Re: [lfs-support] Page Table Isolation on AMD Processors

2018-02-11 Thread Mark Pokorny
On 11 February 2018 at 19:30, Ken Moffat wrote: > On Sun, Feb 11, 2018 at 07:10:41PM +, Mark Pokorny wrote: >> Hi all, >> >> I’ve been away for a while, but am back now starting a new SVN build >> of LFS. Since I’ve been away, however, the Spectre/Meltdown issue has

[lfs-support] Page Table Isolation on AMD Processors

2018-02-11 Thread Mark Pokorny
Hi all, I’ve been away for a while, but am back now starting a new SVN build of LFS. Since I’ve been away, however, the Spectre/Meltdown issue has been discussed at length. I’ve been reading through the archives with interest, but unfortunately little understanding. I am currently going through

Re: [lfs-support] Page Table Isolation

2018-01-11 Thread Ken Moffat
On Thu, Jan 11, 2018 at 02:37:49PM -0800, Paul Rogers wrote: > > In my investigation I too saw the 4GB/4GB split mentioned but with something > else that caused me to disregard it--it had been pulled or something. > > I have 4GB in my "everyday" Conroes, though the refurb box I dedicate to W10

Re: [lfs-support] Page Table Isolation

2018-01-11 Thread Paul Rogers
> I would not abandon hope just yet, although the chances are probably > slim. The *big* target is rented (by the hour or whatever) machines > and VMs - those are almost wholly x86_64 and that is where people's > data is most at risk of the Meltdown vulnerability. Certainly those, but I think

Re: [lfs-support] Page Table Isolation

2018-01-11 Thread Ken Moffat
On Thu, Jan 11, 2018 at 08:03:13PM +0100, Thomas Trepl wrote: > > Gentoo writes: "... Currently, the KPTI patch-set is only available for > 64-bit Gentoo operating systems. Some 32-bit operating systems (for > example if you are using 4gb/4gb memory split) are immune because they > use separate

Re: [lfs-support] Page Table Isolation

2018-01-11 Thread Thomas Trepl
Am Mittwoch, den 10.01.2018, 17:10 + schrieb Ken Moffat: > On Tue, Jan 09, 2018 at 03:02:27PM -0800, Paul Rogers wrote: > > > On Mon, Jan 08, 2018 at 04:14:50PM -0800, Paul Rogers wrote: > > > > I've just patched one of my older Core2 "Conroe", LFS-7.7, up > > > > to 4.4.110. It's an i686

Re: [lfs-support] Page Table Isolation

2018-01-10 Thread Ken Moffat
On Tue, Jan 09, 2018 at 03:02:27PM -0800, Paul Rogers wrote: > > On Mon, Jan 08, 2018 at 04:14:50PM -0800, Paul Rogers wrote: > > Please, if anyone runs across the 32-bit patch, let me know. There certainly > are many 32-bit system still in service! > I would not abandon hope just yet,

Re: [lfs-support] Page Table Isolation

2018-01-10 Thread Paul Rogers
> Uuh, not that I'm aware of that in .10 the PTI stuff was implemented. > In that .10-system, "cat /proc/cpuinfo" shows nothing in the "bugs:" > line (while .12 says "bugs: cpu_insecure") and there is nothing about > KPTI in dmesg when booting the .10. I've just upgraded my LFS-7.10 system to

Re: [lfs-support] Page Table Isolation

2018-01-10 Thread Ken Moffat
On Tue, Jan 09, 2018 at 03:02:27PM -0800, Paul Rogers wrote: > > On Mon, Jan 08, 2018 at 04:14:50PM -0800, Paul Rogers wrote: > > > I've just patched one of my older Core2 "Conroe", LFS-7.7, up to 4.4.110. > > > It's an i686 system. > > > > > > Any ideas? TIA. > > > > > > > Looking at my

Re: [lfs-support] Page Table Isolation

2018-01-09 Thread Ken Moffat
On Tue, Jan 09, 2018 at 03:02:27PM -0800, Paul Rogers wrote: > > On Mon, Jan 08, 2018 at 04:14:50PM -0800, Paul Rogers wrote: > > > I've just patched one of my older Core2 "Conroe", LFS-7.7, up to 4.4.110. > > > It's an i686 system. > > > > > > Any ideas? TIA. > > > > > > > Looking at my

Re: [lfs-support] Page Table Isolation

2018-01-09 Thread Paul Rogers
> On Mon, Jan 08, 2018 at 04:14:50PM -0800, Paul Rogers wrote: > > I've just patched one of my older Core2 "Conroe", LFS-7.7, up to 4.4.110. > > It's an i686 system. > > > > Any ideas? TIA. > > > > Looking at my lkml mailbox, patch 02 of 37 for this version added I haven't been able to GET

Re: [lfs-support] Page Table Isolation

2018-01-09 Thread Ken Moffat
On Tue, Jan 09, 2018 at 07:32:01PM +0100, Thomas Trepl wrote: > > [0.00] Kernel/User page tables isolation: enabled > > > > then it should be active. At least on x64_64 such a line comes up > > (with 4.14.12). > > > > Will do a i686 build today... > > Did so. Looks like the KPTI stuff

Re: [lfs-support] Page Table Isolation

2018-01-08 Thread Thomas Trepl
Am Montag, den 08.01.2018, 16:14 -0800 schrieb Paul Rogers: > I've just patched one of my older Core2 "Conroe", LFS-7.7, up to > 4.4.110. It's an i686 system. With each minor-version patch "make > oldconfig" was run. I saw no kernel config parameter for > PAGE_TABLE_ISOLATION when I rebuilt the

Re: [lfs-support] Page Table Isolation

2018-01-08 Thread Ken Moffat
On Mon, Jan 08, 2018 at 04:14:50PM -0800, Paul Rogers wrote: > I've just patched one of my older Core2 "Conroe", LFS-7.7, up to 4.4.110. > It's an i686 system. With each minor-version patch "make oldconfig" was run. > I saw no kernel config parameter for PAGE_TABLE_ISOLATION when I rebuilt

Re: [lfs-support] Page Table Isolation

2018-01-08 Thread Paul Rogers
I've just patched one of my older Core2 "Conroe", LFS-7.7, up to 4.4.110. It's an i686 system. With each minor-version patch "make oldconfig" was run. I saw no kernel config parameter for PAGE_TABLE_ISOLATION when I rebuilt the patched kernel. I can find no evidence it has been built into

Re: [lfs-support] Page Table Isolation

2018-01-07 Thread Paul Rogers
>> Likewise, I'm not betting kernel patches will get pushed down >> to the kernels that support those old systems. ext3 is not >> supported in the latest kernels, so instructions to install >> the latest kernels will leave many systems non-functional. >> I think patches need to be pushed back to

Re: [lfs-support] Page Table Isolation

2018-01-06 Thread Ken Moffat
On Thu, Jan 04, 2018 at 10:13:16PM +, Ken Moffat wrote: [ Correcting my erroneous comment on the skylake firmware, although it's so embarrassing that I was strongly tempted not to bother. ] > > > > Intel are also in the process of releasing new firmware for > > processors released in the

Re: [lfs-support] Page Table Isolation

2018-01-06 Thread Richard Melville
On 5 January 2018 at 22:28, Paul Rogers wrote: > > Likewise, I'm not betting kernel patches will get pushed down to the > kernels that support those old systems. ext3 is not supported in the > latest kernels, so instructions to install the latest kernels will leave >

Re: [lfs-support] Page Table Isolation

2018-01-05 Thread Ken Moffat
On Fri, Jan 05, 2018 at 02:28:04PM -0800, Paul Rogers wrote: > I have been searching and reading intently for the past day also. I am > disappointed by the rush to republish and dearth of solid data beyond the > Proof of Concept. > Yes, it's hard finding accurate information - the whole thing

Re: [lfs-support] Page Table Isolation

2018-01-05 Thread Paul Rogers
I have been searching and reading intently for the past day also. I am disappointed by the rush to republish and dearth of solid data beyond the Proof of Concept. Apparently in theory Spectre haunts all processors back to the Pentium Pro. There is very little solid evidence of what steppings

[lfs-support] Page Table Isolation

2018-01-04 Thread Ken Moffat
People who follow the news will be aware that big changes have been rushed into the linux kernel (and changes are/have been also rolled out by microsoft, and apparently by apple). There are two vulnerabilities, with the shiny names of Meltdown and Spectre. Both refer to ways of userspace finding