From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Core Update 138 (testing) report
Date: Sun, 17 Nov 2019 18:15:00 +0000 [thread overview]
Message-ID: <45f4b2d3-b5cc-c087-b342-3f37808a0920@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2371 bytes --]
Hello Arne, hello *,
Core Update 138 (testing, see: https://blog.ipfire.org/post/ipfire-2-23-core-update-138-is-available-for-testing)
is running here for about 24 hours without any unexpected behaviour so far.
Since the CPU of my testing machine (Intel Celeron N3150) is not vulnerable
to the attacks recently published, I am unable to confirm mitigations against these:
> [root(a)maverick ~]# grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
> /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
> /sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT disabled
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
> /sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
The updated vulnerabilities.cgi shows the same situation (I still wonder
whether the vulnerability listing follows any sort criterion).
@Arne: I observed multiple rootfile and symbolic link patches for the
intel-microcode patch of mine (thank you for this). However, they seem to
be deleted - are you sure the microcodes were built and shipped the right way?
This log output suggests an older version to be in place on my machine:
> [root(a)maverick ~]# grep microcode /var/log/bootlog
> [ 0.000000] microcode: microcode updated early to revision 0x368, date = 2019-04-23
> [ 1.966329] microcode: sig=0x406c3, pf=0x1, revision=0x368
> [ 1.966409] microcode: Microcode Update Driver: v2.2.
Output of "uname -a" for reference purposes:
> [root(a)maverick ~]# uname -a
> Linux maverick 4.14.154-ipfire #1 SMP Fri Nov 15 07:27:41 GMT 2019 x86_64 Intel(R) Celeron(R) CPU N3150 @ 1.60GHz GenuineIntel GNU/Linux
As far as I am concerned, this emergency Core Update is ready for release
if the core developers (Arne et al.) are able to confirm the correct behaviour
of the microcodes on affected systems or fix these to be reliably loaded.
Thanks, and best regards,
Peter Müller
next reply other threads:[~2019-11-17 18:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-17 18:15 Peter Müller [this message]
2019-11-17 21:29 ` Arne Fitzenreiter
2019-11-17 21:41 ` Peter Müller
2019-11-18 8:24 ` Arne Fitzenreiter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45f4b2d3-b5cc-c087-b342-3f37808a0920@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox