sh    2018-01-12 04:46:36.000000000 -0600
+++ spectre-meltdown-checker.sh 2018-01-14 15:36:21.310633637 -0600
@@ -472,6 +472,7 @@
        fi
        # if we didn't find a kernel, default to guessing
        if [ ! -e "$opt_kernel" ]; then
+                [ -e "/boot/vmlinuz"           ] && opt_kernel="/boot/vmlinuz"           # slackware default
                [ -e /boot/vmlinuz-linux       ] && opt_kernel=/boot/vmlinuz-linux
                [ -e /boot/vmlinuz-linux-libre ] && opt_kernel=/boot/vmlinuz-linux-libre
                [ -e /boot/vmlinuz-$(uname -r) ] && opt_kernel=/boot/vmlinuz-$(uname -r)
 
1 members found this post helpful.
Old 01-14-2018, 07:46 PM   #27
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,650

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Quote:
Originally Posted by kjhambrick View Post
Thanks keefaz ...

I like your solution better than mucking around with symlinks in the /boot/ directory

The problem is when -or- if I boot a kernel other than the default ... Oh well ...
In this case, give kernel filename with --kernel option to the script
https://github.com/speed47/spectre-m...own-checker.sh
 
Old 01-14-2018, 11:50 PM   #28
bamunds
Member
 
Registered: Sep 2013
Location: Mounds View MN
Distribution: Slackware64-14.2 Multilib
Posts: 420

Rep: Reputation: 91
Quote:
Originally Posted by Olek View Post
You missed information that You shouldn't expect microcode updates for Intel CPU older than 5 years.
My understanding from the Intel official release is they would release updates from all CPU less then 5 years old by this weekend and would work to have all older CPU's by end of January. Cheers.
 
1 members found this post helpful.
Old 01-15-2018, 11:35 AM   #29
Fat_Elvis
Member
 
Registered: Oct 2016
Distribution: FreeDOS 1.2
Posts: 206

Rep: Reputation: 54
Quote:
Originally Posted by Darth Vader View Post
To completely address the issues, also the entire operating system should be rebuilt using a patched GCC.

This is the single way to address the Spectre in a effective way.
Have a link for the GCC patch, by any chance?
 
Old 01-15-2018, 12:23 PM   #30
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,141
Blog Entries: 4

Rep: Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581
Quote:
Originally Posted by Fat_Elvis View Post
Have a link for the GCC patch, by any chance?
lololol, https://gcc.gnu.org/ml/gcc-patches/2018-01/threads.html

Edit: to be slightly more helpful, there are lots of threads which refer to speculation, retpoline, spectre etc. There's a vast amount of work going on, none of it is ready yet, and it'll be a miracle if any of it ever gets backported to gcc-5.3

Last edited by 55020; 01-15-2018 at 12:26 PM.
 
3 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linus Torvalds and Greg Kroah-Hartman both have new Linux in mind LXer Syndicated Linux News 0 06-20-2017 09:31 AM
Linux 4.9 Will Be the Next LTS Kernel Branch, Says Greg Kroah-Hartman jeremy Linux - News 0 08-12-2016 03:10 PM
What is th latest version of linux device driver book by Greg Kroah-Hartman ? pradiptart Linux - Newbie 3 09-11-2012 06:16 PM
LXer: Man vs. Myth: Greg Kroah-Hartman and the Kernel Driver Project LXer Syndicated Linux News 1 07-22-2008 03:46 AM
LXer: Greg Kroah-Hartman on kernel development LXer Syndicated Linux News 0 06-19-2006 03:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 07:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration