* Yocto Project, Spectre and Meltdown
@ 2018-01-16 11:38 Richard Purdie
2018-01-27 16:35 ` Richard Purdie
0 siblings, 1 reply; 9+ messages in thread
From: Richard Purdie @ 2018-01-16 11:38 UTC (permalink / raw)
To: openembedded-core
I just wanted to give people an update on where the project stands
with these issues.
We currently have three stable branches we're maintaining, rocko, pyro
and morty.
GCC:
====
Patches to support fixes have now made it into the upstream gcc master
branch. We'll be looking to port these patches to the default gcc
version in the stable releases and master. Version wise, the releases
contain:
master: 7.2
rocko: 7.2 6.3
pyro: 6.3 5.4
morty: 6.2 and 5.4
so we'll likely port to 7.2, 6.3 and 6.2.
If you need something to experiment with in the meantime, Juro did put
together:
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jurob/gcc-patch_1
which is one of the older versions of the patchset. We have decided to
wait until something landed upstream due to the amount of discussion
around the patches before taking something to merge into master.
Kernel:
=======
There are a lot of patches around, some have made it into mainline,
some have been backported and some haven't made mainline yet. There are
reported stability issues on the stable branches and therefore we've
not pulled those in yet as they don't appear ready. As and when things
do make the stable trees, we'll pull them in and update the relevant
kernel versions.
There is a meta-intel experimental patch for 4.14 available:
http://git.yoctoproject.org/cgit.cgi/meta-intel-contrib/log/?h=clsulliv/clear-test
(also shows you to append to gcc to have the relevant gcc patch above
available)
Once there is a known good patchset, we'll look at filling in any
kernel version gaps for default kernel versions if there aren't
upstream patches/plans.
IA Microcode:
=============
There is an IA microcode update available in meta-intel:
http://git.yoctoproject.org/cgit.cgi/meta-intel/commit/?id=7969d8e442bdefd8036a334ca9d9ce133272399b
Webkit:
=======
The new webkit release which includes fixes related to this has already
been updated in master and the three stable releases (thanks Alex!).
If anyone knows of any other patches merged upstream to address related
issues please do let us know, I've tried to collate together here the
pieces I'm aware of. If there are other pieces of software that need
updates as a result of this, please also let me know.
Cheers,
Richard
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-01-16 11:38 Yocto Project, Spectre and Meltdown Richard Purdie
@ 2018-01-27 16:35 ` Richard Purdie
2018-01-27 16:59 ` Manjukumar Harthikote Matha
2018-02-07 12:17 ` Alexander Kanavin
0 siblings, 2 replies; 9+ messages in thread
From: Richard Purdie @ 2018-01-27 16:35 UTC (permalink / raw)
To: openembedded-core
On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
> I just wanted to give people an update on where the project stands
> with these issues.
Master now contains gcc and kernel fixes (in linux-yocto). meta-yocto-
bsp updates are still pending.
rocko-next also has those fixes and is undergoing testing which if it
passes, will get pushed to rocko.
I'm not aware of gcc 6.x patches for these issues yet which will gate
fixes for pyro and morty.
Cheers,
Richard
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-01-27 16:35 ` Richard Purdie
@ 2018-01-27 16:59 ` Manjukumar Harthikote Matha
2018-01-27 21:34 ` Khem Raj
2018-01-27 23:06 ` Richard Purdie
2018-02-07 12:17 ` Alexander Kanavin
1 sibling, 2 replies; 9+ messages in thread
From: Manjukumar Harthikote Matha @ 2018-01-27 16:59 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
Hi RP,
> -----Original Message-----
> From: openembedded-core-bounces@lists.openembedded.org
> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of
> Richard Purdie
> Sent: Saturday, January 27, 2018 8:36 AM
> To: openembedded-core <openembedded-core@lists.openembedded.org>
> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
>
> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
> > I just wanted to give people an update on where the project stands
> > with these issues.
>
> Master now contains gcc and kernel fixes (in linux-yocto). meta-yocto- bsp updates
> are still pending.
>
> rocko-next also has those fixes and is undergoing testing which if it passes, will get
> pushed to rocko.
>
I see that rocko-next branch is upgrading the GCC version to 7.3 from 7.2 , is there a reason to do so?
I was under the impression that we would backport the security fixes to 7.2 version.
Thanks,
Manju
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-01-27 16:59 ` Manjukumar Harthikote Matha
@ 2018-01-27 21:34 ` Khem Raj
2018-01-27 23:06 ` Richard Purdie
1 sibling, 0 replies; 9+ messages in thread
From: Khem Raj @ 2018-01-27 21:34 UTC (permalink / raw)
To: Manjukumar Harthikote Matha; +Cc: openembedded-core
On Sat, Jan 27, 2018 at 8:59 AM, Manjukumar Harthikote Matha
<MANJUKUM@xilinx.com> wrote:
> Hi RP,
>
>> -----Original Message-----
>> From: openembedded-core-bounces@lists.openembedded.org
>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of
>> Richard Purdie
>> Sent: Saturday, January 27, 2018 8:36 AM
>> To: openembedded-core <openembedded-core@lists.openembedded.org>
>> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
>>
>> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
>> > I just wanted to give people an update on where the project stands
>> > with these issues.
>>
>> Master now contains gcc and kernel fixes (in linux-yocto). meta-yocto- bsp updates
>> are still pending.
>>
>> rocko-next also has those fixes and is undergoing testing which if it passes, will get
>> pushed to rocko.
>>
>
> I see that rocko-next branch is upgrading the GCC version to 7.3 from 7.2 , is there a reason to do so?
> I was under the impression that we would backport the security fixes to 7.2 version.
>
point releases are bugfix releases of gcc, I think you can look at it
as cumulative bugfixes backport.
If you are concerned about some of the fixes in this
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=7.3
please let us know.
-Khem
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-01-27 16:59 ` Manjukumar Harthikote Matha
2018-01-27 21:34 ` Khem Raj
@ 2018-01-27 23:06 ` Richard Purdie
2018-01-28 0:48 ` akuster808
1 sibling, 1 reply; 9+ messages in thread
From: Richard Purdie @ 2018-01-27 23:06 UTC (permalink / raw)
To: Manjukumar Harthikote Matha, openembedded-core
On Sat, 2018-01-27 at 16:59 +0000, Manjukumar Harthikote Matha wrote:
> -----Original Message-----
> > From: openembedded-core-bounces@lists.openembedded.org
> > [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf
> > Of
> > Richard Purdie
> > Sent: Saturday, January 27, 2018 8:36 AM
> > To: openembedded-core <openembedded-core@lists.openembedded.org>
> > Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
> >
> > On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
> > >
> > > I just wanted to give people an update on where the project
> > > stands
> > > with these issues.
> > Master now contains gcc and kernel fixes (in linux-yocto). meta-
> > yocto- bsp updates
> > are still pending.
> >
> > rocko-next also has those fixes and is undergoing testing which if
> > it passes, will get
> > pushed to rocko.
> >
> I see that rocko-next branch is upgrading the GCC version to 7.3 from
> 7.2 , is there a reason to do so?
> I was under the impression that we would backport the security fixes
> to 7.2 version.
As Khem replied, this is the stable gcc series and gcc remapped their
versioning scheme a while back to mean that 7.3 is a point release of
the 7 series.
I'm of the view that the gcc team know a lot more about which patches
should be backported to a stable series and have a better skillset and
knowledge base to know how to apply patches onto the older versions
than we do. As such I believe that 7.3 is the right approach for rocko.
Do you have a reason to believe we should do something else?
Note that for pyro and earlier we will need gcc 6 patches, we are not
upgrading 6 -> 7 on pyro since that would cause a ton of breakage.
Cheers,
Richard
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-01-27 23:06 ` Richard Purdie
@ 2018-01-28 0:48 ` akuster808
2018-01-28 17:59 ` Manjukumar Harthikote Matha
0 siblings, 1 reply; 9+ messages in thread
From: akuster808 @ 2018-01-28 0:48 UTC (permalink / raw)
To: Richard Purdie, Manjukumar Harthikote Matha, openembedded-core
On 01/27/2018 03:06 PM, Richard Purdie wrote:
> On Sat, 2018-01-27 at 16:59 +0000, Manjukumar Harthikote Matha wrote:
>> -----Original Message-----
>>> From: openembedded-core-bounces@lists.openembedded.org
>>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf
>>> Of
>>> Richard Purdie
>>> Sent: Saturday, January 27, 2018 8:36 AM
>>> To: openembedded-core <openembedded-core@lists.openembedded.org>
>>> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
>>>
>>> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
>>>> I just wanted to give people an update on where the project
>>>> stands
>>>> with these issues.
>>> Master now contains gcc and kernel fixes (in linux-yocto). meta-
>>> yocto- bsp updates
>>> are still pending.
>>>
>>> rocko-next also has those fixes and is undergoing testing which if
>>> it passes, will get
>>> pushed to rocko.
>>>
>> I see that rocko-next branch is upgrading the GCC version to 7.3 from
>> 7.2 , is there a reason to do so?
>> I was under the impression that we would backport the security fixes
>> to 7.2 version.
> As Khem replied, this is the stable gcc series and gcc remapped their
> versioning scheme a while back to mean that 7.3 is a point release of
> the 7 series.
>
> I'm of the view that the gcc team know a lot more about which patches
> should be backported to a stable series and have a better skillset and
> knowledge base to know how to apply patches onto the older versions
> than we do. As such I believe that 7.3 is the right approach for rocko.
Agreed.
>
> Do you have a reason to believe we should do something else?
>
> Note that for pyro and earlier we will need gcc 6 patches, we are not
> upgrading 6 -> 7 on pyro since that would cause a ton of breakage.
Agreed. Currently evaluating best and safest approach.
- armin
>
> Cheers,
>
> Richard
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-01-28 0:48 ` akuster808
@ 2018-01-28 17:59 ` Manjukumar Harthikote Matha
0 siblings, 0 replies; 9+ messages in thread
From: Manjukumar Harthikote Matha @ 2018-01-28 17:59 UTC (permalink / raw)
To: akuster808, Richard Purdie, openembedded-core
> -----Original Message-----
> From: akuster808 [mailto:akuster808@gmail.com]
> Sent: Saturday, January 27, 2018 4:48 PM
> To: Richard Purdie <richard.purdie@linuxfoundation.org>; Manjukumar Harthikote
> Matha <MANJUKUM@xilinx.com>; openembedded-core <openembedded-
> core@lists.openembedded.org>
> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
>
>
>
> On 01/27/2018 03:06 PM, Richard Purdie wrote:
> > On Sat, 2018-01-27 at 16:59 +0000, Manjukumar Harthikote Matha wrote:
> >> -----Original Message-----
> >>> From: openembedded-core-bounces@lists.openembedded.org
> >>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf
> >>> Of Richard Purdie
> >>> Sent: Saturday, January 27, 2018 8:36 AM
> >>> To: openembedded-core <openembedded-core@lists.openembedded.org>
> >>> Subject: Re: [OE-core] Yocto Project, Spectre and Meltdown
> >>>
> >>> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
> >>>> I just wanted to give people an update on where the project stands
> >>>> with these issues.
> >>> Master now contains gcc and kernel fixes (in linux-yocto). meta-
> >>> yocto- bsp updates
> >>> are still pending.
> >>>
> >>> rocko-next also has those fixes and is undergoing testing which if
> >>> it passes, will get pushed to rocko.
> >>>
> >> I see that rocko-next branch is upgrading the GCC version to 7.3 from
> >> 7.2 , is there a reason to do so?
> >> I was under the impression that we would backport the security fixes
> >> to 7.2 version.
> > As Khem replied, this is the stable gcc series and gcc remapped their
> > versioning scheme a while back to mean that 7.3 is a point release of
> > the 7 series.
> >
> > I'm of the view that the gcc team know a lot more about which patches
> > should be backported to a stable series and have a better skillset and
> > knowledge base to know how to apply patches onto the older versions
> > than we do. As such I believe that 7.3 is the right approach for rocko.
>
> Agreed.
I thought it is a big upgrade in subsequent upgrade, hence my question.
>
> >
> > Do you have a reason to believe we should do something else?
We have released a rocko based distribution, my fear of changing 7.2->7.3 in subsequent upgrade cycle might result in quite some extensive testing across all product ranges and application development of top. This might result in quite some churn, hence the question.
Thanks,
Manju
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-01-27 16:35 ` Richard Purdie
2018-01-27 16:59 ` Manjukumar Harthikote Matha
@ 2018-02-07 12:17 ` Alexander Kanavin
2018-02-07 18:04 ` Fathi Boudra
1 sibling, 1 reply; 9+ messages in thread
From: Alexander Kanavin @ 2018-02-07 12:17 UTC (permalink / raw)
To: Richard Purdie, openembedded-core, Paul Eggleton
On 01/27/2018 06:35 PM, Richard Purdie wrote:
> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
>> I just wanted to give people an update on where the project stands
>> with these issues.
>
> Master now contains gcc and kernel fixes (in linux-yocto). meta-yocto-
> bsp updates are still pending.
>
> rocko-next also has those fixes and is undergoing testing which if it
> passes, will get pushed to rocko.
A quick way to check what degree of protection there is on a system is
to look at what is in /sys/devices/system/cpu/vulnerabilities:
ak@linux-f9zs:/sys/devices/system/cpu/vulnerabilities> ls
meltdown spectre_v1 spectre_v2
ak@linux-f9zs:/sys/devices/system/cpu/vulnerabilities> cat spectre_v1
spectre_v2 meltdown
Vulnerable
Mitigation: Full generic retpoline
Mitigation: PTI
Of course, outdated, unprotected kernels do not have this directory at all.
Paul, perhaps this could go to release notes?
Alex
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Yocto Project, Spectre and Meltdown
2018-02-07 12:17 ` Alexander Kanavin
@ 2018-02-07 18:04 ` Fathi Boudra
0 siblings, 0 replies; 9+ messages in thread
From: Fathi Boudra @ 2018-02-07 18:04 UTC (permalink / raw)
To: Alexander Kanavin; +Cc: Paul Eggleton, openembedded-core
On 7 February 2018 at 14:17, Alexander Kanavin
<alexander.kanavin@linux.intel.com> wrote:
> On 01/27/2018 06:35 PM, Richard Purdie wrote:
>>
>> On Tue, 2018-01-16 at 11:38 +0000, Richard Purdie wrote:
>>>
>>> I just wanted to give people an update on where the project stands
>>> with these issues.
>>
>>
>> Master now contains gcc and kernel fixes (in linux-yocto). meta-yocto-
>> bsp updates are still pending.
>>
>> rocko-next also has those fixes and is undergoing testing which if it
>> passes, will get pushed to rocko.
>
>
> A quick way to check what degree of protection there is on a system is to
> look at what is in /sys/devices/system/cpu/vulnerabilities:
>
> ak@linux-f9zs:/sys/devices/system/cpu/vulnerabilities> ls
> meltdown spectre_v1 spectre_v2
>
> ak@linux-f9zs:/sys/devices/system/cpu/vulnerabilities> cat spectre_v1
> spectre_v2 meltdown
> Vulnerable
> Mitigation: Full generic retpoline
> Mitigation: PTI
>
> Of course, outdated, unprotected kernels do not have this directory at all.
>
>
> Paul, perhaps this could go to release notes?
It might be of interest to some since it's shipped by some distro:
https://github.com/speed47/spectre-meltdown-checker
>
> Alex
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2018-02-07 18:04 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-16 11:38 Yocto Project, Spectre and Meltdown Richard Purdie
2018-01-27 16:35 ` Richard Purdie
2018-01-27 16:59 ` Manjukumar Harthikote Matha
2018-01-27 21:34 ` Khem Raj
2018-01-27 23:06 ` Richard Purdie
2018-01-28 0:48 ` akuster808
2018-01-28 17:59 ` Manjukumar Harthikote Matha
2018-02-07 12:17 ` Alexander Kanavin
2018-02-07 18:04 ` Fathi Boudra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox