[LEDE-DEV] [OpenWrt-Devel] [PATCH 0/5] x86: add support for microcode update
Hauke Mehrtens
hauke at hauke-m.de
Sun Jan 21 04:20:50 PST 2018
On 01/21/2018 01:07 PM, Nick Lowe wrote:
> Hi Arjen,
>
> The point I was making is that we see:
>
> root at LEDE:/sys/devices/system/cpu/vulnerabilities# cat meltdown
> Vulnerable
>
> This should not be marked as vulnerable and it is being.
>
> Cheers,
>
> Nick
>
> On Sun, Jan 21, 2018 at 12:04 PM, Arjen de Korte
> <arjen+lede at de-korte.org> wrote:
>> Citeren Nick Lowe <nick.lowe at gmail.com>:
>>
>>
>>> Yes, compiler updates will ultimately be necessary to properly close this.
>>>
>>> We can see for now with 4.9.77:
>>>
>>> root at LEDE:/sys/devices/system/cpu/vulnerabilities# cat spectre_v2
>>> Vulnerable: Minimal AMD ASM retpoline
>>>
>>> AMD processors are also incorrectly being marked as being vulnerable
>>> to Meltdown. On my APU2C4 I see:
>>>
>>> root at LEDE:/sys/devices/system/cpu/vulnerabilities# cat meltdown
>>> Vulnerable
>>>
>>> From /proc/cpuinfo
>>>
>>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
>>> pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt
>>> pdpe1gb rdtscp lm constant_tsc rep_good acc_power nopl nonstop_tsc
>>> extd_apicid aperfmperf eagerfpu pni pclmulqdq monitor ssse3 cx16
>>> sse4_1 sse4_2 movbe popcnt aes xsave avx f16c lahf_lm cmp_legacy svm
>>> extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit
>>> wdt topoext perfctr_nb bpext ptsc perfctr_l2 cpb hw_pstate retpoline
>>> retpoline_amd vmmcall bmi1 xsaveopt arat npt lbrv svm_lock nrip_save
>>> tsc_scale flushbyasid decodeassists pausefilter pfthreshold
>>> overflow_recov
>>>
>>> bugs : fxsave_leak sysret_ss_attrs null_seg cpu_meltdown spectre_v1
>>> spectre_v2
>>>
>>> This following patch seen in 4.14.14 is missing from 4.9.77:
>>>
>>> x86/cpu, x86/pti: Do not enable PTI on AMD processor
>>>
>>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.14.14&id=151d7039757b71ebd9d170af0944562f51149372
>>>
>>> We can see that in this commit which renamed X86_BUG_CPU_INSECURE to
>>> X86_BUG_CPU_MELTDOWN
>>>
>>>
>>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.77&id=43fe95308d276bdfd133f5951cc25565e39982ec
>>>
>>> Can we backport this?
>>
>>
>> No, it's not missing, it's just in a different location:
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/arch/x86/mm/kaiser.c?h=v4.9.75&id=8018307a45a90ab2eecfd03d48b7efb31707df37
>>
>> I already wrote this in a reply on Jan 8th...
>>
>>> Cheers,
>>>
>>> Nick
>>>
>>> On Thu, Jan 18, 2018 at 9:15 PM, Hauke Mehrtens <hauke at hauke-m.de> wrote:
>>>>
>>>> On 01/18/2018 01:51 PM, Nick Lowe wrote:
>>>>>
>>>>> Does an update to the Kernel, 4.9.77 and 4.14.14 need to be made to
>>>>> properly address this? There are fixes to mitigate Spectre.
>>>>
>>>>
>>>> We even need a patch for GCC which will be in GCC 8 and 7.3.
>>>> For master we should backport it to GCC 5.5, but what do we want to do
>>>> with 17.01 and 15.05 ?
>>>>
>>>> The AMD microcoded updater needs at least kernel 4.15, 4.14.13, 4.9.76,
>>>> 4.4.111 which we already have.
>>>>
>>>> Hauke
If your Linux kernel 4.9.77 running on an AMD APU is reported as
vulnerable to meltdown you should probably report this to the Linux
stable mailing list.
Greg wrote here that this should work:
http://kroah.com/log/blog/2018/01/19/meltdown-status-2/
Hauke
More information about the Lede-dev
mailing list