Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: New Intel CPU flaws discovered
Date: Wed, 15 May 2019 10:14:43
Message-Id: 858ed4f3-7a3b-ba8b-6b50-80a8b29a9f0f@gmail.com
In Reply to: Re: [gentoo-user] Re: New Intel CPU flaws discovered by Adam Carter
1 Adam Carter wrote:
2 >
3 > This appears to be OK on my CPU but want to ask to be sure.  
4 > Here's some info, sort of taking cues from what you posted above.
5 >
6 >
7 > root@fireball / # uname -a
8 > Linux fireball 4.18.12-gentoo #1 SMP PREEMPT Sun Oct 14 23:45:12
9 > CDT 2018 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD
10 > GNU/Linux
11 > root@fireball / # cat /sys/devices/system/cpu/vulnerabilities/
12 > l1tf               meltdown           spec_store_bypass 
13 > spectre_v1         spectre_v2        
14 > root@fireball / # cat
15 > /sys/devices/system/cpu/vulnerabilities/meltdown
16 > Not affected
17 > root@fireball / # cat /sys/devices/system/cpu/vulnerabilities/l1tf
18 > Not affected
19 > root@fireball / # cat
20 > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
21 > Mitigation: Speculative Store Bypass disabled via prctl and seccomp
22 > root@fireball / # cat
23 > /sys/devices/system/cpu/vulnerabilities/spectre_v1
24 > Mitigation: __user pointer sanitization
25 > root@fireball / # cat
26 > /sys/devices/system/cpu/vulnerabilities/spectre_v2
27 > Mitigation: Full AMD retpoline
28 > root@fireball / #
29 >
30 >
31 > You're missing the /sys/devices/system/cpu/vulnerabilities/mds file
32 > because only the latest kernels from 2019-05-14 have that check. The
33 > 4.18 line has gone away so you'd have to go to 4.19.43 to get it.
34 > Since you're an AMD cpu, you don't need to worry about mds, but if I
35 > were you i'd move to 4.19.43 anyway as you want to stay on a supported
36 > version. 4.19 is "longterm" (https://www.kernel.org/) so its a good
37 > option. Then if something serious comes up, an update from 4.19.x to
38 > 4.19.y is much less trouble than 4.18 to 4.19. 
39 >
40 > Am I correct to think that "Mitigation" is good enough or does
41 > that mean it could be affected in some other way or is risky? 
42 >
43 >
44 > I accept Mitigation as good enough. The kernel devs seem to choose a
45 > good balance between secure and fast. Anything that says 'vulnerable'
46 > is a problem, but you may have to live with it until a new microcode
47 > or kernel update arrives. Or if the CPU vendor is not making a
48 > microcode update for an old CPU, just live with it or upgrade the
49 > hardware. On my skylake box I need to think about disabling
50 > Hyperthreading or not, disabled is secure but halves the core count..
51 >  
52 >
53 > Also, since the problem that this thread is about isn't listed,
54 > mine isn't affected correct? 
55 >
56 >
57 > Covered above.
58 >  
59 >
60 > I'm guessing "Not affected" means all is good.  ;-) 
61 >
62 >
63 > Indeed!
64 >
65
66
67 Thanks much for the info.  That was my thinking but I have been wrong
68 before, more than I may even know about at times.  ;-)  I'll work on
69 updating my kernel but I rarely reboot.  Most of my reboots occurs when
70 power is lost, usually severe storms or something.  They upgraded the
71 main lines several years ago so it takes something pretty bad to take
72 out power long enough that I have to shutdown.  We do get the occasional
73 blinks during storms or high winds tho.  They just don't last long
74 enough since the UPS catches that. 
75
76 Kernel 4.19.  Going to emerge that and see what I can do.  At least it
77 will be a option when I reboot next time.
78
79 Dale
80
81 :-)  :-)
82
83
84 root@fireball / # uprecords
85      #               Uptime | System                                    
86 Boot up
87 ----------------------------+---------------------------------------------------
88        1   303 days, 11:46:23 | Linux 4.5.2-gentoo        Sat Jul 29
89 23:20:27 2017
90        2   193 days, 09:28:37 | Linux 3.5.3-gentoo        Sat Sep 22
91 07:50:38 2012
92        3   184 days, 15:47:57 | Linux 3.18.7-gentoo       Tue Dec 15
93 21:53:59 2015
94        4   143 days, 15:05:26 | Linux 4.5.2-gentoo        Sun Oct 23
95 20:09:26 2016
96        5   138 days, 11:27:28 | Linux 4.5.2-gentoo        Tue May 29
97 13:27:44 2018
98        6   135 days, 11:11:44 | Linux 4.5.2-gentoo        Thu Mar 16
99 11:58:17 2017
100 ->   7   123 days, 00:28:59 | Linux 4.18.12-gentoo      Sat Jan 12
101 03:42:55 2019
102        8   116 days, 16:24:24 | Linux 3.16.3-gentoo       Mon Oct 13
103 20:27:52 2014
104        9   111 days, 00:34:49 | Linux 3.18.7-gentoo       Tue Mar 31
105 18:57:19 2015
106       10   101 days, 18:34:17 | Linux 3.5.3-gentoo        Wed Dec 31
107 18:00:00 1969

Replies

Subject Author
[gentoo-user] Re: New Intel CPU flaws discovered Nikos Chantziaras <realnc@×××××.com>