LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 02-01-2018, 12:13 AM   #586
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys for decades while testing others to keep up
Posts: 1,972

Rep: Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864Reputation: 1864

Today I tried to install the nVidia 390.25 full release on my 14.2 Multilib with a custom 4.14.12 kernel that had the beta version installed and working great for a few weeks now. The full release driver would not build even though the beta 390.12 Beta built with no issues at all. I searched for "nVidia 390.25 kernel 4.14.12" and got a hit for a page saying 4.15 kernel final was out and that nVidia new drivers built just fine on it. So I downloaded the tarball, did make oldconfig, and built and installed it, booted first time and installed nVidia Full Release without nary a peep. Works great. I'm pleased.
 
2 members found this post helpful.
Old 02-02-2018, 05:15 AM   #587
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" & Xfce.
Posts: 4,207
Blog Entries: 1

Original Poster
Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
I didn't try to build the 390.25 driver with the 4.14.12 kernel, but it did build with the 4.14.15 kernel. As you have experienced, the 390.25 Long Term driver has also worked extremely well with the 4.15 kernel.
 
Old 02-03-2018, 03:20 PM   #588
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" & Xfce.
Posts: 4,207
Blog Entries: 1

Original Poster
Rep: Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530Reputation: 1530
Kernel updates 4.15.1, 4.14.17, 4.9.80, and 4.4.115 are now available at, https://www.kernel.org/.

The change logs,

https://cdn.kernel.org/pub/linux/ker...angeLog-4.15.1

https://cdn.kernel.org/pub/linux/ker...ngeLog-4.14.17

https://cdn.kernel.org/pub/linux/ker...angeLog-4.9.80

https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.115

Last edited by cwizardone; 02-03-2018 at 03:23 PM.
 
2 members found this post helpful.
Old 02-07-2018, 03:56 PM   #589
Lysander666
Member
 
Registered: Apr 2017
Location: London
Distribution: Slackware 14.2 + Xfce
Posts: 786
Blog Entries: 1

Rep: Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669
Hmm installed the new kernel and the checker tool says I'm not protected against Meltdown, odd.

Code:
Spectre and Meltdown mitigation detection tool v0.29

Checking for vulnerabilities against running kernel Linux 4.4.115-smp #2 SMP Mon Feb 5 22:30:37 CST 2018 i686
CPU is Intel(R) Atom(TM) CPU N270 @ 1.60GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
STATUS:  VULNERABLE  (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
STATUS:  VULNERABLE  (Vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
bash-4.3# exit
EDIT: I was using an out of date tool. Newer version from here https://github.com/speed47/spectre-meltdown-checker

Code:
bash-4.3# ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.34+

Checking for vulnerabilities on current system
Kernel is Linux 4.4.115-smp #2 SMP Mon Feb 5 22:30:37 CST 2018 i686
CPU is Intel(R) Atom(TM) CPU N270   @ 1.60GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates IBRS capability:  NO
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO
    * CPU indicates IBPB capability:  NO
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO
    * CPU indicates STIBP capability:  NO
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 28 stepping 2 ucode 0x20a)
* CPU vulnerability to the three speculative execution attacks variants
  * Vulnerable to Variant 1:  NO
  * Vulnerable to Variant 2:  NO
  * Vulnerable to Variant 3:  NO

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel has array_index_mask_nospec:  NO
* Checking count of LFENCE instructions following a jump in kernel...  NO  (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  NO
  * Currently enabled features
    * IBRS enabled for Kernel space:  NO
    * IBRS enabled for User space:  NO
    * IBPB enabled:  NO
* Mitigation 2
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
  * Retpoline enabled:  YES
STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
* Kernel supports Page Table Isolation (PTI):  NO
* PTI enabled and active:  NO
* Running as a Xen PV DomU:  NO
STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
Forgot - I'm in that very small percentage who aren't affected anyway.

Last edited by Lysander666; 02-07-2018 at 04:06 PM.
 
1 members found this post helpful.
Old 02-07-2018, 04:11 PM   #590
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,426

Rep: Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832
EDIT: I am too slow ... I'll have to update my version of spectre-meltdown-checker.sh

Lysander666 ---

Maybe the Atom N270 is one of the ~10-Year Old Processors that will receive the Meltdown PTI Firmware fix 'later' ?

-- kjh

This gawk command will print the CPU Vulnerabilities and whether or not it is mitigated according to the Kernel.

For my i7 6700K laptop with a self-built 4.4.115 Kernel:

Code:
# gawk '{ print FILENAME ":\t" $0 }' /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/meltdown:       Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Vulnerable: Minimal generic ASM retpoline

Last edited by kjhambrick; 02-07-2018 at 04:13 PM.
 
4 members found this post helpful.
Old 02-07-2018, 04:23 PM   #591
Lysander666
Member
 
Registered: Apr 2017
Location: London
Distribution: Slackware 14.2 + Xfce
Posts: 786
Blog Entries: 1

Rep: Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669
Ah thanks for that. I get

Code:
bash-4.3# gawk '{ print FILENAME ":\t" $0 }' /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/meltdown:	Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:	Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:	Mitigation: Full generic retpoline
So the 0.29 was still correct. Interesting. I wonder that it's because of the CPU that there's no Meltdown mitigation there.

Not that I can apparently be affected but it's still nice to know.

Last edited by Lysander666; 02-07-2018 at 04:25 PM.
 
1 members found this post helpful.
Old 02-07-2018, 05:09 PM   #592
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,426

Rep: Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832
All --

Kernels 4.15.2, 4.14.18 and 3.18.94 are now available.

Handy Links:
Code:
stable:    4.15.2        Source ChangeLog 2018-02-07
stable:    4.14.18       Source ChangeLog 2018-02-07 ( Slackware-current )
longterm:  3.18.94 [EOL] Source ChangeLog 2018-02-07
No CVE References were found for 4.15.2, 4.14.18 or 3.18.94

As always, do check the ChangeLogs for other security-related fixes.

Check for the Latest Updates at www.kernel.org.

Have Fun All'Y'All !

-- kjh
 
2 members found this post helpful.
Old 02-07-2018, 05:21 PM   #593
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,426

Rep: Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832
Quote:
Originally Posted by Lysander666 View Post
Ah thanks for that. I get

Code:
bash-4.3# gawk '{ print FILENAME ":\t" $0 }' /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/meltdown:	Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:	Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:	Mitigation: Full generic retpoline
So the 0.29 was still correct. Interesting. I wonder that it's because of the CPU that there's no Meltdown mitigation there.

Not that I can apparently be affected but it's still nice to know.
Lysander666 --

Hoo boy ... I don't know the status of all this from minute-to-minute and from system-to-system ... I am so confused

I do have a LWN subscription and Jonathan Corbet published Meltdown and Spectre mitigations a February update ( subscribers only ) on Monday, Feb 5 which means the Article will be openly available next Monday, Feb 12 or so.

To the best of my understanding, on Intel Processors, Meltdown MAY be mitigated via the PTI Firmware Patch, there is no mitigation yet for Spectre v1 and the recent retpoline updates to gcc, glibc and the Kernel can fix Spctre v2 ... but remember, I confused

-- kjh
 
2 members found this post helpful.
Old 02-08-2018, 01:00 PM   #594
Coastal Disturbance
LQ Newbie
 
Registered: Feb 2018
Posts: 7

Rep: Reputation: Disabled
Nice!

Code:
% uname -rms
Linux 4.14.18 x86_64

% awk '{ print FILENAME ":\t" $0 }' /sys/devices/system/cpu/vulnerabilities/* 
/sys/devices/system/cpu/vulnerabilities/meltdown:	Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:	Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:	Mitigation: Full generic retpoline
 
2 members found this post helpful.
Old 02-08-2018, 04:37 PM   #595
yvesjv
Member
 
Registered: Sep 2015
Location: Australia
Distribution: Slackware, Debian, Freebsd
Posts: 47

Rep: Reputation: Disabled
Just installed 4.15.2 and looks like Meltdown and Spectre1/2 are fixed.
 
5 members found this post helpful.
Old 02-08-2018, 05:07 PM   #596
Lysander666
Member
 
Registered: Apr 2017
Location: London
Distribution: Slackware 14.2 + Xfce
Posts: 786
Blog Entries: 1

Rep: Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669
Great news. Hope the full fixes come over to Slackware stable [and Debian] very soon.
 
1 members found this post helpful.
Old 02-08-2018, 05:36 PM   #597
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,294
Blog Entries: 4

Rep: Reputation: Disabled
If you're using kernel 4.15 on Slackware 14.2, the crda package from -current (crda-3.18-x86_64-5) can be installed on 14.2 and works great, if you need the regulatory.db file (thanks RandomTroll).

In other 4.15 news, b43 wifi isn't working. They didn't mention queueing that patch for stable....
 
1 members found this post helpful.
Old 02-08-2018, 06:33 PM   #598
Paulo2
Member
 
Registered: Aug 2012
Distribution: Slackware64 -current (started with 13.37(32))
Posts: 402

Rep: Reputation: 125Reputation: 125
It seems that only with 4.14.18 (maybe next kernel for -current ) and 4.15.2 the Spectre v1 is mitigated.
Code:
root@paulobash~# cat 4.14.17-x86_64 
/sys/devices/system/cpu/vulnerabilities/meltdown:       Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full AMD retpoline

root@paulobash~# cat 4.15.1-custom-x86_64 
/sys/devices/system/cpu/vulnerabilities/meltdown:       Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full AMD retpoline
 
2 members found this post helpful.
Old 02-09-2018, 07:36 AM   #599
Lysander666
Member
 
Registered: Apr 2017
Location: London
Distribution: Slackware 14.2 + Xfce
Posts: 786
Blog Entries: 1

Rep: Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669Reputation: 669
Quote:
Originally Posted by Paulo2 View Post
It seems that only with 4.14.18 (maybe next kernel for -current ) and 4.15.2 the Spectre v1 is mitigated.
Code:
root@paulobash~# cat 4.14.17-x86_64 
/sys/devices/system/cpu/vulnerabilities/meltdown:       Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full AMD retpoline

root@paulobash~# cat 4.15.1-custom-x86_64 
/sys/devices/system/cpu/vulnerabilities/meltdown:       Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full AMD retpoline
In 64bit. 32bit users are being rather left behind here. No mitigation for Meltdown as yet.
 
2 members found this post helpful.
Old 02-09-2018, 07:37 AM   #600
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,426

Rep: Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832Reputation: 832
Today's Slackware64 current 4.14.18 update fixes Spectre v1 on my test box:
Code:
# uname -a

Linux samsung.kjh.home 4.14.18 #1 SMP Thu Feb 8 12:48:42 CST 2018 x86_64 Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz GenuineIntel GNU/Linux
4.4.17 ( updates thru Wed Feb 7 04:28:48 UTC 2018 )
Code:
/sys/devices/system/cpu/vulnerabilities/meltdown:       Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full generic retpoline
4.4.18 ( includes Fri Feb 9 02:50:56 UTC 2018 updates )
Code:
/sys/devices/system/cpu/vulnerabilities/meltdown:       Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:     Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:     Mitigation: Full generic retpoline
Thanks to Pat and the Team !

-- kjh( Woo Hoo ( ! THUNK ! ))
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux.conf.au: Latest Linux kernel release due early March DragonSlayer48DX Linux - News 0 01-18-2010 11:43 PM
No video on latest kernel release Tralce Linux - Kernel 3 11-30-2006 08:48 AM
What is the latest Redhat release TILEMANN Linux - Software 5 11-20-2006 11:48 PM
LXer: News: OpenVZ To Release Support, Patches for Latest Kernel LXer Syndicated Linux News 0 11-01-2006 11:54 PM
latest debian release? doralsoral Linux - Software 5 12-25-2004 01:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration