[LEDE-DEV] [OpenWrt-Devel] [PATCH 0/5] x86: add support for microcode update

Nick Lowe nick.lowe at gmail.com
Sun Jan 21 04:07:34 PST 2018


Hi Arjen,

The point I was making is that we see:

root at LEDE:/sys/devices/system/cpu/vulnerabilities# cat meltdown
Vulnerable

This should not be marked as vulnerable and it is being.

Cheers,

Nick

On Sun, Jan 21, 2018 at 12:04 PM, Arjen de Korte
<arjen+lede at de-korte.org> wrote:
> Citeren Nick Lowe <nick.lowe at gmail.com>:
>
>
>> Yes, compiler updates will ultimately be necessary to properly close this.
>>
>> We can see for now with 4.9.77:
>>
>> root at LEDE:/sys/devices/system/cpu/vulnerabilities# cat spectre_v2
>> Vulnerable: Minimal AMD ASM retpoline
>>
>> AMD processors are also incorrectly being marked as being vulnerable
>> to Meltdown. On my APU2C4 I see:
>>
>> root at LEDE:/sys/devices/system/cpu/vulnerabilities# cat meltdown
>> Vulnerable
>>
>> From /proc/cpuinfo
>>
>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
>> pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt
>> pdpe1gb rdtscp lm constant_tsc rep_good acc_power nopl nonstop_tsc
>> extd_apicid aperfmperf eagerfpu pni pclmulqdq monitor ssse3 cx16
>> sse4_1 sse4_2 movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm
>> extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit
>> wdt topoext perfctr_nb bpext ptsc perfctr_l2 cpb hw_pstate retpoline
>> retpoline_amd vmmcall bmi1 xsaveopt arat npt lbrv svm_lock nrip_save
>> tsc_scale flushbyasid decodeassists pausefilter pfthreshold
>> overflow_recov
>>
>> bugs : fxsave_leak sysret_ss_attrs null_seg cpu_meltdown spectre_v1
>> spectre_v2
>>
>> This following patch seen in 4.14.14 is missing from 4.9.77:
>>
>> x86/cpu, x86/pti: Do not enable PTI on AMD processor
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.14.14&id=151d7039757b71ebd9d170af0944562f51149372
>>
>> We can see that in this commit which renamed X86_BUG_CPU_INSECURE to
>> X86_BUG_CPU_MELTDOWN
>>
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.77&id=43fe95308d276bdfd133f5951cc25565e39982ec
>>
>> Can we backport this?
>
>
> No, it's not missing, it's just in a different location:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75&id=8018307a45a90ab2eecfd03d48b7efb31707df37
>
> I already wrote this in a reply on Jan 8th...
>
>> Cheers,
>>
>> Nick
>>
>> On Thu, Jan 18, 2018 at 9:15 PM, Hauke Mehrtens <hauke at hauke-m.de> wrote:
>>>
>>> On 01/18/2018 01:51 PM, Nick Lowe wrote:
>>>>
>>>> Does an update to the Kernel, 4.9.77 and 4.14.14 need to be made to
>>>> properly address this? There are fixes to mitigate Spectre.
>>>
>>>
>>> We even need a patch for GCC which will be in GCC 8 and 7.3.
>>> For master we should backport it to GCC 5.5, but what do we want to do
>>> with 17.01 and 15.05 ?
>>>
>>> The AMD microcoded updater needs at least kernel 4.15, 4.14.13, 4.9.76,
>>> 4.4.111  which we already have.
>>>
>>> Hauke
>>
>>
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
>
>
>
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev



More information about the Lede-dev mailing list