LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-29-2018, 05:23 AM   #841
Lysander666
Senior Member
 
Registered: Apr 2017
Location: The Underearth
Distribution: Slackware
Posts: 1,580
Blog Entries: 3

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593

Quote:
Originally Posted by brianL View Post
4.4.153 running OK here.
Code:
root@slackdesk2:~# cat /sys/devices/system/cpu/vulnerabilities/l1tf
Mitigation: Page Table Inversion
Will be interesting to see the mitigations for this on 32bit, since it's been lagging behind 64. Will install it later and report back.
 
2 members found this post helpful.
Old 08-29-2018, 01:32 PM   #842
Lysander666
Senior Member
 
Registered: Apr 2017
Location: The Underearth
Distribution: Slackware
Posts: 1,580
Blog Entries: 3

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593
Here is the situation for me on 64bit and 32bit for 4.4.153:

64:

Code:
lysander@psychopig-xxxiv:~$ gawk '{ print FILENAME ":\t" $0 }' /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:	Mitigation: Page Table Inversion
/sys/devices/system/cpu/vulnerabilities/meltdown:	Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:	Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:	Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:	Mitigation: Full generic retpoline
lysander@psychopig-xxxiv:~$
32 - gawk above doesn't say anything that helpful apart from "not affected" on all counts. This is more helpful:

Code:
root@lysurfer_viii:/home/lysander/spectre-meltdown-checker-master/newversion# ./spectre-meltdown-checker.sh 
Spectre and Meltdown mitigation detection tool v0.37+

Checking for vulnerabilities on current system
Kernel is Linux 4.4.153-smp #1 SMP Tue Aug 28 14:22:38 CDT 2018 i686
CPU is Intel(R) Atom(TM) CPU N270   @ 1.60GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates IBRS capability:  NO 
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  NO 
    * CPU indicates IBPB capability:  NO 
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  NO 
    * CPU indicates STIBP capability:  NO 
  * Speculative Store Bypass Disable (SSBD)
    * CPU indicates SSBD capability:  NO 
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO 
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO 
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO 
  * CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO):  NO 
  * CPU microcode is known to cause stability problems:  NO  (model 0x1c family 0x6 stepping 0x2 ucode 0x20a cpuid 0x106c2)
* CPU vulnerability to the speculative execution attack variants
  * Vulnerable to Variant 1:  NO 
  * Vulnerable to Variant 2:  NO 
  * Vulnerable to Variant 3:  NO 
  * Vulnerable to Variant 3a:  NO 
  * Vulnerable to Variant 4:  NO 

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (Not affected)
* Kernel has array_index_mask_nospec (x86):  NO 
* Kernel has the Red Hat/Ubuntu patch:  NO 
* Kernel has mask_nospec64 (arm):  NO 
* Checking count of LFENCE instructions following a jump in kernel...  NO  (only 0 jump-then-lfence instructions found, should be >= 30 (heuristic))
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (Not affected)
* Mitigation 1
  * Kernel is compiled with IBRS support:  YES 
    * IBRS enabled and active:  NO 
  * Kernel is compiled with IBPB support:  YES 
    * IBPB enabled and active:  NO 
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO 
  * Kernel compiled with retpoline option:  YES 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (Not affected)
* Kernel supports Page Table Isolation (PTI):  NO 
  * PTI enabled and active:  NO 
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
* CPU microcode mitigates the vulnerability:  NO 
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface:  YES  (Not affected)
* Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

A false sense of security is worse than no security at all, see --disclaimer

Last edited by Lysander666; 08-29-2018 at 01:37 PM.
 
2 members found this post helpful.
Old 08-29-2018, 01:57 PM   #843
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 985

Rep: Reputation: 514Reputation: 514Reputation: 514Reputation: 514Reputation: 514Reputation: 514
Quote:
Originally Posted by cwizardone View Post
The security patched 4.4.153 kernel for Slackware-14.2 is now available.
Can you please provide me with a link from where you got that changelog snippet? I'm curios about the actual commit(s) that are mitigating the CVE-2018-3615/3620/3546 and maybe I can find this info in the changelog. Just want to look at the code and see if it checks the microcode capabilities & stuff. I got confused by the recent kernel devs efforts for mitigating these issues and I remember editing several times the post in the Slackware security thread, just because I was not sure anymore about what patch was actually approved&released.
Thanks!
EDIT
Sorry! Never mind, it was from the Slackware Changelog.
I was looking at:
https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.153
And couldn't find the explicit enumeration of the CVEs but only some references about L1TF and the commit adaba23ccd7d1625942f2c27612d2b416c87e011. Will follow that path now.

Last edited by abga; 08-29-2018 at 02:09 PM.
 
Old 08-30-2018, 09:34 AM   #844
maeschbach
LQ Newbie
 
Registered: Jul 2010
Location: Switzerland
Distribution: Slackware64 14.2
Posts: 16

Rep: Reputation: 0
Problems running X11 with kernel 4.4.153

I recently installed Slackware64 14.2 and wanted to update the kernel to 4.4.153, but a then very slow X11 made me reinstall the original 4.4.14 kernel (kernel driver is nouveau and my graphic card is a GeForce GTX 980M).
 
Old 08-31-2018, 02:34 PM   #845
abga
Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 985

Rep: Reputation: 514Reputation: 514Reputation: 514Reputation: 514Reputation: 514Reputation: 514
@maeschbach - check:
https://www.linuxquestions.org/quest...9/#post5898500
 
2 members found this post helpful.
Old 09-02-2018, 04:53 PM   #846
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" & Xfce.
Posts: 4,727

Original Poster
Blog Entries: 1

Rep: Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094
4.19-rc2

The second release candidate of the mainline 4.19 series is now available for testing.

The tarball, https://git.kernel.org/torvalds/t/linux-4.19-rc2.tar.gz

Mr. Torvalds' announcement, http://lkml.iu.edu/hypermail/linux/k...9.0/00713.html

Last edited by cwizardone; 09-02-2018 at 05:00 PM.
 
1 members found this post helpful.
Old 09-04-2018, 03:21 PM   #847
Lysander666
Senior Member
 
Registered: Apr 2017
Location: The Underearth
Distribution: Slackware
Posts: 1,580
Blog Entries: 3

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593
Is it possible that I could be experiencing significantly improved battery life on 4.4.153? I noticed this within about 15 mins of turning the netbook on today. Now, I know that acpi just estimates things, but this is very good.

On previous kernels, esp 4.4.144, I think on average I would get about 4.5 hours of battery life out of the netbook. Now, neofetch says it's been up for four hours so far, but shave two of those off for being on suspend on public transport... and apparently another four or so to go at ~70%. To be realistic I'll call that around six or so. I'm sure this is better than normal for this machine.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2018-09-04_21-14-54.png
Views:	34
Size:	73.9 KB
ID:	28529  
 
1 members found this post helpful.
Old 09-05-2018, 06:45 AM   #848
55020
Senior Member
 
Registered: Sep 2009
Location: Yorks. W.R. 167397
Distribution: Slackware
Posts: 1,307
Blog Entries: 4

Rep: Reputation: Disabled
Quote:
Originally Posted by Daedra View Post
Ok not arguing because I agree that it will probably be a LTS kernel. but right now it says "TBD" to be determined, so that tell me there is no official response that 4.19 will be long term.
"We have asked to GregKH. Does 4.19 will be next LTS? Answer was YES. LTS version will be end of year release. So it will be 4.19. We expected 4.20 in June but some delay happened actually." @LinuxLTSI 11:54 pm 29 Aug 2018
 
2 members found this post helpful.
Old 09-05-2018, 07:07 AM   #849
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 4,787

Rep: Reputation: Disabled
they have not been announced yet on kernel.org, but kernels 4.4.154, 4.9.125, 4.14.68 and 4.18.6 are already available since some hours on https://kernel.org/pub/linux/kernel/v4.x/
 
5 members found this post helpful.
Old 09-05-2018, 09:39 AM   #850
AlleyTrotter
Member
 
Registered: Jun 2002
Location: Coal Township PA
Distribution: Slackware64-14.2 (5.1.10) UEFI enabled (LFS-8.4 when Slackware becomes too easy)
Posts: 535

Rep: Reputation: 193Reputation: 193
4.18.6 built and running on Slackware64-14.2
No problemo
AlleyTrotter
 
1 members found this post helpful.
Old 09-05-2018, 10:51 AM   #851
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,483

Rep: Reputation: 917Reputation: 917Reputation: 917Reputation: 917Reputation: 917Reputation: 917Reputation: 917Reputation: 917
Thanks ponce.

Built ; installed ; booted 4.4.154 on my Main Slackware64 14.2 + MultiLib Laptop and all is well.

I also installed it on a ZOTAC ZBOX BI325 to see if there were any changes ( there have been no Firmware Files for the Celeron B3160 - ( Family + Model + Stepping ) = 06-4c-04 )) -- no change ...

-- kjh

These are the S&M related commits in 4.4.154 ...

Lysander666 -- note that the last three are 32-bit commits.

Code:
./.get-commit -i -a 'cve-' -e l1tf -e speculat -e spectre linux-4.4.154-ChangeLog 

# Title       | Search Linux ChangeLogs
# Command     | /home/dld/slackware/kjh-kernel/dld/.get-commit -i -a cve- -e l1tf -e speculat -e spectre linux-4.4.154-ChangeLog
# Ignore Case | is ON
# SynopsisREx | 'l1tf' -or- 'speculat' -or- 'spectre'
# Generic REx | 'cve-'
# Run Date    | Wed Sep  5 10:48:04 CDT 2018
# 
# FileName                       | Commit                                   | Date                           | Synopsys
  linux-4.4.154-ChangeLog        | 2edb10cbf21fca9b220a2bdf0b87b7bbeaf1e1e9 | Fri Aug 24 10:03:51 2018 -0700 | x86/spectre: Add missing family 6 check to microcode check
  linux-4.4.154-ChangeLog        | 72f6531162bd2f1b57e8114c8358fca507090f41 | Thu Aug 23 16:21:29 2018 +0200 | x86/speculation/l1tf: Suggest what to do on systems with too much RAM
  linux-4.4.154-ChangeLog        | 7b69cd6fa088e473869512672969e6c490cac1b6 | Thu Aug 23 15:44:18 2018 +0200 | x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
  linux-4.4.154-ChangeLog        | 6a56bd7f2ea31d4c86849b8f67d4e2dc1cb5b788 | Mon Aug 20 11:58:35 2018 +0200 | x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
 
3 members found this post helpful.
Old 09-05-2018, 11:46 AM   #852
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" & Xfce.
Posts: 4,727

Original Poster
Blog Entries: 1

Rep: Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094
The 4.18.6 update includes several worthwhile improvements.

Here are all the tweaks "fit to print."


http://lkml.iu.edu/hypermail/linux/k...9.0/03552.html


The dusk-4.18.6 and 4.4.154 kernels can be found at,
https://dusk.idlemoor.tk/

The dusk-4.18.6 kernel is running perfectly on this box with -current and the Nvidia-396.54.02 driver.

Last edited by cwizardone; 09-09-2018 at 01:34 PM. Reason: Remove long list. Please use the link to the same information.
 
2 members found this post helpful.
Old 09-09-2018, 06:58 AM   #853
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" & Xfce.
Posts: 4,727

Original Poster
Blog Entries: 1

Rep: Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094
The 4.18.7 Kernel update is now available at,

https://www.kernel.org/

The change log,

https://cdn.kernel.org/pub/linux/ker...angeLog-4.18.7


Dave's Unofficial Slackbuilt Kernels can be found at,

https://dusk.idlemoor.tk/

Last edited by cwizardone; 09-09-2018 at 07:07 AM.
 
2 members found this post helpful.
Old 09-09-2018, 01:20 PM   #854
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib" & Xfce.
Posts: 4,727

Original Poster
Blog Entries: 1

Rep: Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094Reputation: 2094
Kernel updates 4.14.69, 4.9.126, 4.4.155 and 3.18.122 [EOL] are now available at,

https://www.kernel.org/

The change logs,

https://cdn.kernel.org/pub/linux/ker...ngeLog-4.14.69

https://cdn.kernel.org/pub/linux/ker...ngeLog-4.9.126

https://cdn.kernel.org/pub/linux/ker...ngeLog-4.4.155

https://cdn.kernel.org/pub/linux/ker...geLog-3.18.122

Last edited by cwizardone; 09-09-2018 at 01:29 PM.
 
1 members found this post helpful.
Old 09-09-2018, 01:24 PM   #855
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235Reputation: 1235
I have a suggestion for @55020

How about building a 4.14.x LTS series for Slackware 14.2? I talk of course about the kernel series now shipped by current.

Reason: a better hardware support for Slackware 14.2.

Last edited by Darth Vader; 09-09-2018 at 01:33 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux.conf.au: Latest Linux kernel release due early March DragonSlayer48DX Linux - News 0 01-18-2010 10:43 PM
No video on latest kernel release Tralce Linux - Kernel 3 11-30-2006 07:48 AM
What is the latest Redhat release TILEMANN Linux - Software 5 11-20-2006 10:48 PM
LXer: News: OpenVZ To Release Support, Patches for Latest Kernel LXer Syndicated Linux News 0 11-01-2006 10:54 PM
latest debian release? doralsoral Linux - Software 5 12-25-2004 12:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration