From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arne Fitzenreiter To: development@lists.ipfire.org Subject: Re: Core Update 138 (testing) report Date: Sun, 17 Nov 2019 22:29:19 +0100 Message-ID: In-Reply-To: <45f4b2d3-b5cc-c087-b342-3f37808a0920@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0421198895516186342==" List-Id: --===============0421198895516186342== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I have also not found any affected system but im sure that the microcode=20 links are recreatad by the last commit of core138. https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D699381b6993b942= 8e99a0055dae03e7a222ea9f9 Sometimes git cherry-pick does not the inteded thing if a patch was=20 renamed. Arne Am 2019-11-17 19:15, schrieb Peter M=C3=BCller: > Hello Arne, hello *, >=20 > Core Update 138 (testing, see: > https://blog.ipfire.org/post/ipfire-2-23-core-update-138-is-available-for-t= esting) > is running here for about 24 hours without any unexpected behaviour so=20 > far. >=20 > Since the CPU of my testing machine (Intel Celeron N3150) is not=20 > vulnerable > to the attacks recently published, I am unable to confirm mitigations > against these: >> [root(a)maverick ~]# grep . /sys/devices/system/cpu/vulnerabilities/* >> /sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected >> /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected >> /sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU=20 >> buffers; SMT disabled >> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI >> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Not affected >> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation:=20 >> usercopy/swapgs barriers and __user pointer sanitization >> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full=20 >> generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB=20 >> filling >> /sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected >=20 > The updated vulnerabilities.cgi shows the same situation (I still=20 > wonder > whether the vulnerability listing follows any sort criterion). >=20 > @Arne: I observed multiple rootfile and symbolic link patches for the > intel-microcode patch of mine (thank you for this). However, they seem=20 > to > be deleted - are you sure the microcodes were built and shipped the=20 > right way? >=20 > This log output suggests an older version to be in place on my machine: >> [root(a)maverick ~]# grep microcode /var/log/bootlog >> [ 0.000000] microcode: microcode updated early to revision 0x368,=20 >> date =3D 2019-04-23 >> [ 1.966329] microcode: sig=3D0x406c3, pf=3D0x1, revision=3D0x368 >> [ 1.966409] microcode: Microcode Update Driver: v2.2. >=20 > Output of "uname -a" for reference purposes: >> [root(a)maverick ~]# uname -a >> Linux maverick 4.14.154-ipfire #1 SMP Fri Nov 15 07:27:41 GMT 2019=20 >> x86_64 Intel(R) Celeron(R) CPU N3150 @ 1.60GHz GenuineIntel GNU/Linux >=20 > As far as I am concerned, this emergency Core Update is ready for=20 > release > if the core developers (Arne et al.) are able to confirm the correct=20 > behaviour > of the microcodes on affected systems or fix these to be reliably=20 > loaded. >=20 > Thanks, and best regards, > Peter M=C3=BCller --===============0421198895516186342==--