Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

  1. #1

    Exclamation Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    With previous kernel I get:

    Code:
    [~]: cat /sys/devices/system/cpu/vulnerabilities/*
    Mitigation: PTI
    Mitigation: Barriers
    Mitigation: Full generic retpoline + IBPB
    [~]: 
    [~]: dmesg | grep -i spectre
    [    0.018786] Spectre V2 mitigation: Mitigation: Full generic retpoline
    [    0.018787] Spectre V2 mitigation: Retpolines enabled, force-disabling IBRS due to !SKL-era core
    [~]: uname -a
    Linux i7 4.4.114-42-default #1 SMP Tue Feb 6 10:58:10 UTC 2018 (b6ee9ae) x86_64 x86_64 x86_64 GNU/Linux
    After running 'zypper up' which updated to kernel 4.4.120-45.1 and rebooting I get:

    Code:
    [~]: dmesg
    ...
    [    1.717166] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  390.42  Sat Mar  3 04:10:22 PST 2018 (using threaded interrupts)
    [    1.719392] Spectre V2 : System may be vulnerable to spectre v2
    [    1.719397] nvidia_uvm: loading module not compiled with retpoline compiler.
    [    1.722085] nvidia-uvm: Loaded the UVM driver in 8 mode, major device number 248
    [    1.751061] Spectre V2 : System may be vulnerable to spectre v2
    [    1.751063] nvidia_modeset: loading module not compiled with retpoline compiler.
    [    1.751867] nvidia-modeset: Loading NVIDIA Kernel Mode Setting Driver for UNIX platforms  390.42  Sat Mar  3 03:30:48 PST 2018
    [    1.752014] Spectre V2 : System may be vulnerable to spectre v2
    [    1.752015] nvidia_drm: loading module not compiled with retpoline compiler.
    [    1.752725] [drm] [nvidia-drm] [GPU ID 0x00000100] Loading driver
    ...
    [    0.018769] Spectre V2 : Mitigation: Full generic retpoline
    [    0.018770] Spectre V2 : Retpolines enabled, force-disabling IBRS due to !SKL-era core
    ...
    
    [~]: cat /sys/devices/system/cpu/vulnerabilities/*
    Mitigation: PTI
    Mitigation: __user pointer sanitization
    Mitigation: Full generic retpoline + IBPB - vulnerable module loaded
    Not sure what the implications of that may be but just wanted to share it.

  2. #2

    Exclamation Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Same happened to my system after updating to 4.4.120-45 today (22nd March). Could anyone please confirm if this is a serious warning and if the mitigations are properly working after the kernel update? What does "vulnerable module loaded" exactly means? Thanks in advance.

  3. #3
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    1,963

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Mine, with no proprietary software, is a bit different:
    Code:
    # cat /sys/devices/system/cpu/vulnerabilities/*
    Mitigation: PTI
    Mitigation: __user pointer sanitization
    Mitigation: Full generic retpoline - vulnerable module loaded
    
    # dmesg | grep -i spectre
    [    0.000000] Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL
    [    0.035111] Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL
    [    0.036072] Spectre V2 : Mitigation: Full generic retpoline
    [    0.036074] Spectre V2 : Filling RSB on context switch
    [    0.103212] Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL
    [    0.106461] Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL
    [    0.109710] Intel Spectre v2 broken microcode detected; disabling SPEC_CTRL
    [    1.106289] Spectre V2 : System may be vulnerable to spectre v2
    [    1.110066] Spectre V2 : System may be vulnerable to spectre v2
    [    1.113143] Spectre V2 : System may be vulnerable to spectre v2
    
    # uname -a
    Linux gb250 4.4.120-45-default #1 SMP Wed Mar 14 20:51:49 UTC 2018 (623211f) x86_64 x86_64 x86_64 GNU/Linux

  4. #4
    Join Date
    Mar 2011
    Location
    Sauerland
    Posts
    4,145

    Default AW: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Please post:
    Code:
    zypper se -s ucode

  5. #5
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    1,963

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Code:
    S  | Name             | Type       | Version                        | Arch   | Repository
    ---+------------------+------------+--------------------------------+--------+-----------
       | iucode-tool      | package    | 2.1.2-1.1                      | x86_64 | OSS
       | ucode-amd        | package    | 20170530-17.1                  | noarch | Update
       | ucode-amd        | package    | 20170530-14.1                  | noarch | Update
       | ucode-amd        | package    | 20170530-11.1                  | noarch | Update
       | ucode-amd        | package    | 20170530-9.1                   | noarch | OSS
    i+ | ucode-intel      | package    | 20180312-22.1                  | x86_64 | Update
    v  | ucode-intel      | package    | 20180108.revertto20170707-19.1 | x86_64 | Update
    v  | ucode-intel      | package    | 20170707-10.1                  | x86_64 | Update
    v  | ucode-intel      | package    | 20170511-8.1                   | x86_64 | OSS
       | ucode-intel      | srcpackage | 20180312-22.1                  | noarch | Update
       | ucode-intel      | srcpackage | 20180108.revertto20170707-19.1 | noarch | Update
       | ucode-intel      | srcpackage | 20170707-10.1                  | noarch | Update
       | ucode-intel-blob | package    | 20180312-22.1                  | x86_64 | Update
       | ucode-intel-blob | package    | 20180108.revertto20170707-19.1 | x86_64 | Update
       | ucode-intel-blob | package    | 20170707-10.1                  | x86_64 | Update
       | ucode-intel-blob | package    | 20170511-8.1                   | x86_64 | OSS
    The installed 2018 version is apparently because I had installed a TW 4.15 kernel and a 15.0b 4.12 kernel for troubleshooting kernel disengaging NUMLOCK at every opportunity (works as expected with newer kernels).

  6. #6

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    after reading https://www.suse.com/support/kb/doc/?id=7022512 tried to add kernel_parameter spectre_v2=on and retpoline but didnt work. It looks like ucode is broken and we have to wait for update

  7. #7
    Join Date
    Sep 2012
    Posts
    5,315

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Quote Originally Posted by heyjoe View Post
    Code:
    [    1.717166] NVRM: loading NVIDIA UNIX x86_64 Kernel Module  390.42  Sat Mar  3 04:10:22 PST 2018 (using threaded interrupts)
    ...
    
    [~]: cat /sys/devices/system/cpu/vulnerabilities/*
    ...
    Mitigation: Full generic retpoline + IBPB - vulnerable module loaded
    There is no generic fix for Spectre - each affected code must be changed to use some mitigation technique provided. What it tells you that you loaded module that was not compiled to use mitigation available (or at least does not tell that it was compiled with it). So this module may be vulnerable. I won't claim it is nVidia but it most likely is the module that it complains about.

  8. #8
    Join Date
    Dec 2008
    Location
    USA
    Posts
    22

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    I applied the kernel update yesterday and also get the aforementioned Spectre V2 warnings on boot.

    Some data:

    uname -a
    Linux linux-3wjh.site 4.4.120-45-default #1 SMP Wed Mar 14 20:51:49 UTC 2018 (623211f) x86_64 x86_64 x86_64 GNU/Linux

    zypper se -s ucode
    Loading repository data...
    Reading installed packages...


    S | Name | Type | Version | Arch | Repository
    ---+------------------+------------+--------------------------------+--------+-----------------------
    | iucode-tool | package | 2.1.2-1.1 | x86_64 | Main Repository (OSS)
    i+ | ucode-amd | package | 20170530-17.1 | noarch | Main Update Repository
    v | ucode-amd | package | 20170530-14.1 | noarch | Main Update Repository
    v | ucode-amd | package | 20170530-11.1 | noarch | Main Update Repository
    v | ucode-amd | package | 20170530-9.1 | noarch | Main Repository (OSS)
    i | ucode-intel | package | 20180312-22.1 | x86_64 | Main Update Repository
    v | ucode-intel | package | 20180108.revertto20170707-19.1 | x86_64 | Main Update Repository
    v | ucode-intel | package | 20170707-10.1 | x86_64 | Main Update Repository
    v | ucode-intel | package | 20170511-8.1 | x86_64 | Main Repository (OSS)
    | ucode-intel | srcpackage | 20180312-22.1 | noarch | Main Update Repository
    | ucode-intel | srcpackage | 20180108.revertto20170707-19.1 | noarch | Main Update Repository
    | ucode-intel | srcpackage | 20170707-10.1 | noarch | Main Update Repository
    | ucode-intel-blob | package | 20180312-22.1 | x86_64 | Main Update Repository
    | ucode-intel-blob | package | 20180108.revertto20170707-19.1 | x86_64 | Main Update Repository
    | ucode-intel-blob | package | 20170707-10.1 | x86_64 | Main Update Repository
    | ucode-intel-blob | package | 20170511-8.1 | x86_64 | Main Repository (OSS)

    cat /sys/devices/system/cpu/vulnerabilities/*
    Mitigation: PTI
    Mitigation: __user pointer sanitization
    Mitigation: Full generic retpoline - vulnerable module loaded

  9. #9

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    I got some feedback from bugzilla:

    https://bugzilla.suse.com/show_bug.cgi?id=1068032#c232

    It has been confirmed that it is just a warning and a rebuild of NVIDIA KMP is necessary.

  10. #10

    Default Re: Updating to kernel 4.4.120-45.1 leads to "System may be vulnerable to spectre v2"

    Forcefully updating the NVIDIA driver from YaST and rebooting removed the warnings:
    Code:
    [~]: cat /sys/devices/system/cpu/vulnerabilities/*
    Mitigation: PTI
    Mitigation: __user pointer sanitization
    Mitigation: Full generic retpoline + IBPB
    [~]: dmesg | grep -i spectre
    [    0.018765] Spectre V2 : Mitigation: Full generic retpoline
    [    0.018765] Spectre V2 : Retpolines enabled, force-disabling IBRS due to !SKL-era core
    [~]: cat /sys/devices/system/cpu/vulnerabilities/*
    Mitigation: PTI
    Mitigation: __user pointer sanitization
    Mitigation: Full generic retpoline + IBPB
    [~]:
    I suppose that has resulted in 'rebuild'.

Page 1 of 3 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •