Re: Core Update 138 (testing) report

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Arne Fitzenreiter <arne_f@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Core Update 138 (testing) report
Date: Sun, 17 Nov 2019 22:29:19 +0100	[thread overview]
Message-ID: <c918fb3cf3c32cd8360633f0f7d84632@ipfire.org> (raw)
In-Reply-To: <45f4b2d3-b5cc-c087-b342-3f37808a0920@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 2871 bytes --]

I have also not found any affected system but im sure that the microcode 
links are
recreatad by the last commit of core138.

https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=699381b6993b9428e99a0055dae03e7a222ea9f9

Sometimes git cherry-pick does not the inteded thing if a patch was 
renamed.

Arne


Am 2019-11-17 19:15, schrieb Peter Müller:
> Hello Arne, hello *,
> 
> Core Update 138 (testing, see:
> https://blog.ipfire.org/post/ipfire-2-23-core-update-138-is-available-for-testing)
> is running here for about 24 hours without any unexpected behaviour so 
> far.
> 
> Since the CPU of my testing machine (Intel Celeron N3150) is not 
> vulnerable
> to the attacks recently published, I am unable to confirm mitigations
> against these:
>> [root(a)maverick ~]# grep . /sys/devices/system/cpu/vulnerabilities/*
>> /sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
>> /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
>> /sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU 
>> buffers; SMT disabled
>> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
>> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected
>> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: 
>> usercopy/swapgs barriers and __user pointer sanitization
>> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full 
>> generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB 
>> filling
>> /sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
> 
> The updated vulnerabilities.cgi shows the same situation (I still 
> wonder
> whether the vulnerability listing follows any sort criterion).
> 
> @Arne: I observed multiple rootfile and symbolic link patches for the
> intel-microcode patch of mine (thank you for this). However, they seem 
> to
> be deleted - are you sure the microcodes were built and shipped the 
> right way?
> 
> This log output suggests an older version to be in place on my machine:
>> [root(a)maverick ~]# grep microcode /var/log/bootlog
>> [    0.000000] microcode: microcode updated early to revision 0x368, 
>> date = 2019-04-23
>> [    1.966329] microcode: sig=0x406c3, pf=0x1, revision=0x368
>> [    1.966409] microcode: Microcode Update Driver: v2.2.
> 
> Output of "uname -a" for reference purposes:
>> [root(a)maverick ~]# uname -a
>> Linux maverick 4.14.154-ipfire #1 SMP Fri Nov 15 07:27:41 GMT 2019 
>> x86_64 Intel(R) Celeron(R) CPU N3150 @ 1.60GHz GenuineIntel GNU/Linux
> 
> As far as I am concerned, this emergency Core Update is ready for 
> release
> if the core developers (Arne et al.) are able to confirm the correct 
> behaviour
> of the microcodes on affected systems or fix these to be reliably 
> loaded.
> 
> Thanks, and best regards,
> Peter Müller

next prev parent reply	other threads:[~2019-11-17 21:29 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-17 18:15 Peter Müller
2019-11-17 21:29 ` Arne Fitzenreiter [this message]
2019-11-17 21:41   ` Peter Müller
2019-11-18  8:24     ` Arne Fitzenreiter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c918fb3cf3c32cd8360633f0f7d84632@ipfire.org \
    --to=arne_f@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox