DevHeads.net

Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does not boot anymore

On Fri, 12 Jan 2018 03:10:42 +0000 (UTC), Jonesy via ubuntu-users wrote:
Hi,

is it using a backported KPTI patch set, respl. is it possible to
disable it by booting with nopti [1]? I don't have the time to read
changelogs at the moment.

Since a DAW not necessarily is connected to the Internet at all, but
requires best performance, disabling might be better, than using the
KPTI patch set and suffering from loss of performance. I read a German
article about extreme performance loss for SSD usage, but the article
doesn't mention Linux.

However, I didn't make tests, just installed 4.4.0.109.114 a few
minutes ago.

[root@archlinux moonstudio]# systemd-nspawn -q apt list linux-lowlatency -qq
linux-lowlatency/xenial-updates,xenial-security,now 4.4.0.109.114 amd64 [installed]

Regards,
Ralf

[1] <a href="https://lwn.net/Articles/741878/" title="https://lwn.net/Articles/741878/">https://lwn.net/Articles/741878/</a>

Comments

Re: Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does

By Gilles Gravier at 01/12/2018 - 08:53

Hi!

On 12/01/2018 04:39, Ralf Mardorf wrote:
A quick question to the OP... Is the machine an AMD machine (not AMD64,
I mean AMD processor versus Intel)?

Gilles

Re: Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does

By robert rottermann at 01/12/2018 - 12:04

On 12.01.2018 13:53, Gilles Gravier wrote:
it is a: Intel® Core™ i5-2500 CPU @ 3.30GHz × 4

Re: Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does

By silver.bullet at 01/13/2018 - 07:17

On Fri, 12 Jan 2018 17:04:00 +0100, robert rottermann wrote:
Actually I'm the OP of this thread ;). You messed up this thread, with
the original thread, but note, this thread was not in reply to the
original thread, it's a new opened thread. You could notice the
difference, if you let your MUA sort by thread.

To answer my request myself, unlikely there is an option "nopti" as
described by <a href="https://lwn.net/Articles/741878/" title="https://lwn.net/Articles/741878/">https://lwn.net/Articles/741878/</a>, but there obviously is
the "nokaiser" boot option [1.2].

I don't have time to test if booting with or without "nokaiser" makes
a difference on performance, such SSD access, DSP load or what ever
else.

Regards,
Ralf

[1]
[1.1]
[root@archlinux moonstudio]# systemd-nspawn apt changelog linux-image-4.4.0.109-lowlatency 2>/dev/null | grep -B84 "linux (4.4.0-104.127)"
linux (4.4.0-109.132) xenial; urgency=low

* linux: 4.4.0-109.132 -proposed tracker (LP: #1742252)

* Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)
(LP: #1741934)
- SAUCE: kaiser: fix perf crashes - fix to original commit

-- Marcelo Henrique Cerri <marcelo. ... at canonical dot com> Tue, 09 Jan 2018 15:56:26 -0200

linux (4.4.0-108.131) xenial; urgency=low

* linux: 4.4.0-108.131 -proposed tracker (LP: #1741727)

* CVE-2017-5754
- x86/mm: Disable PCID on 32-bit kernels

-- Marcelo Henrique Cerri <marcelo. ... at canonical dot com> Sun, 07 Jan 2018 11:46:05 -0200

linux (4.4.0-107.130) xenial; urgency=low

* linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)

* CVE-2017-5754
- Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
- KPTI: Report when enabled
- x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
- x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
- x86/kasan: Clear kasan_zero_page after TLB flush
- kaiser: Set _PAGE_NX only if supported

-- Kleber Sacilotto de Souza <kleber. ... at canonical dot com> Sat, 06 Jan 2018 17:13:03 +0100

linux (4.4.0-106.129) xenial; urgency=low

* linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)

* CVE-2017-5754
- KAISER: Kernel Address Isolation
- kaiser: merged update
- kaiser: do not set _PAGE_NX on pgd_none
- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
- kaiser: fix build and FIXME in alloc_ldt_struct()
- kaiser: KAISER depends on SMP
- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
- kaiser: fix perf crashes
- kaiser: ENOMEM if kaiser_pagetable_walk() NULL
- kaiser: tidied up asm/kaiser.h somewhat
- kaiser: tidied up kaiser_add/remove_mapping slightly
- kaiser: kaiser_remove_mapping() move along the pgd
- kaiser: cleanups while trying for gold link
- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
- kaiser: delete KAISER_REAL_SWITCH option
- kaiser: vmstat show NR_KAISERTABLE as nr_overhead
- x86/mm: Enable CR4.PCIDE on supported systems
- x86/mm: Build arch/x86/mm/tlb.c even on !SMP
- x86/mm, sched/core: Uninline switch_mm()
- x86/mm: Add INVPCID helpers
- x86/mm: If INVPCID is available, use it to flush global mappings
- kaiser: enhanced by kernel and user PCIDs
- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
- kaiser: PCID 0 for kernel and 128 for user
- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
- kaiser: paranoid_entry pass cr3 need to paranoid_exit
- kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
- kaiser: fix unlikely error in alloc_ldt_struct()
[1.2]
- kaiser: add "nokaiser" boot option, using ALTERNATIVE
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
- x86/boot: Add early cmdline parsing for options with arguments
- x86/kaiser: Check boottime cmdline params
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
- kaiser: drop is_atomic arg to kaiser_pagetable_walk()
- kaiser: asm/tlbflush.h handle noPGE at lower level
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
- x86/paravirt: Dont patch flush_tlb_single
- x86/kaiser: Reenable PARAVIRT
- kaiser: disabled on Xen PV
- x86/kaiser: Move feature detection up
- kvm: x86: fix RSM when PCID is non-zero
- SAUCE: arch/x86/entry/vdso: temporarily disable vdso
- [Config]: CONFIG_KAISER=y

-- Kleber Sacilotto de Souza <kleber. ... at canonical dot com> Fri, 05 Jan 2018 19:53:41 +0100

linux (4.4.0-104.127) xenial; urgency=low

Re: Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does

By NoOp at 01/12/2018 - 17:43

On 01/12/2018 08:04 AM, robert rottermann wrote:
You also update your Intel microcode per:
<a href="https://usn.ubuntu.com/usn/usn-3531-1/" title="https://usn.ubuntu.com/usn/usn-3531-1/">https://usn.ubuntu.com/usn/usn-3531-1/</a>
<a href="https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html" title="https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html">https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5715.html</a>

Re: Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does

By C de-Avillez at 01/12/2018 - 19:56

On Fri, 12 Jan 2018 13:43:42 -0800

Which seems to have introduced a regression on some hardware:

<a href="https://launchpad.net/bugs/1742933" title="https://launchpad.net/bugs/1742933">https://launchpad.net/bugs/1742933</a>

Re: Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does

By NoOp at 01/12/2018 - 20:31

On 01/12/2018 03:56 PM, C de-Avillez wrote:

Ah... thanks for that - good to know.
The Intel article referenced in the bug report:
<a href="https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/" title="https://newsroom.intel.com/news/intel-security-issue-update-addressing-reboot-issues/">https://newsroom.intel.com/news/intel-security-issue-update-addressing-r...</a>
states:
"We have received reports from a few customers of higher system reboots
after applying firmware updates. Specifically, these systems are running
Intel Broadwell and Haswell CPUs for both client and data center."

I updated 2 Intel machines: 1 running Pentium(R) Dual-Core CPU T4300 @
2.10GHz and another running an Intel i5-2450M CPU @ 2.5GHZ w/o issues.

Re: Meltdown – Spectre - Was: kernel 4.4.0-108 / 16.04 LTS does

By Nils Kassube at 01/12/2018 - 04:08

Ralf Mardorf wrote:
Well, I suppose it takes less time to read a changelog than to post a
question and wait for an answer.

apt-get changelog linux-image-$(uname -r)

should do the trick ...

Nils