Re: [gentoo-user] Re: Kernel 4.9.95 - gentoo-user

From:	Klaus Ethgen <Klaus+gentoo@××××××.de>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Re: Kernel 4.9.95
Date:	Fri, 27 Apr 2018 17:20:19
Message-Id:	`20180427172003.GB11753@ikki.ethgen.ch`
In Reply to:	[gentoo-user] Re: Kernel 4.9.95 by Nikos Chantziaras

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA512

3

4

Hi,

5

6

Am Fr den 27. Apr 2018 um  6:42 schrieb Nikos Chantziaras:

7

> On 26/04/18 14:42, Mick wrote:

8

> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?

9

> >

10

> > $ grep . /sys/devices/system/cpu/vulnerabilities/*

11

> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI

12

> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer

13

> > sanitization

14

> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic

15

> > retpoline

16

17

I did install and compile 4.15.18,  the last version from branch 4.15.

18

Unfortunatelly I just get the following:

19

   ~> uname -a

20

   Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux

21

   ~> grep . /sys/devices/system/cpu/vulnerabilities/*

22

   /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable

23

   /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization

24

   /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline

25

26

The problem here is, that this is a 32bit system and the CPU is not able

27

to run 64bit.

28

29

So there are some points I want to point to:

30

- - Meltdown is fully vulnerable. While there is a fix for 64bit kernel, I

31

  would like to know when or if gentoo will port the mitigation for

32

  32bit systems.

33

- - For Spectre 2, there is some mitigation in kernel but the compiler is

34

  to old to support retpoline.

35

  When I look to gcc meta data, I see a couples of versions:

36

      ~> equery m gcc

37

       * sys-devel/gcc [gentoo]

38

      Maintainer:  toolchain@g.o (Gentoo Toolchain Project)

39

      Upstream:    Remote-ID:   cpe:/a:gnu:gcc ID: cpe

40

		   Remote-ID:   dgcc ID: sourceforge

41

      Homepage:    https://gcc.gnu.org/

42

      Location:    /usr/portage/sys-devel/gcc

43

      Keywords:    2.95.3-r10:2.95.3: ~alpha ~ppc ~sparc ~x86

44

      Keywords:    3.3.6-r1:3.3.6: ~amd64 ~x86

45

      Keywords:    3.4.6-r2:3.4.6: alpha amd64 arm ppc ppc64 sparc x86 ~ia64 ~mips ~s390 ~sh -* ~x86-fbsd

46

      Keywords:    4.0.4:4.0.4: 

47

      Keywords:    4.1.2:4.1.2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh -* ~x86-fbsd

48

      Keywords:    4.2.4-r1:4.2.4: hppa ~alpha ~amd64 ~arm ~ia64 ~m68k ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd

49

      Keywords:    4.3.6-r1:4.3.6: -hppa alpha amd64 arm ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd

50

      Keywords:    4.4.7:4.4.7: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd

51

      Keywords:    4.5.4:4.5.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd

52

      Keywords:    4.6.4:4.6.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd

53

      Keywords:    4.7.4-r1:4.7.4: -amd64-fbsd -x86-fbsd alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips

54

      Keywords:    4.8.5-r1:4.8.5: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd

55

      Keywords:    4.9.4:4.9.4: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd

56

      Keywords:    5.4.0-r4:5.4.0: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd

57

      Keywords:    6.4.0:6.4.0: 

58

      Keywords:    6.4.0-r1:6.4.0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd

59

      Keywords:    7.2.0:7.2.0: 

60

      Keywords:    7.2.0-r1:7.2.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd

61

      Keywords:    7.3.0:7.3.0: 

62

      Keywords:    7.3.0-r1:7.3.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd

63

      Keywords:    7.3.0-r2:7.3.0: 

64

      License:     GPL-3+ LGPL-3+ || ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+

65

66

  So which version is stable enough to use? 7.3.0, I use on a different

67

  (non-Gentoo) system. But why -r1 and -r2?

68

69

> Do you have the latest sys-firmware/intel-microcode installed and configured

70

> correctly? You need to enable the "early microcode" kernel option, and you

71

> also need to add /boot/intel-uc.img to your list of initrds to load in

72

> grub2. Alternatively, a BIOS update for your mainboard (if one exists; most

73

> older mainboards won't get updates from the likes of Asus, MSI, Gigabyte,

74

> etc, etc, etc, so for older boards, you need the microcode package.)

75

76

So, coming to firmware. I do not think that intel is releasing firmware

77

update for that CPU. So I fully rely on kernel (and compiler).

78

79

Nevertheless, I need to know for other system what exactly is the way to

80

use firmware on gentoo. There is no /boot/intel-uc.img on my system and

81

genkernel complain about firmware compiling (what seems to prove that

82

there is none for my CPU).

83

84

However, if I read correct, genkernel should automatically include

85

firmware and firmware loading into the generated ramdisk. Right?

86

87

Regards

88

   Klaus

89

- -- 

90

Klaus Ethgen                                       http://www.ethgen.ch/

91

pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus@××××××.ch>

92

Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C

93

-----BEGIN PGP SIGNATURE-----

94

Comment: Charset: ISO-8859-1

95

96

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjW74ACgkQpnwKsYAZ

97

9qyM5QwAsj0M5TT3O+RYPXana71nzgWjd72m0DuCDO/Yfw+79G0NuWrMFwyU/WkZ

98

OPlspMBRvOxo1UTuOMuUZ7wVqcQNen9m/3XZOQdmhO7NpqdfI5IozZH5dm0tdUcH

99

qOEcxkQQPj5h9fLqyfiOjKhOFKEtHIF4FuApaJuR2xGhTd4rV5Blm1zLBBZ1uSU6

100

ImpizYQ4kvCMj/n9L+1S6dd+iqlF0jQBDYw98mcYp3UU8iziA75Kq2a87ZFtjo0y

101

mENiyu8A4RS+WBItT5jVYDymozs3zeWsbgmNH8k1O4CTy30OqeLiZQdfGow2MC+x

102

4D0rLmN7Ky+ZDMZARtUPhvbkdC+nUMkfveOOKZbpe3qaAa+8QwVZVV8rC2I7fK8T

103

kex6adlaN1e8GU9UyeR7mKc5cjESRudM6wcZSJ1ZEx3uLq03IIcdJAoyyBHQz1OC

104

oQil2Vf4SP0QMhAEp/D4XziEzbkZxNErXwGJfVDHSPlB9wtRs4Mf3F2PGOI20h6S

105

71mhfjLK

106

=BqH+

107

-----END PGP SIGNATURE-----

Gentoo Archives: gentoo-user

Replies

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA512
3
4	Hi,
5
6	Am Fr den 27. Apr 2018 um 6:42 schrieb Nikos Chantziaras:
7	> On 26/04/18 14:42, Mick wrote:
8	> > Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
9	> >
10	> > $ grep . /sys/devices/system/cpu/vulnerabilities/*
11	> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
12	> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
13	> > sanitization
14	> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
15	> > retpoline
16
17	I did install and compile 4.15.18, the last version from branch 4.15.
18	Unfortunatelly I just get the following:
19	~> uname -a
20	Linux tha 4.15.18-gentoo #2 Fri Apr 27 13:33:03 CET 2018 i686 Intel(R) Pentium(R) M processor 1.86GHz GenuineIntel GNU/Linux
21	~> grep . /sys/devices/system/cpu/vulnerabilities/*
22	/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
23	/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
24	/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic ASM retpoline
25
26	The problem here is, that this is a 32bit system and the CPU is not able
27	to run 64bit.
28
29	So there are some points I want to point to:
30	- - Meltdown is fully vulnerable. While there is a fix for 64bit kernel, I
31	would like to know when or if gentoo will port the mitigation for
32	32bit systems.
33	- - For Spectre 2, there is some mitigation in kernel but the compiler is
34	to old to support retpoline.
35	When I look to gcc meta data, I see a couples of versions:
36	~> equery m gcc
37	* sys-devel/gcc [gentoo]
38	Maintainer: toolchain@g.o (Gentoo Toolchain Project)
39	Upstream: Remote-ID: cpe:/a:gnu:gcc ID: cpe
40	Remote-ID: dgcc ID: sourceforge
41	Homepage: https://gcc.gnu.org/
42	Location: /usr/portage/sys-devel/gcc
43	Keywords: 2.95.3-r10:2.95.3: ~alpha ~ppc ~sparc ~x86
44	Keywords: 3.3.6-r1:3.3.6: ~amd64 ~x86
45	Keywords: 3.4.6-r2:3.4.6: alpha amd64 arm ppc ppc64 sparc x86 ~ia64 ~mips ~s390 ~sh -* ~x86-fbsd
46	Keywords: 4.0.4:4.0.4:
47	Keywords: 4.1.2:4.1.2: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh -* ~x86-fbsd
48	Keywords: 4.2.4-r1:4.2.4: hppa ~alpha ~amd64 ~arm ~ia64 ~m68k ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd
49	Keywords: 4.3.6-r1:4.3.6: -hppa alpha amd64 arm ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd
50	Keywords: 4.4.7:4.4.7: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~m68k ~mips ~s390 ~sh ~x86-fbsd
51	Keywords: 4.5.4:4.5.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
52	Keywords: 4.6.4:4.6.4: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
53	Keywords: 4.7.4-r1:4.7.4: -amd64-fbsd -x86-fbsd alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~mips
54	Keywords: 4.8.5-r1:4.8.5: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
55	Keywords: 4.9.4:4.9.4: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
56	Keywords: 5.4.0-r4:5.4.0: alpha amd64 arm arm64 hppa ia64 m68k ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~mips ~x86-fbsd
57	Keywords: 6.4.0:6.4.0:
58	Keywords: 6.4.0-r1:6.4.0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 ~amd64-fbsd ~m68k ~mips ~s390 ~sh ~x86-fbsd
59	Keywords: 7.2.0:7.2.0:
60	Keywords: 7.2.0-r1:7.2.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd
61	Keywords: 7.3.0:7.3.0:
62	Keywords: 7.3.0-r1:7.3.0: ~alpha ~amd64 ~amd64-fbsd ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd
63	Keywords: 7.3.0-r2:7.3.0:
64	License: GPL-3+ LGPL-3+ \|\| ( GPL-3+ libgcc libstdc++ gcc-runtime-library-exception-3.1 ) FDL-1.3+
65
66	So which version is stable enough to use? 7.3.0, I use on a different
67	(non-Gentoo) system. But why -r1 and -r2?
68
69	> Do you have the latest sys-firmware/intel-microcode installed and configured
70	> correctly? You need to enable the "early microcode" kernel option, and you
71	> also need to add /boot/intel-uc.img to your list of initrds to load in
72	> grub2. Alternatively, a BIOS update for your mainboard (if one exists; most
73	> older mainboards won't get updates from the likes of Asus, MSI, Gigabyte,
74	> etc, etc, etc, so for older boards, you need the microcode package.)
75
76	So, coming to firmware. I do not think that intel is releasing firmware
77	update for that CPU. So I fully rely on kernel (and compiler).
78
79	Nevertheless, I need to know for other system what exactly is the way to
80	use firmware on gentoo. There is no /boot/intel-uc.img on my system and
81	genkernel complain about firmware compiling (what seems to prove that
82	there is none for my CPU).
83
84	However, if I read correct, genkernel should automatically include
85	firmware and firmware loading into the generated ramdisk. Right?
86
87	Regards
88	Klaus
89	- --
90	Klaus Ethgen http://www.ethgen.ch/
91	pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus@××××××.ch>
92	Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
93	-----BEGIN PGP SIGNATURE-----
94	Comment: Charset: ISO-8859-1
95
96	iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlrjW74ACgkQpnwKsYAZ
97	9qyM5QwAsj0M5TT3O+RYPXana71nzgWjd72m0DuCDO/Yfw+79G0NuWrMFwyU/WkZ
98	OPlspMBRvOxo1UTuOMuUZ7wVqcQNen9m/3XZOQdmhO7NpqdfI5IozZH5dm0tdUcH
99	qOEcxkQQPj5h9fLqyfiOjKhOFKEtHIF4FuApaJuR2xGhTd4rV5Blm1zLBBZ1uSU6
100	ImpizYQ4kvCMj/n9L+1S6dd+iqlF0jQBDYw98mcYp3UU8iziA75Kq2a87ZFtjo0y
101	mENiyu8A4RS+WBItT5jVYDymozs3zeWsbgmNH8k1O4CTy30OqeLiZQdfGow2MC+x
102	4D0rLmN7Ky+ZDMZARtUPhvbkdC+nUMkfveOOKZbpe3qaAa+8QwVZVV8rC2I7fK8T
103	kex6adlaN1e8GU9UyeR7mKc5cjESRudM6wcZSJ1ZEx3uLq03IIcdJAoyyBHQz1OC
104	oQil2Vf4SP0QMhAEp/D4XziEzbkZxNErXwGJfVDHSPlB9wtRs4Mf3F2PGOI20h6S
105	71mhfjLK
106	=BqH+
107	-----END PGP SIGNATURE-----