LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-10-2018, 04:33 AM   #526
GazL
Senior Member
 
Registered: May 2008
Posts: 4,559
Blog Entries: 9

Rep: Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052Reputation: 2052

4.14.13 built, installed and booted, using latest (20180108) intel microcode package. Only been up a few minutes, so I can't report much more than "it boots ok" at present.
 
1 members found this post helpful.
Old 01-10-2018, 07:59 AM   #527
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,131

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
I am now running 4.4.111 + intel-ucode 2017-01-08 ( microcode: CPU0 microcode updated early to revision 0xc2, date = 2017-11-16 ) on my Skylake i7 6700K Laptop.

Like GazL, I can report that it booted fine

Below my sig is is interesting commit note from the 4.4.111 ChangeLog.

While the commit references an issue with KDE, the fix is actually an improvement for /proc/vmstat so it may help everybody.

I imagine there will be more improvements like this one in the next few weeks / months.

-- kjh

Code:
commit 90191f71d74901ff88cd10039c03b98ca8a66c08
Author: Alexey Dobriyan <adobriyan@gmail.com>
Date:   Fri Oct 7 17:02:14 2016 -0700

    proc: much faster /proc/vmstat
    
    commit 68ba0326b4e14988f9e0c24a6e12a85cf2acd1ca upstream.
    
    Every current KDE system has process named ksysguardd polling files
    below once in several seconds:
    
            $ strace -e trace=open -p $(pidof ksysguardd)
            Process 1812 attached
            open("/etc/mtab", O_RDONLY|O_CLOEXEC)   = 8
            open("/etc/mtab", O_RDONLY|O_CLOEXEC)   = 8
            open("/proc/net/dev", O_RDONLY)         = 8
            open("/proc/net/wireless", O_RDONLY)    = -1 ENOENT (No such file or directory)
            open("/proc/stat", O_RDONLY)            = 8
            open("/proc/vmstat", O_RDONLY)          = 8
    
    Hell knows what it is doing but speed up reading /proc/vmstat by 33%!
    
    Benchmark is open+read+close 1.000.000 times.
    
                            BEFORE
    $ perf stat -r 10 taskset -c 3 ./proc-vmstat
    
     Performance counter stats for 'taskset -c 3 ./proc-vmstat' (10 runs):
    
          13146.768464      task-clock (msec)         #    0.960 CPUs utilized            ( +-  0.60% )
                    15      context-switches          #    0.001 K/sec                    ( +-  1.41% )
                     1      cpu-migrations            #    0.000 K/sec                    ( +- 11.11% )
                   104      page-faults               #    0.008 K/sec                    ( +-  0.57% )
        45,489,799,349      cycles                    #    3.460 GHz                      ( +-  0.03% )
         9,970,175,743      stalled-cycles-frontend   #   21.92% frontend cycles idle     ( +-  0.10% )
         2,800,298,015      stalled-cycles-backend    #   6.16% backend cycles idle       ( +-  0.32% )
        79,241,190,850      instructions              #    1.74  insn per cycle
                                                      #    0.13  stalled cycles per insn  ( +-  0.00% )
        17,616,096,146      branches                  # 1339.956 M/sec                    ( +-  0.00% )
           176,106,232      branch-misses             #    1.00% of all branches          ( +-  0.18% )
    
          13.691078109 seconds time elapsed                                          ( +-  0.03% )
          ^^^^^^^^^^^^
    
                            AFTER
    $ perf stat -r 10 taskset -c 3 ./proc-vmstat
    
     Performance counter stats for 'taskset -c 3 ./proc-vmstat' (10 runs):
    
           8688.353749      task-clock (msec)         #    0.950 CPUs utilized            ( +-  1.25% )
                    10      context-switches          #    0.001 K/sec                    ( +-  2.13% )
                     1      cpu-migrations            #    0.000 K/sec
                   104      page-faults               #    0.012 K/sec                    ( +-  0.56% )
        30,384,010,730      cycles                    #    3.497 GHz                      ( +-  0.07% )
        12,296,259,407      stalled-cycles-frontend   #   40.47% frontend cycles idle     ( +-  0.13% )
         3,370,668,651      stalled-cycles-backend    #  11.09% backend cycles idle       ( +-  0.69% )
        28,969,052,879      instructions              #    0.95  insn per cycle
                                                      #    0.42  stalled cycles per insn  ( +-  0.01% )
         6,308,245,891      branches                  #  726.058 M/sec                    ( +-  0.00% )
           214,685,502      branch-misses             #    3.40% of all branches          ( +-  0.26% )
    
           9.146081052 seconds time elapsed                                          ( +-  0.07% )
           ^^^^^^^^^^^
    
    vsnprintf() is slow because:
    
    1. format_decode() is busy looking for format specifier: 2 branches
       per character (not in this case, but in others)
    
    2. approximately million branches while parsing format mini language
       and everywhere
    
    3.  just look at what string() does /proc/vmstat is good case because
       most of its content are strings
    
    Link: http://lkml.kernel.org/r/20160806125455.GA1187@p183.telecom.by
    Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
    Cc: Joe Perches <joe@perches.com>
    Cc: Andi Kleen <andi@firstfloor.org>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Mel Gorman <mgorman@suse.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
3 members found this post helpful.
Old 01-10-2018, 09:39 AM   #528
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,131

Rep: Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543Reputation: 543
3.16.53 and 3.2.98 ( Slackware 14.0 )

All --

Kernels 3.16.53 and 3.2.98 are available.

Handy Links:
Code:
longterm:  3.16.53 Source ChangeLog 2018-01-09
longterm:  3.2.98  Source ChangeLog 2018-01-07 ( Slackware-14.0 )
No CVE References were found for 3.16.53 or 3.2.98

As always, do check the ChangeLogs for other security-related fixes.

Check for the Latest Updates at www.kernel.org.

Have Fun All'Y'All !

-- kjh
 
1 members found this post helpful.
Old 01-11-2018, 09:13 PM   #529
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware has beern Main OpSys for decades while testing others to keep up
Posts: 1,554

Rep: Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514Reputation: 1514
If you'd like to check any kernel for mitigation of Spectre-Meltdown there is a script here

--- Spectre-Meltdown Checker ---
 
4 members found this post helpful.
Old 01-12-2018, 12:02 PM   #530
Aeterna
Member
 
Registered: Aug 2017
Location: Terra Mater
Distribution: VM Host: Slackware-current, VM Guests: Artix, CRUX, FreeBSD, Funtoo, HardenedBSD, OpenIndiana
Posts: 101

Rep: Reputation: Disabled
Question:
since I do not have Slackware kernel installed, I wonder if CONFIG_BPF_JIT is disabled (this mitigates partially ver 1 on both intel and AMD)?

thank you
 
1 members found this post helpful.
Old 01-12-2018, 01:00 PM   #531
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1 on Lenovo Thinkpad W520
Posts: 7,958

Rep: Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833Reputation: 2833
Quote:
Originally Posted by Aeterna View Post
Question:
since I do not have Slackware kernel installed, I wonder if CONFIG_BPF_JIT is disabled (this mitigates partially ver 1 on both intel and AMD)?

thank you
Try this:
Code:
zgrep BPF_JIT /proc/config.gz
 
2 members found this post helpful.
Old 01-12-2018, 01:12 PM   #532
Aeterna
Member
 
Registered: Aug 2017
Location: Terra Mater
Distribution: VM Host: Slackware-current, VM Guests: Artix, CRUX, FreeBSD, Funtoo, HardenedBSD, OpenIndiana
Posts: 101

Rep: Reputation: Disabled
Quote:
Originally Posted by Didier Spaier View Post
Try this:
Code:
zgrep BPF_JIT /proc/config.gz
I know how to check for BPF_JIT (I am using custom kernels) and I have it disabled.
That is not my question:
Since default kernel from kernel.org has BPF_JIT enabled, I wonder if Slackware kernel has BPF_JIT disabled or not? I do not have Slackware kernel installed so I can't check JIT status.
 
Old 01-12-2018, 01:22 PM   #533
BratPit
Member
 
Registered: Jan 2011
Posts: 222

Rep: Reputation: 63
Quote:
Originally Posted by Aeterna View Post
Question:
since I do not have Slackware kernel installed, I wonder if CONFIG_BPF_JIT is disabled (this mitigates partially ver 1 on both intel and AMD)?

thank you
This mitigate AMD but not Intel.
 
Old 01-12-2018, 02:59 PM   #534
AlleyTrotter
Member
 
Registered: Jun 2002
Location: Coal Township PA
Distribution: Slackware64-14.2 (4.14.13) UEFI enabled
Posts: 459

Rep: Reputation: 139Reputation: 139
Quote:
Originally Posted by Aeterna View Post
I know how to check for BPF_JIT (I am using custom kernels) and I have it disabled.
That is not my question:
Since default kernel from kernel.org has BPF_JIT enabled, I wonder if Slackware kernel has BPF_JIT disabled or not? I do not have Slackware kernel installed so I can't check JIT status.
Code:
grep -i BPF_JIT /boot/config-4.14.13
CONFIG_BPF_JIT=y
CONFIG_HAVE_EBPF_JIT=y
I am using the config from current in all my kernels for 4.14
HTH
john

Last edited by AlleyTrotter; 01-12-2018 at 03:01 PM.
 
1 members found this post helpful.
Old 01-12-2018, 03:09 PM   #535
Aeterna
Member
 
Registered: Aug 2017
Location: Terra Mater
Distribution: VM Host: Slackware-current, VM Guests: Artix, CRUX, FreeBSD, Funtoo, HardenedBSD, OpenIndiana
Posts: 101

Rep: Reputation: Disabled
Quote:
Originally Posted by AlleyTrotter View Post
Code:
grep -i BPF_JIT /boot/config-4.14.13
CONFIG_BPF_JIT=y
CONFIG_HAVE_EBPF_JIT=y
I am using the config from current in all my kernels for 4.14
HTH
john
Thank you very much for answering my question.
 
Old 01-12-2018, 03:21 PM   #536
bassmadrigal
Senior Member
 
Registered: Nov 2003
Location: Newport News, VA
Distribution: Slackware
Posts: 4,753

Rep: Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637Reputation: 2637
Quote:
Originally Posted by Aeterna View Post
I know how to check for BPF_JIT (I am using custom kernels) and I have it disabled.
That is not my question:
Since default kernel from kernel.org has BPF_JIT enabled, I wonder if Slackware kernel has BPF_JIT disabled or not? I do not have Slackware kernel installed so I can't check JIT status.
It's easy to check Slackware's kernel configs on your favorite mirror

https://mirror.slackbuilds.org/slack...config-x86_64/
 
Old 01-12-2018, 03:25 PM   #537
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 1,963

Rep: Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698
In other hand, looks like our BDFL should decide either he ships "hacker level kernels" or at least some solid secured desktop ones.

CONFIG_BPF_JIT may accelerate the packet sniffing, but in other hand, simplify the life of those who try to speculate the Spectre.

Long story short, I think Mr. Robot and his friends knows well how to build their custom sniffing kernels, but for the rookies who just want to browse the net with Firefox, could be problematic to customize and secure their kernels.

Last edited by Darth Vader; 01-12-2018 at 04:26 PM.
 
Old 01-12-2018, 04:12 PM   #538
Aeterna
Member
 
Registered: Aug 2017
Location: Terra Mater
Distribution: VM Host: Slackware-current, VM Guests: Artix, CRUX, FreeBSD, Funtoo, HardenedBSD, OpenIndiana
Posts: 101

Rep: Reputation: Disabled
Quote:
Originally Posted by Darth Vader View Post
In other hand, looks like our BDFL should decide either he ships "hacker level kernels" or at least some solid secured desktop ones.

CONFIG_BPF_JIT may accelerate the packet sniffing, but in other hand, simplify the life of those who try to speculate the Spectre.

Long story short, I think Mr. Robot and his friends knows how to build their custom sniffing kernels, but for the rookies who just want to browse the net with Firefox, could be problematic to customize and secure his kernels.
Mr Robot got probably these patches already:

https://linux.oracle.com/errata/ELSA-2018-4006.html
or similar
If these are not in the main tree, there is probably a reason, but Mr. Robot would manage..
 
2 members found this post helpful.
Old 01-12-2018, 04:46 PM   #539
bamunds
Member
 
Registered: Sep 2013
Location: Mounds View MN
Distribution: Slackware64-14.2 Multilib
Posts: 420

Rep: Reputation: 91
Quote:
Originally Posted by Aeterna View Post
Question:
since I do not have Slackware kernel installed, I wonder if CONFIG_BPF_JIT is disabled (this mitigates partially ver 1 on both intel and AMD)?
Actually it is just the opposite of what you state. The BPF_JIT wants to be enabled to slow down any hackers, because it enables JIT processing exclusively. See https://github.com/torvalds/linux/co...9107da031705cb
Cheers
 
2 members found this post helpful.
Old 01-12-2018, 05:33 PM   #540
Aeterna
Member
 
Registered: Aug 2017
Location: Terra Mater
Distribution: VM Host: Slackware-current, VM Guests: Artix, CRUX, FreeBSD, Funtoo, HardenedBSD, OpenIndiana
Posts: 101

Rep: Reputation: Disabled
Quote:
Originally Posted by bamunds View Post
Actually it is just the opposite of what you state. The BPF_JIT wants to be enabled to slow down any hackers, because it enables JIT processing exclusively. See https://github.com/torvalds/linux/co...9107da031705cb
Cheers
https://googleprojectzero.blogspot.c...with-side.html
/boot/config-4.14.13
# CONFIG_BPF_JIT is not set
CONFIG_HAVE_EBPF_JIT=y

Quote:
Unlike classic BPF, eBPF has data types like data arrays and function pointer arrays into which eBPF bytecode can index. Therefore, it is possible to create the code pattern described above in the kernel using eBPF bytecode.

eBPF's data arrays are less efficient than its function pointer arrays, so the attack will use the latter where possible.
you can disable BPF and leave EBPF

edited:
actually you should disable BPF (AMD)
and leave eBPF on

Last edited by Aeterna; 01-12-2018 at 11:10 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux.conf.au: Latest Linux kernel release due early March DragonSlayer48DX Linux - News 0 01-18-2010 11:43 PM
No video on latest kernel release Tralce Linux - Kernel 3 11-30-2006 08:48 AM
What is the latest Redhat release TILEMANN Linux - Software 5 11-20-2006 11:48 PM
LXer: News: OpenVZ To Release Support, Patches for Latest Kernel LXer Syndicated Linux News 0 11-01-2006 11:54 PM
latest debian release? doralsoral Linux - Software 5 12-25-2004 01:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 07:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration