LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-03-2018, 10:40 AM   #451
Chuck56
Member
 
Registered: Dec 2006
Location: Colorado
Distribution: Slackware
Posts: 500

Rep: Reputation: 95

Quote:
Originally Posted by Petri Kaukasoina View Post
Code:
grep isolation /var/log/messages
Code:
bash-4.4# grep isolation /var/log/messages
Jan  3 08:45:24 slacker kernel: [    0.000000] Kernel/User page tables isolation: disabled on command line.
bash-4.4#
Oh my, I missed that while scanning the logs. Thanks again Petri.
 
1 members found this post helpful.
Old 01-03-2018, 11:55 AM   #452
slalik
Member
 
Registered: Nov 2014
Location: Moscow, Russia
Distribution: Slackware
Posts: 145

Rep: Reputation: 76
Quote:
Originally Posted by stormtracknole View Post
Intel has provided a tool (for both Windows and Linux) to detect if your CPU is vulnerable to this. Here's the link.
I think this is for different security problem.
 
3 members found this post helpful.
Old 01-03-2018, 11:55 AM   #453
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 4,058
Blog Entries: 1

Original Poster
Rep: Reputation: 1358Reputation: 1358Reputation: 1358Reputation: 1358Reputation: 1358Reputation: 1358Reputation: 1358Reputation: 1358Reputation: 1358Reputation: 1358
I should have read through this and the other related threads before installing 4.14.11.
First, I tried the huge kernel and it panicked and froze.
Then I tried the generic kernel and created a initrd, and that booted, but now the Nvidia driver, neither short or long term, will install.
Back to 4.14.7.

Last edited by cwizardone; 01-03-2018 at 11:56 AM.
 
Old 01-03-2018, 12:02 PM   #454
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 4,328

Rep: Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265Reputation: 2265
if you modify SBo's scripts for nvidia-kernel and nvidia-driver like this they should work fine with the kernel in current

http://cgit.ponce.cc/slackbuilds/com...=nvidia-kernel
http://cgit.ponce.cc/slackbuilds/com...=nvidia-driver
 
2 members found this post helpful.
Old 01-03-2018, 12:57 PM   #455
bamunds
Member
 
Registered: Sep 2013
Location: Mounds View MN
Distribution: Slackware64-14.2 Multilib
Posts: 529

Rep: Reputation: 135Reputation: 135
Scanning the kernel changelog for 4.4 and 4.14 I don't see the x86/kpti patch applied yet to either. Currently using 4.4.106 on a Pentium D-820 which doesn't have VT-x ability and is part of Smithfield family not Skylake. The python script results were:

Manufacturer: emachines
Model: T5224
Processor Name: Intel(R) Pentium(R) D CPU 2.80GHz
OS Version: Slackware 14.2 (4.4.106-ba)
*** Risk Assessment ***
Detection Error: This system may be vulnerable,
either the Intel(R) MEI/TXEI driver is not installed
(available from your system manufacturer)
or the system manufacturer does not permit access
to the ME/TXE from the host driver

Is this vulnerability maybe limited to only the processors that had virtual machine abilities?
The Intel page refers to BIOS updates from manufacturers, which makes me wonder if the issue is insurmountable simply by kernel patching?
If the motherboard doesn't have new BIOS available, is this threat only corrected by a new motherboard and processor?
 
1 members found this post helpful.
Old 01-03-2018, 02:14 PM   #456
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,568

Rep: Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087
Quote:
Originally Posted by bamunds View Post
Is this vulnerability maybe limited to only the processors that had virtual machine abilities?
The Intel page refers to BIOS updates from manufacturers, which makes me wonder if the issue is insurmountable simply by kernel patching?
If the motherboard doesn't have new BIOS available, is this threat only corrected by a new motherboard and processor?
Better explanation there:

Quote:
Originally Posted by libreboot.org/faq.html
Given the current state of Intel hardware with the Management Engine, it is our opinion that all performant x86 hardware newer than the AMD Family 15h CPUs (on AMD’s side) or anything post-2009 on Intel’s side is defective by design and cannot safely be used to store, transmit, or process sensitive data. Sensitive data is any data in which a data breach would cause significant economic harm to the entity which created or was responsible for storing said data, so this would include banks, credit card companies, or retailers (customer account records), in addition to the “usual” engineering and software development firms. This also affects whistleblowers, or anyone who needs actual privacy and security.
NB. The AMD Family 15h CPUs are the Buldozers, next one is the Zen (see Ryzens and ThreadRippers) and they have a PSP, which is just like Intel ME.

Honestly, I have no intention to use ever a Ryzen or a post-2009 Intel CPU even if I receive it gratis.

I own already two Buldozer x8 with 32GB DDR3 1600MHz, and other boxes driven by Phenom x4 CPUs and 16GB DDR2 1066MHz memory, which I suppose to safely give me another 20 years of computing, till I will reach 70 years as age.

Eventually, I will buy something like a KX-5000 Zhaoxin, but never again AMD or Intel.

https://techreport.com/news/33018/vi...or-chinese-pcs

Last edited by Darth Vader; 01-03-2018 at 03:25 PM.
 
2 members found this post helpful.
Old 01-03-2018, 03:10 PM   #457
BratPit
Member
 
Registered: Jan 2011
Posts: 236

Rep: Reputation: 84
Quote:
Originally Posted by bamunds View Post
Scanning the kernel changelog for 4.4 and 4.14 I don't see the x86/kpti patch applied yet to either. Currently using 4.4.106 on a Pentium D-820 which doesn't have VT-x ability and is part of Smithfield family not Skylake. The python script results were:

Manufacturer: emachines
Model: T5224
Processor Name: Intel(R) Pentium(R) D CPU 2.80GHz
OS Version: Slackware 14.2 (4.4.106-ba)
*** Risk Assessment ***
Detection Error: This system may be vulnerable,
either the Intel(R) MEI/TXEI driver is not installed
(available from your system manufacturer)
or the system manufacturer does not permit access
to the ME/TXE from the host driver

Is this vulnerability maybe limited to only the processors that had virtual machine abilities?
The Intel page refers to BIOS updates from manufacturers, which makes me wonder if the issue is insurmountable simply by kernel patching?
If the motherboard doesn't have new BIOS available, is this threat only corrected by a new motherboard and processor?
ME is an autonomous subsystem /not dependent on BIOS or your system / that has been incorporated in virtually all of Intel's processor chipsets since 2008
Mostly starting from PCH chipset with Nehelem processors on board.
As I understand vulnerability is to only that processors through ME subsystem which is completely autonomous and has independent access to all hardware through ME.
Karnel patch heals result not cause /ME side channel/ so it has side effect like slowdown performance.
Which simply explains piramid in this picture /what have full controll over what/ and the bug is in ME subsystem not kernel OS.

https://www.hostmat.eu/images/96322423182403222812.png

Your processor is from 2005r so that in your motherboard may not be implemented such thing like ME.

Last edited by BratPit; 01-03-2018 at 03:32 PM.
 
1 members found this post helpful.
Old 01-03-2018, 04:35 PM   #458
bamunds
Member
 
Registered: Sep 2013
Location: Mounds View MN
Distribution: Slackware64-14.2 Multilib
Posts: 529

Rep: Reputation: 135Reputation: 135
BatPitt, thanks for the information. The mobo is a Intel D945GCL which is still documented on the Intel website. I can not find any reference to the ME or TMEI concepts in either the mobo or cpu spec pages. Since it appears that both my cpu and mobo are from 2005 to 2007 timeframe and the suggestions are this issue creeped in around 2008 I'll consider this closed on this machine. Now on to my Dell 690 Precision workstation which is running Win10 (sorry my wife has some Windows/MAC financial apps which won't run in WINE argg)
 
1 members found this post helpful.
Old 01-03-2018, 04:58 PM   #459
Gerard Lally
Senior Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware, Crux, NetBSD
Posts: 1,407

Rep: Reputation: 861Reputation: 861Reputation: 861Reputation: 861Reputation: 861Reputation: 861Reputation: 861
Quote:
Originally Posted by Darth Vader View Post
Honestly, I have no intention to use ever a Ryzen or a post-2009 Intel CPU even if I receive it gratis.
All of this information is making my head spin. Do I need to worry: I have a dedicated server with 2 Intel Xeon E3-1245 processors? NetBSD on it at the moment but I had been toying with the idea of Slackware.
 
1 members found this post helpful.
Old 01-03-2018, 05:01 PM   #460
Gerard Lally
Senior Member
 
Registered: Sep 2009
Location: Ireland
Distribution: Slackware, Crux, NetBSD
Posts: 1,407

Rep: Reputation: 861Reputation: 861Reputation: 861Reputation: 861Reputation: 861Reputation: 861Reputation: 861
Quote:
Originally Posted by Darth Vader View Post
I own already two Buldozer x8 with 32GB DDR3 1600MHz, and other boxes driven by Phenom x4 CPUs and 16GB DDR2 1066MHz memory, which I suppose to safely give me another 20 years of computing, till I will reach 70 years as age.
That was my thinking in 2016 as well, when I put together a 2011 8-core AMD FX-9590 with 32 GB. Can't see myself needing anything else for the next 20 years.
 
1 members found this post helpful.
Old 01-03-2018, 06:21 PM   #461
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,568

Rep: Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087
Quote:
Originally Posted by Gerard Lally View Post
All of this information is making my head spin. Do I need to worry: I have a dedicated server with 2 Intel Xeon E3-1245 processors? NetBSD on it at the moment but I had been toying with the idea of Slackware.
Honestly? You should check if your hardware is affected, with that Intel tool at least.

Looks like the KPTI, which is implemented on fast-forward even by Windows and MacOS/X, try to fix a really serious issue.

How serious is that issue? Intel is secretive as usual, but it push hard all the operating systems around to take measures.

Last edited by Darth Vader; 01-03-2018 at 06:24 PM.
 
Old 01-03-2018, 07:33 PM   #462
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 3,825

Rep: Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101
Quote:
Originally Posted by willysr View Post
That patch is not yet accepted in Linus' tree for now, so it will not be backported to -stable. I guess we will have to wait for 4.14.12 or 13
The patch has now been pulled by Linus
 
3 members found this post helpful.
Old 01-03-2018, 07:38 PM   #463
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,568

Rep: Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087Reputation: 1087
Quote:
Originally Posted by willysr View Post
The patch has now been pulled by Linus
Brilliant! So, I can guess that we will see it in the next kernel backport?

Last edited by Darth Vader; 01-03-2018 at 07:41 PM.
 
Old 01-03-2018, 08:16 PM   #464
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,043

Rep: Reputation: 772Reputation: 772Reputation: 772Reputation: 772Reputation: 772Reputation: 772Reputation: 772
Quote:
Originally Posted by slalik View Post
I think this is for different security problem.
Any confirmation on whether this is indeed the KPTI vulnerability or something else?
 
Old 01-03-2018, 09:19 PM   #465
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 3,825

Rep: Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101Reputation: 1101
Quote:
Originally Posted by Darth Vader View Post
Brilliant! So, I can guess that we will see it in the next kernel backport?
Hope so, considering that 4.14.11 was just released yesterday, we could hope that Greg will bring that patch in the next -stable review
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux.conf.au: Latest Linux kernel release due early March DragonSlayer48DX Linux - News 0 01-18-2010 10:43 PM
No video on latest kernel release Tralce Linux - Kernel 3 11-30-2006 07:48 AM
What is the latest Redhat release TILEMANN Linux - Software 5 11-20-2006 10:48 PM
LXer: News: OpenVZ To Release Support, Patches for Latest Kernel LXer Syndicated Linux News 0 11-01-2006 10:54 PM
latest debian release? doralsoral Linux - Software 5 12-25-2004 12:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration