[gentoo-user] Re: Kernel 4.9.95

2018-04-26 Thread Nikos Chantziaras 

On 26/04/18 13:28, Peter Humphrey wrote:

On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:

Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?


# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer 
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic 
ASM retpoline, IBPB, IBRS_FW


That means the kernel implements the needed mitigations, except for full 
GCC retpoline, which requires a recent GCC (7.3.0 here.) I don't know if 
6.4.0 supports it.

[gentoo-user] Re: Kernel 4.9.95

2018-04-26 Thread Nikos Chantziaras 

On 26/04/18 14:42, Mick wrote:

Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
retpoline

Are there some kernel options I should have selected manually?


Do you have the latest sys-firmware/intel-microcode installed and 
configured correctly? You need to enable the "early microcode" kernel 
option, and you also need to add /boot/intel-uc.img to your list of 
initrds to load in grub2. Alternatively, a BIOS update for your 
mainboard (if one exists; most older mainboards won't get updates from 
the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards, 
you need the microcode package.)

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread Walter Dnes 
On Thu, Apr 26, 2018 at 11:15:23AM +0100, Peter Humphrey wrote

  I installed it today, having run into a few mysterious *TOTAL* lockups
under 4.12.something (could not ssh in and magic-SysRQ didn't work).

  Anyhow, "make oldconfig" asked a couple of questions about "retpoline"
and switching off user access to kernel memory under some context
switches.  I played safe and enabled the protections.

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

[gentoo-user] Re: APIC

2018-04-26 Thread Ian Zimmerman 
On 2018-04-25 18:15, tu...@posteo.de wrote:

> how can I determine, whether I have a 8-bit APIC ... or what else?

Why?

There was some discussion of this on the list.  Some posters said there
was a kernel option that made kernels deal better with 16-bit (or
wider?) APICs.  But, by my reading of the kernel documentation, the
cited option really did and does something else.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread Mick 
On Thursday, 26 April 2018 11:43:23 BST Adam Carter wrote:
> On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey 
> 
> wrote:
> > On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> > > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
> > 
> > # grep . /sys/devices/system/cpu/vulnerabilities/*
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> > pointer sanitization
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal
> > generic ASM retpoline, IBPB, IBRS_FW
> 
> FWIW on my Intel box @4.16.3
> 
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
> retpoline, IBPB, IBRS_FW

Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer 
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic 
retpoline

Are there some kernel options I should have selected manually?
-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread Adam Carter 
On Thu, Apr 26, 2018 at 8:28 PM, Peter Humphrey 
wrote:

> On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> > Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
>
> # grep . /sys/devices/system/cpu/vulnerabilities/*
> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
> pointer sanitization
> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal
> generic ASM retpoline, IBPB, IBRS_FW
>
>
FWIW on my Intel box @4.16.3

/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
retpoline, IBPB, IBRS_FW

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread Peter Humphrey 
On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
> Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?

# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer 
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic 
ASM retpoline, IBPB, IBRS_FW

-- 
Regards,
Peter.

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread Peter Humphrey 
On Thursday, 26 April 2018 10:52:30 BST Helmut Jarausch wrote:
> On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > As this version of gentoo-sources has now hit the stable mirrors,
> > would anyone
> > like to summarise the position wrt Spectre, Meltdown and anything
> > else that's
> > relevant? Just to help us numbskulls sleep at night.
> 
> I can't say anything about that kernel since I always use the most
> recent kernel available, currently 4.16.4. I haven't had any problems with
> bleeding edge gentoo-sources. AFAIR, only work around for this hardware
> problems have appeared in 4.14 or 4.15. I don't know if these have been
> backported to 4.9.95.
> 
> The other fix should be a contained in a recent version
> sys-kernel/linux-firmware (I have 20180416).

The latest stable version is 20180103-r1, which is what I have here. I don't 
think I'll experiment with CPU microcode until it's fully tested and stable.

> You might have a look at
> 
> http://kroah.com/log/blog/2018/01/06/meltdown-status/
> https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown
> -spectre/
> https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltd
> own-and-spectre/
> https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-> 
> meltdown-fixes/

Thanks for the pointers.

-- 
Regards,
Peter.

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread Adam Carter 
On Thu, Apr 26, 2018 at 7:57 PM, John Covici  wrote:

> On Thu, 26 Apr 2018 05:52:30 -0400,
> Helmut Jarausch wrote:
> >
> > On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > > As this version of gentoo-sources has now hit the stable
> > > mirrors, would anyone
> > > like to summarise the position wrt Spectre, Meltdown and
> > > anything else that's
> > > relevant? Just to help us numbskulls sleep at night.
>
> As far as I know anything after 4.9.82 has all the fixes for
> meltdown/spectra which have been back ported since this is a long term
> release -- I am sure 4.9.95 will be even better and I will go to it
> myself in the next days.
>
>
Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?

For 4.16.3;
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline

Re: [gentoo-user] Can't fetch distfiles in chroot

2018-04-26 Thread Peter Humphrey 
On Thursday, 26 April 2018 09:07:51 BST Neil Bothwick wrote:
> On Thu, 26 Apr 2018 08:59:22 +0100, Peter Humphrey wrote:
> > So, again, what could possibly prevent portage from seeing the network
> > inside a chroot, while other programs use it just the same as always?
> 
> Are you using a proxy?

Nope, not since I had an unlimited data allowance.

-- 
Regards,
Peter.

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread John Covici 
On Thu, 26 Apr 2018 05:52:30 -0400,
Helmut Jarausch wrote:
> 
> On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
> > As this version of gentoo-sources has now hit the stable
> > mirrors, would anyone
> > like to summarise the position wrt Spectre, Meltdown and
> > anything else that's
> > relevant? Just to help us numbskulls sleep at night.
> > 
> 
> I can't say anything about that kernel since I always use the
> most recent kernel available, currently
> 4.16.4. I haven't had any problems with bleeding edge gentoo-sources.
> AFAIR, only work around for this hardware problems have appeared
> in 4.14 or 4.15.
> I don't know if these have been backported to 4.9.95.
> 
> The other fix should be a contained in a recent version
> sys-kernel/linux-firmware (I have 20180416).
> 
> You might have a look at
> 
> 
> http://kroah.com/log/blog/2018/01/06/meltdown-status/
> https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/
> https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/
> https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/
> 

As far as I know anything after 4.9.82 has all the fixes for
meltdown/spectra which have been back ported since this is a long term
release -- I am sure 4.9.95 will be even better and I will go to it
myself in the next days.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici wb2una
 cov...@ccs.covici.com

Re: [gentoo-user] Kernel 4.9.95

2018-04-26 Thread Helmut Jarausch 

On 04/25/2018 06:06:32 PM, Peter Humphrey wrote:
As this version of gentoo-sources has now hit the stable mirrors,  
would anyone
like to summarise the position wrt Spectre, Meltdown and anything  
else that's

relevant? Just to help us numbskulls sleep at night.



I can't say anything about that kernel since I always use the most  
recent kernel available, currently

4.16.4. I haven't had any problems with bleeding edge gentoo-sources.
AFAIR, only work around for this hardware problems have appeared in  
4.14 or 4.15.

I don't know if these have been backported to 4.9.95.

The other fix should be a contained in a recent version  
sys-kernel/linux-firmware (I have 20180416).


You might have a look at


http://kroah.com/log/blog/2018/01/06/meltdown-status/
https://vinfrastructure.it/2018/02/using-linux-kernel-4-15-minimize-meltdown-spectre/
https://www.zdnet.com/article/linux-4-15-good-news-and-bad-news-about-meltdown-and-spectre/
https://www.zdnet.com/article/linux-4-16-arrives-bringing-more-spectre-and-meltdown-fixes/


Helmut

Re: [gentoo-user] Can't fetch distfiles in chroot

2018-04-26 Thread Peter Humphrey 
On Thursday, 26 April 2018 08:59:22 BST Peter Humphrey wrote:
> On Tuesday, 24 April 2018 09:43:35 BST Peter Humphrey wrote:
> > On Sunday, 22 April 2018 06:13:30 BST Peter Humphrey wrote:
> > > I've been NFS-exporting the portage treee from a 32-bit atom box to a
> > > chroot on my workstation, and it's worked well for years, if slowly.
> > > 
> > > Now when I try to do the same with a 64-bit celeron machine I'm having a
> > > problem getting portage to work. If the required distfile is already
> > > present, no problem, but otherwise, trying to fetch it just hangs. No
> > > errors, no status, no fetch log, no progress.
> > > 
> > > Www-client/links works in the chroot as expected, so the network is set
> > > up
> > > all right; portage just can't use it.
> > > 
> > > I've compared /etc/exports on the two clients; also the chroot setup
> > > scripts, /usr/portage permissions, the USE flags of nfs-utils and
> > > everything else I can think of. All identical apart from obvious things
> > > like 32/64 bits and network names and IPs. Google hasn't helped either.
> > > 
> > > Any ideas, anyone?
> > 
> > Never mind. I've rebuilt the chroot from stage 3 and it seems to be
> > working
> > fine.
> 
> The appearance was deceptive; all the distfiles needed must have been
> present already. Today, one wasn't and the fetching process hung and had to
> be killed.
> 
> So, again, what could possibly prevent portage from seeing the network
> inside a chroot, while other programs use it just the same as always?

So, again, I went off half-cocked (sorry about the noise). The problem is that 
the NFS mount in the chroot picks different ports each time, so the client's 
firewall drops all NFS packets.

Now I just have to find out why that happens.

-- 
Regards,
Peter.

Re: [gentoo-user] Can't fetch distfiles in chroot

2018-04-26 Thread Neil Bothwick 
On Thu, 26 Apr 2018 08:59:22 +0100, Peter Humphrey wrote:

> So, again, what could possibly prevent portage from seeing the network
> inside a chroot, while other programs use it just the same as always?

Are you using a proxy?


-- 
Neil Bothwick

Top Oxymorons Number 48: freewill offering


pgpR0ZjlrCtVZ.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Can't fetch distfiles in chroot

2018-04-26 Thread Peter Humphrey 
On Tuesday, 24 April 2018 09:43:35 BST Peter Humphrey wrote:
> On Sunday, 22 April 2018 06:13:30 BST Peter Humphrey wrote:
> > I've been NFS-exporting the portage treee from a 32-bit atom box to a
> > chroot on my workstation, and it's worked well for years, if slowly.
> > 
> > Now when I try to do the same with a 64-bit celeron machine I'm having a
> > problem getting portage to work. If the required distfile is already
> > present, no problem, but otherwise, trying to fetch it just hangs. No
> > errors, no status, no fetch log, no progress.
> > 
> > Www-client/links works in the chroot as expected, so the network is set up
> > all right; portage just can't use it.
> > 
> > I've compared /etc/exports on the two clients; also the chroot setup
> > scripts, /usr/portage permissions, the USE flags of nfs-utils and
> > everything else I can think of. All identical apart from obvious things
> > like 32/64 bits and network names and IPs. Google hasn't helped either.
> > 
> > Any ideas, anyone?
> 
> Never mind. I've rebuilt the chroot from stage 3 and it seems to be working
> fine.

The appearance was deceptive; all the distfiles needed must have been present 
already. Today, one wasn't and the fetching process hung and had to be killed.

So, again, what could possibly prevent portage from seeing the network inside 
a chroot, while other programs use it just the same as always?

-- 
Regards,
Peter.