search for: kpti

Noticed C6 had a kernel update on Friday. 2.6.32-696.18.7.el6.x86_64 What is the flag in /proc/cpuinfo that indicates the KPTI patch for Meltdown CVE-2017-5754 for C6? Some distros are using "kaiser" some like Fedora are using "pti". Also noticed some (like Fedora) are displaying "cpu_insecure" under the bugs: heading of cpuinfo.

...uot; > > > Today's Topics: > > 1. Re: CentOS 7.4 fails to boot as Xen PV guest: resurfaces (now > also) with centosplus kernel 693.11.6.el7 (Johnny Hughes) > 2. Re: Nvidia maximum pixel clock issue in kmod-nvidia-384.98 > (Phil Perry) > 3. C6 KPTI cpuinfo flag? (Robert Arkiletian) > 4. Re: C6 KPTI cpuinfo flag? (isdtor) > 5. Cent OS 7.3 Shared library issue (Aman Sharma) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 8 Jan 2018 06:46:31 -0600 > From:...

Twitter user stintel, in this thread: https://twitter.com/stintel/status/948499157282623488 mentions a possible problem with the new patches and the nvidia driver: "As if the @Intel bug isn't bad enough, #KPTI renders @nvidia driver incompatible due to GPL-only symbol 'cpu_tlbstate'. #epicfail" Also: https://twitter.com/tomasz_gwozdz/status/948590364679655429 https://twitter.com/BitsAndChipsEng/status/948578609761054721 Cheers, Zube

...time of the i8042 controller probing. Obviously the stock upstream 3.10.0-693.11.6.el7 crashes as well for XS7 XenPV guests, but that was to be expected as per 0013763. It crashes in the same way, around the time of the i8042 probes. Can anyone (maybe bill_mcgonigle?) reproduce the issue? Did the KPTI patches break the XenPV fixes in CentOS Plus per 13763? Or is this a new XenPV issue? Interestingly, the crash is now sudden and (even at loglevel=7) without further information. The crash after the i8042/mousedev is (I think) unrelated to these devices, since the system crashes in the same way ev...

On 01/04/2018 10:49 AM, Akemi Yagi wrote: > On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote: > >> Please patch the CentOS-virt Kernel to fix the >> Kernel Side-Channel Attacks vulnerabilities. >> >> The latest CentOS-virt kernel was released in November, as seen below. >> >> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30 >>

...dge KAISER doesn't matter for Xen Dom0's given they run in PV mode, and KAISER isn't enabled for PV guests. > > But it will be important if anyone is running the CentOS kernel in > their HVM domUs (as guest kernels can be attacked using SP3 by guest > user space without the KPTI patches). > > I'm sure Johnny will get to it as soon as he has the opportunity. I have just pushed the 4.9.75-29.el7 and 4.9.75-30.el6 kernels to the testing repositories. https://buildlogs.centos.org/centos/7/virt/x86_64/xen/ and https://buildlogs.centos.org/centos/6/virt/x86_64/xe...

...space address > > > > space present. > > > > > > Like smap? > > > > Yes like smap but also other newer changes, with similar effect, since > > the spectre drama. > > > > Cheers, > > J?r?me > > Sorry do you mean meltdown and kpti? Yes all that and similar thing. I do not have the full list in my head. Cheers, J?r?me

...space address > > > > space present. > > > > > > Like smap? > > > > Yes like smap but also other newer changes, with similar effect, since > > the spectre drama. > > > > Cheers, > > J?r?me > > Sorry do you mean meltdown and kpti? Yes all that and similar thing. I do not have the full list in my head. Cheers, J?r?me

...one on each patch proposal. Always testing hibernation, suspend, ftrace and kprobe to ensure no regressions. - patch v3: - Update on message to describe longer term PIE goal. - Minor change on ftrace if condition. - Changed code using xchgq. - patch v2: - Adapt patch to work post KPTI and compiler changes - Redo all performance testing with latest configs and compilers - Simplify mov macro on PIE (MOVABS now) - Reduce GOT footprint - patch v1: - Simplify ftrace implementation. - Use gcc mstack-protector-guard-reg=%gs with PIE when possible. - rfc v3: - Use --...

...one on each patch proposal. Always testing hibernation, suspend, ftrace and kprobe to ensure no regressions. - patch v3: - Update on message to describe longer term PIE goal. - Minor change on ftrace if condition. - Changed code using xchgq. - patch v2: - Adapt patch to work post KPTI and compiler changes - Redo all performance testing with latest configs and compilers - Simplify mov macro on PIE (MOVABS now) - Reduce GOT footprint - patch v1: - Simplify ftrace implementation. - Use gcc mstack-protector-guard-reg=%gs with PIE when possible. - rfc v3: - Use --...

On Thu, Mar 07, 2019 at 10:16:00PM -0500, Michael S. Tsirkin wrote: > On Thu, Mar 07, 2019 at 09:55:39PM -0500, Jerome Glisse wrote: > > On Thu, Mar 07, 2019 at 09:21:03PM -0500, Michael S. Tsirkin wrote: > > > On Thu, Mar 07, 2019 at 02:17:20PM -0500, Jerome Glisse wrote: > > > > > It's because of all these issues that I preferred just accessing > > >

On Thu, Mar 07, 2019 at 10:16:00PM -0500, Michael S. Tsirkin wrote: > On Thu, Mar 07, 2019 at 09:55:39PM -0500, Jerome Glisse wrote: > > On Thu, Mar 07, 2019 at 09:21:03PM -0500, Michael S. Tsirkin wrote: > > > On Thu, Mar 07, 2019 at 02:17:20PM -0500, Jerome Glisse wrote: > > > > > It's because of all these issues that I preferred just accessing > > >

On Sat, Jan 6, 2018 at 5:38 PM, Philipp Marek <philipp at marek.priv.at> wrote: > I think we are possibly interested in switching to DIRECT IO (given that it >> bypasses any caching system including page cache) when reading *.PEM file >> > Sorry, but this makes no sense. > The data could just as well be read from the SSH process > memory space. > I think

...t; To my best knowledge KAISER doesn't matter for Xen Dom0's given they run in PV mode, and KAISER isn't enabled for PV guests. But it will be important if anyone is running the CentOS kernel in their HVM domUs (as guest kernels can be attacked using SP3 by guest user space without the KPTI patches). I'm sure Johnny will get to it as soon as he has the opportunity. -George

On Thu, 4 Jan 2018, Zube wrote: > Twitter user stintel, in this thread: > > https://twitter.com/stintel/status/948499157282623488 > > mentions a possible problem with the new patches and the > nvidia driver: > > "As if the @Intel bug isn't bad enough, #KPTI renders @nvidia driver > incompatible due to GPL-only symbol 'cpu_tlbstate'. #epicfail" > > Also: > > https://twitter.com/tomasz_gwozdz/status/948590364679655429 > > https://twitter.com/BitsAndChipsEng/status/948578609761054721 I've seen no obvious problems wi...

...ing. > > Obviously the stock upstream 3.10.0-693.11.6.el7 crashes as well for > XS7 XenPV guests, but that was to be expected as per 0013763. > It crashes in the same way, around the time of the i8042 probes. > > Can anyone (maybe bill_mcgonigle?) reproduce the issue? > Did the KPTI patches break the XenPV fixes in CentOS Plus per 13763? > Or is this a new XenPV issue? > ?You may want to be watching the centos-virt mailing list. Xen-related issues are discussed there. This thread: ? https://lists.centos.org/pipermail/centos-virt/2018-January/005716.html ?has a respon...

...> running in its own address space without the userspace address > > > space present. > > > > Like smap? > > Yes like smap but also other newer changes, with similar effect, since > the spectre drama. > > Cheers, > J?r?me Sorry do you mean meltdown and kpti? -- MST

...out the userspace address >>>>> space present. >>>> Like smap? >>> Yes like smap but also other newer changes, with similar effect, since >>> the spectre drama. >>> >>> Cheers, >>> J?r?me >> Sorry do you mean meltdown and kpti? > Yes all that and similar thing. I do not have the full list in my head. > > Cheers, > J?r?me Yes, address space of kernel its own is the main motivation of using vmap here. Thanks

...zilla reporter) are describing, is this expected to work > any better on AMD CPUs? (All reports are on Intel) No, remeber that they are also still missing migration support of the nested SVM state. > > - Do you expect nested virtualization functionality to be adversely > affected by KPTI and/or other Meltdown/Spectre mitigation patches? Not an expert on this. I think it should be affected in a similar way as ordinary guests :) > > Kashyap, can you think of any other limitations that would benefit > from improved documentation? We should certainly document what I have s...

...testing > hibernation, suspend, ftrace and kprobe to ensure no regressions. > - patch v3: > - Update on message to describe longer term PIE goal. > - Minor change on ftrace if condition. > - Changed code using xchgq. > - patch v2: > - Adapt patch to work post KPTI and compiler changes > - Redo all performance testing with latest configs and compilers > - Simplify mov macro on PIE (MOVABS now) > - Reduce GOT footprint > - patch v1: > - Simplify ftrace implementation. > - Use gcc mstack-protector-guard-reg=%gs with PIE when po...