SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When the latest Intel vulnerabilities were in the spot light, a week ago - post #1790, I provided a link to an article @ Phoronix where an additional bug was mentioned. https://www.phoronix.com/scan.php?pa...AA-Kernel-Code
commit 5219505fcbb640e273a0d51c19c38de0100ec5a9
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon Nov 4 12:22:02 2019 +0100
kvm: mmu: ITLB_MULTIHIT mitigation
commit b8e8c8303ff28c61046a4d0f6ea99aea609a7dc0 upstream.
According to this RedHat article, the mitigations come in different forms, microcode fix by Intel and kernel use of the "kvm.nx_huge_pages" boot parameter for patched kernels: https://access.redhat.com/security/v...s/ifu-page-mce
- click on Resolve tab
And yet again my ancient Intel Atom N270 (Bonell) proves to be the most secure Intel CPU I own ATM. Soon I'll start an auction for it and buy a Learjet
P.S. From the RedHat article above I learned that you can check the state of the vulnerability&mitigation (given the kernel is ready/patched):
Kernel 5.4.0-rc8 is patched but mitigation requires activation of Intel Virtualization Technology (Vanderpool Technology) in BIOS/UEFI.
The message will be "KVM Mitigation: Split huge pages".
A major release Kernel update is a lot of work. I'm also considering dropping the uBoot "uImage" from the packages, as they're only required by the Trimslice; but to drop it I'd need to get a newer version of U-Boot working on that device.
Or, I drop support for the Trimslice instead.
It's low priority - I don't fancy being an early adopter. I'll probably look at it some time in Q1 2020.
A major release Kernel update is a lot of work. I'm also considering dropping the uBoot "uImage" from the packages, as they're only required by the Trimslice; but to drop it I'd need to get a newer version of U-Boot working on that device.
Or, I drop support for the Trimslice instead.
It's low priority - I don't fancy being an early adopter. I'll probably look at it some time in Q1 2020.
Silly as I am i have high hopes on ARM and HDMI maybe even 64bit?
This "late in the game," 422 patches makes me question the process, but, then, perhaps, I just don't understand how the whole long term kernel maintenance system works.
Last edited by cwizardone; 11-20-2019 at 01:16 PM.
This "late in the game," 422 patches makes me question the process, but, then, perhaps, I just don't understand how the whole long term kernel maintenance system works.
This "late in the game," 422 patches makes me question the process, but, then, perhaps, I just don't understand how the whole long term kernel maintenance system works.
In what regard do you question the process? Do you mean that it's sad that bugs be discovered long after the release? I don't know how this could be avoided. Bear in mind that most bugs are triggered in specific contexts or through a specific (and possibly unusual) sequence of events. Listing all contexts or possible sequences of events to test them is hardly feasible.
Me, I am happy that bugs be fixed in point releases, regardless of the status (LTS or not) of the major release. For server expected to run 24/7 365d/y it's up to the admin to decide if upgrading the kernel is worth the down time (but there are cases where they could instead do a kernel livepatching despite its limitations).
Last edited by Didier Spaier; 11-20-2019 at 03:14 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.