The 4.14.13 stable kernel update contains a number of important fixes across the tree. This is also the first update to contain some spectre mitigations. Some patches for variant 1 as well as the initial retpoline build for variant 2. These variant 2 mitigations will improve with further patches, and once compiler support is improved.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-21a7ad920c

This update has been submitted for testing by jforbes.

2 years ago
User Icon sgraf commented & provided feedback 2 years ago
karma

Updated rpms and rebooted (note I have also new microcode_ctl). I ran also the test suite (both tests pass) and submitted results.

One of the enhancements comparing to -11 is that it now shows details under /proc/cpuinfo in 'bugs' section - in my case: cpu_meltdown spectre_v1 spectre_v2

$ uname -a

Linux unknown 4.14.13-300.fc27.x86_64 #1 SMP Thu Jan 11 04:00:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

jforbes edited this update.

2 years ago
User Icon anonymous commented & provided feedback 2 years ago

1532058 is fixed, as well as #1497559

karma: +1

BZ#1532058 CONFIG_RESET_ATTACK_MITIGATION forces Lenovo X220 to hard power off and power on instead of reboot
User Icon sezeroz commented & provided feedback 2 years ago
karma

Works for me on my Acer Aspire VX 15 / x86_64.

dmesg: has a new initial line:

[ 0.000000] microcode: microcode updated early to revision 0x80, date = 2018-01-04

/proc/cpuinfo diff between 4.14.11 and 4.14.13: Is the cpu MHz difference normal?

--- cpuinfo-4.14.11
+++ cpuinfo-4.14.13
@@ -2,12 +2,12 @@
 vendor_id  : GenuineIntel
 cpu family : 6
 model      : 158
 model name : Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
 stepping   : 9
-microcode  : 0x5e
+microcode  : 0x80
-cpu MHz        : 2800.000
+cpu MHz        : 800.056
 cache size : 6144 KB
 physical id    : 0
 siblings   : 8
 core id        : 0
 cpu cores  : 4
@@
[flags: retpoline is added to the long list]
-bugs       : cpu_insecure
+bugs       : cpu_meltdown spectre_v1 spectre_v2
User Icon rg3 commented & provided feedback 2 years ago
karma

Works for me.

User Icon puiterwijk commented & provided feedback 2 years ago
karma

Boot tested on x86_64, ppc64le, ppc64le and aarch64 virtual machines. x86_64 indicates minimal ASM retpoline and KPTI are enabled.

This update has been pushed to testing.

2 years ago
User Icon nivag commented & provided feedback 2 years ago
karma

wfm: desktop 16GB Intel i7-3770 CPU, laptop 16GB Intel i7-3610QM CPU, laptop 8GB Intel i5-2520M CPU Lenovo T420, - all using the Mate Desktop Environment

User Icon masami commented & provided feedback 2 years ago
karma

works fine for me on Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz.

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

2 years ago
User Icon fcobos provided feedback 2 years ago
karma
karma
User Icon robatino commented & provided feedback 2 years ago

AMD Athlon(tm) Processor LE-1640:

[root@compaq-pc ~]# dmesg | grep Spectre
[    0.010537] Spectre V2 mitigation: LFENCE not serializing. Switching to generic retpoline
[    0.010762] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline
[root@compaq-pc ~]# grep spectre /proc/cpuinfo
bugs        : fxsave_leak sysret_ss_attrs null_seg swapgs_fence amd_e400 spectre_v1 spectre_v2
[root@compaq-pc ~]#
User Icon robatino commented & provided feedback 2 years ago

AMD Athlon(tm) Processor LE-1640:

[root@compaq-pc ~]# dmesg | grep Spectre
[    0.010537] Spectre V2 mitigation: LFENCE not serializing. Switching to generic retpoline
[    0.010762] Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline
[root@compaq-pc ~]# grep spectre /proc/cpuinfo
bugs        : fxsave_leak sysret_ss_attrs null_seg swapgs_fence amd_e400 spectre_v1 spectre_v2
[root@compaq-pc ~]#
User Icon dimitrisk commented & provided feedback 2 years ago
karma

WFM, Thinkpad X250 (Broadwell)

User Icon tenk commented & provided feedback 2 years ago
karma

WFM

User Icon dhgutteridge commented & provided feedback 2 years ago

@sezeroz: CPU Mhz difference in /proc/cpuinfo is presumably due to this change pulled into 4.14.13:

commit 22af48be826c4193bba2f11112330aabb2568594
Author: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Date:   Wed Nov 15 02:13:40 2017 +0100

    x86 / CPU: Always show current CPU frequency in /proc/cpuinfo

    commit 7d5905dc14a87805a59f3c5bf70173aac2bb18f8 upstream.

    After commit 890da9cf0983 (Revert "x86: do not use cpufreq_quick_get()
    for /proc/cpuinfo "cpu MHz"") the "cpu MHz" number in /proc/cpuinfo
    on x86 can be either the nominal CPU frequency (which is constant)
    or the frequency most recently requested by a scaling governor in
    cpufreq, depending on the cpufreq configuration.  That is somewhat
    inconsistent and is different from what it was before 4.13, so in
    order to restore the previous behavior, make it report the current
    CPU frequency like the scaling_cur_freq sysfs file in cpufreq.

Further details can be found in the change log: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13.

User Icon sezeroz commented & provided feedback 2 years ago

@dhgutteridge: Thanks.

User Icon bojan commented & provided feedback 2 years ago
karma

Boots on T450s, XS35GTv2 and a VM.

User Icon ibims commented & provided feedback 2 years ago
karma

works for me on two x86_64 boxes.

User Icon imabug provided feedback 2 years ago
karma

This update has been submitted for batched by jforbes.

2 years ago

This update has been submitted for stable by jforbes.

2 years ago
User Icon sassam commented & provided feedback 2 years ago
karma
  • No new regressions noted on Dell Latitude 3350
User Icon rombobeorn commented & provided feedback 2 years ago
karma

Since feedback about AMD processors was requested, here's data from a Ryzen 7 1800X:

[root@tag ~]# dmesg | grep Spectre
[    0.041002] Spectre V2 mitigation: Vulnerable: Minimal AMD ASM retpoline
[root@tag ~]# grep spectre /proc/cpuinfo
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2
bugs        : sysret_ss_attrs null_seg spectre_v1 spectre_v2

This update has been pushed to stable.

2 years ago
User Icon wfp commented & provided feedback 2 years ago
karma

AMD info from older CPU (Athlon II X4 635):

# dmesg | grep Spectre
 [    0.008050] Spectre V2 mitigation: Vulnerable: Minimal AMD ASM retpoline
# grep spectre /proc/cpuinfo
bugs            : tlb_mmatch apic_c1e fxsave_leak sysret_ss_attrs null_seg amd_e400 spectre_v1 spectre_v2
bugs            : tlb_mmatch apic_c1e fxsave_leak sysret_ss_attrs null_seg amd_e400 spectre_v1 spectre_v2
bugs            : tlb_mmatch apic_c1e fxsave_leak sysret_ss_attrs null_seg amd_e400 spectre_v1 spectre_v2
bugs            : tlb_mmatch apic_c1e fxsave_leak sysret_ss_attrs null_seg amd_e400 spectre_v1 spectre_v2
User Icon adamwill commented & provided feedback 2 years ago

@sezeroz modern CPUs all use variable speed stepping to save power; when they're idle they'll run much slower, basically. It's quite normal to see the speed of your CPU change often. Usually it'll have a 'floor' it never goes under, where it sits all the time when it's idle; looks like yours is probably 800MHz.

User Icon sassam commented & provided feedback 2 years ago

Just tested this on my Thinkpad X220; confirming bug #1532058 is fixed.

BZ#1532058 CONFIG_RESET_ATTACK_MITIGATION forces Lenovo X220 to hard power off and power on instead of reboot
User Icon plaes commented & provided feedback 2 years ago
karma

Seems to be also fixing "#1533654 - Two-finger scroll does not work after suspend-resume cycle." \o/

User Icon gbcox commented & provided feedback 2 years ago
karma

Installed on two different AMD systems. Didn't notice any differences from previous kernel. Output from the two AMD systems is below.

======================================================================= dmesg | grep Spectre [ 0.015059] Spectre V2 mitigation: Vulnerable: Minimal AMD ASM retpoline

grep spectre /proc/cpuinfo bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2

=========================================================================

dmesg | grep Spectre [ 0.017130] Spectre V2 mitigation: Vulnerable: Minimal AMD ASM retpoline

grep spectre /proc/cpuinfo bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2 bugs : fxsave_leak sysret_ss_attrs null_seg spectre_v1 spectre_v2

User Icon rathann commented & provided feedback 2 years ago

Works for me and fixes bug #1514969 on one of my machines.

User Icon danniel commented & provided feedback 2 years ago

works

BZ#1514969 Bug in backlight handling renders system almost unusable

Please login to add feedback.

Metadata
Type
security
Karma
18
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1514969 Bug in backlight handling renders system almost unusable
0
1
BZ#1531182 Out-of-tree kernel modules fail to build on aarch64
0
0
BZ#1532058 CONFIG_RESET_ATTACK_MITIGATION forces Lenovo X220 to hard power off and power on instead of reboot
0
2

Automated Test Results

Test Cases

0 4 Test Case kernel regression