1 |
Adam Carter wrote: |
2 |
> |
3 |
> This appears to be OK on my CPU but want to ask to be sure. |
4 |
> Here's some info, sort of taking cues from what you posted above. |
5 |
> |
6 |
> |
7 |
> root@fireball / # uname -a |
8 |
> Linux fireball 4.18.12-gentoo #1 SMP PREEMPT Sun Oct 14 23:45:12 |
9 |
> CDT 2018 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD |
10 |
> GNU/Linux |
11 |
> root@fireball / # cat /sys/devices/system/cpu/vulnerabilities/ |
12 |
> l1tf meltdown spec_store_bypass |
13 |
> spectre_v1 spectre_v2 |
14 |
> root@fireball / # cat |
15 |
> /sys/devices/system/cpu/vulnerabilities/meltdown |
16 |
> Not affected |
17 |
> root@fireball / # cat /sys/devices/system/cpu/vulnerabilities/l1tf |
18 |
> Not affected |
19 |
> root@fireball / # cat |
20 |
> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass |
21 |
> Mitigation: Speculative Store Bypass disabled via prctl and seccomp |
22 |
> root@fireball / # cat |
23 |
> /sys/devices/system/cpu/vulnerabilities/spectre_v1 |
24 |
> Mitigation: __user pointer sanitization |
25 |
> root@fireball / # cat |
26 |
> /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
27 |
> Mitigation: Full AMD retpoline |
28 |
> root@fireball / # |
29 |
> |
30 |
> |
31 |
> You're missing the /sys/devices/system/cpu/vulnerabilities/mds file |
32 |
> because only the latest kernels from 2019-05-14 have that check. The |
33 |
> 4.18 line has gone away so you'd have to go to 4.19.43 to get it. |
34 |
> Since you're an AMD cpu, you don't need to worry about mds, but if I |
35 |
> were you i'd move to 4.19.43 anyway as you want to stay on a supported |
36 |
> version. 4.19 is "longterm" (https://www.kernel.org/) so its a good |
37 |
> option. Then if something serious comes up, an update from 4.19.x to |
38 |
> 4.19.y is much less trouble than 4.18 to 4.19. |
39 |
> |
40 |
> Am I correct to think that "Mitigation" is good enough or does |
41 |
> that mean it could be affected in some other way or is risky? |
42 |
> |
43 |
> |
44 |
> I accept Mitigation as good enough. The kernel devs seem to choose a |
45 |
> good balance between secure and fast. Anything that says 'vulnerable' |
46 |
> is a problem, but you may have to live with it until a new microcode |
47 |
> or kernel update arrives. Or if the CPU vendor is not making a |
48 |
> microcode update for an old CPU, just live with it or upgrade the |
49 |
> hardware. On my skylake box I need to think about disabling |
50 |
> Hyperthreading or not, disabled is secure but halves the core count.. |
51 |
> |
52 |
> |
53 |
> Also, since the problem that this thread is about isn't listed, |
54 |
> mine isn't affected correct? |
55 |
> |
56 |
> |
57 |
> Covered above. |
58 |
> |
59 |
> |
60 |
> I'm guessing "Not affected" means all is good. ;-) |
61 |
> |
62 |
> |
63 |
> Indeed! |
64 |
> |
65 |
|
66 |
|
67 |
Thanks much for the info. That was my thinking but I have been wrong |
68 |
before, more than I may even know about at times. ;-) I'll work on |
69 |
updating my kernel but I rarely reboot. Most of my reboots occurs when |
70 |
power is lost, usually severe storms or something. They upgraded the |
71 |
main lines several years ago so it takes something pretty bad to take |
72 |
out power long enough that I have to shutdown. We do get the occasional |
73 |
blinks during storms or high winds tho. They just don't last long |
74 |
enough since the UPS catches that. |
75 |
|
76 |
Kernel 4.19. Going to emerge that and see what I can do. At least it |
77 |
will be a option when I reboot next time. |
78 |
|
79 |
Dale |
80 |
|
81 |
:-) :-) |
82 |
|
83 |
|
84 |
root@fireball / # uprecords |
85 |
# Uptime | System |
86 |
Boot up |
87 |
----------------------------+--------------------------------------------------- |
88 |
1 303 days, 11:46:23 | Linux 4.5.2-gentoo Sat Jul 29 |
89 |
23:20:27 2017 |
90 |
2 193 days, 09:28:37 | Linux 3.5.3-gentoo Sat Sep 22 |
91 |
07:50:38 2012 |
92 |
3 184 days, 15:47:57 | Linux 3.18.7-gentoo Tue Dec 15 |
93 |
21:53:59 2015 |
94 |
4 143 days, 15:05:26 | Linux 4.5.2-gentoo Sun Oct 23 |
95 |
20:09:26 2016 |
96 |
5 138 days, 11:27:28 | Linux 4.5.2-gentoo Tue May 29 |
97 |
13:27:44 2018 |
98 |
6 135 days, 11:11:44 | Linux 4.5.2-gentoo Thu Mar 16 |
99 |
11:58:17 2017 |
100 |
-> 7 123 days, 00:28:59 | Linux 4.18.12-gentoo Sat Jan 12 |
101 |
03:42:55 2019 |
102 |
8 116 days, 16:24:24 | Linux 3.16.3-gentoo Mon Oct 13 |
103 |
20:27:52 2014 |
104 |
9 111 days, 00:34:49 | Linux 3.18.7-gentoo Tue Mar 31 |
105 |
18:57:19 2015 |
106 |
10 101 days, 18:34:17 | Linux 3.5.3-gentoo Wed Dec 31 |
107 |
18:00:00 1969 |