On 10/7/23 12:13, Valmor F. de Almeida wrote:
>
> On 10/7/23 08:09, Peter Böhm wrote:
>> Am Samstag, 7. Oktober 2023, 08:28:01 CEST schrieb Valmor de Almeida:
>>
[snip]
>> For me the following questions would arise:
>>
>> a) How did you install the kernel 6.1.41 ? (genkernel; dist-kernel;
>> manual
>> approach)
Sorry I described the install for the 6.1.53-gentoo-r1 kernel. The
install for 6.1.41 was similar but I used the config file from the
earlier kernel which is 6.1.38 to start make oldconfig.
--
Valmor
>
> manual:
> 1) portage sync
> 2) make oldconfig in the new kernel directory for linux-6.1.53-gentoo-r1
>
> • Mitigations for speculative execution vulnerabilities
> *
> Mitigations for speculative execution vulnerabilities
> (SPECULATION_MITIGATIONS) [Y/n/?] y
> Remove the kernel mapping in user mode (PAGE_TABLE_ISOLATION) [Y/n/?] y
> Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] y
> Enable return-thunks (RETHUNK) [Y/n/?] y
> Enable UNRET on kernel entry (CPU_UNRET_ENTRY) [Y/n/?] y
> Enable IBPB on kernel entry (CPU_IBPB_ENTRY) [Y/n/?] y
> Enable IBRS on kernel entry (CPU_IBRS_ENTRY) [Y/n/?] y
>
> Up to here default is picked automatically; I don't have a choice.
> Next, I have tried with and without accepting the NEW features.
>
> Mitigate speculative RAS overflow on AMD (CPU_SRSO) [Y/n/?] (NEW)
> Mitigate Straight-Line-Speculation (SLS) [N/y/?] n
> Force GDS Mitigation (GDS_FORCE_MITIGATION) [N/y/?] (NEW)
>
> 3) make menuconfig
> 4) make && make modules_install
> 5) make install
> 6) grub-mkconfig -o /boot/grub/grub.cfg
> 7) reboot
>
>> b) Did you make any kernel configuration changes in your 6.1.41 ?
> no; I use what is in /boot
>
> -> ls /boot/
> config-6.1.41-gentoo grub/ System.map-6.1.41-gentoo
> vmlinuz-6.1.41-gentoo
> config-6.1.53-gentoo-r1 lost+found/ System.map-6.1.53-gentoo-r1
> vmlinuz-6.1.53-gentoo-r1
>
>> c) Do you use a bootmanager ? (which ?; grub, refind ?)
>
> I use grub-2
>
> * sys-boot/grub
> Latest version available: 2.06-r9
> Latest version installed: 2.06-r9
>
>
>> d) How did you update to 6.1.53 ? (every step)
>
> -> revdep-rebuild --ignore
> -> emerge --depclean
> -> eclean distfiles
> -> eclean packages
> -> emerge @preserved-rebuild
> -> emerge --sync
> -> etc-update
> -> env-update
> (run a script to source profile)
> -> emerge -vp --update --newuse --deep --tree --with-bdeps=y @world
> check conflicts etc., fetch files, then run without -vp
>
>>
>> To better understand your system, I would look at the output of
>> "parted -l" (complete),
>> "dmesg" (complete),
>> "lspci -k" and
>> "emerge --info"
>> (after you have booted 6.1.41).
>>
>> To clarify all this here via the mailing list might be difficult;
>> therefore I
>> would suggest to create a thread in our Gentoo support forum:
>
> I will give it shot.
>
>>
>> https://forums.gentoo.org/
>>
>> (I am there also; but we have also a lot of great experts there)
>>
>> If you create a thread in our forum, then please use wgetpaste for big
>> files:
>> https://wiki.gentoo.org/wiki/Wgetpaste
>>
>> Greetings,
>> Peter
>>
>
> Thanks,
> --
> Valmor
>
> On 10/7/23 08:09, Peter Böhm wrote:
>> Am Samstag, 7. Oktober 2023, 08:28:01 CEST schrieb Valmor de Almeida:
>>
[snip]
>> For me the following questions would arise:
>>
>> a) How did you install the kernel 6.1.41 ? (genkernel; dist-kernel;
>> manual
>> approach)
Sorry I described the install for the 6.1.53-gentoo-r1 kernel. The
install for 6.1.41 was similar but I used the config file from the
earlier kernel which is 6.1.38 to start make oldconfig.
--
Valmor
>
> manual:
> 1) portage sync
> 2) make oldconfig in the new kernel directory for linux-6.1.53-gentoo-r1
>
> • Mitigations for speculative execution vulnerabilities
> *
> Mitigations for speculative execution vulnerabilities
> (SPECULATION_MITIGATIONS) [Y/n/?] y
> Remove the kernel mapping in user mode (PAGE_TABLE_ISOLATION) [Y/n/?] y
> Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] y
> Enable return-thunks (RETHUNK) [Y/n/?] y
> Enable UNRET on kernel entry (CPU_UNRET_ENTRY) [Y/n/?] y
> Enable IBPB on kernel entry (CPU_IBPB_ENTRY) [Y/n/?] y
> Enable IBRS on kernel entry (CPU_IBRS_ENTRY) [Y/n/?] y
>
> Up to here default is picked automatically; I don't have a choice.
> Next, I have tried with and without accepting the NEW features.
>
> Mitigate speculative RAS overflow on AMD (CPU_SRSO) [Y/n/?] (NEW)
> Mitigate Straight-Line-Speculation (SLS) [N/y/?] n
> Force GDS Mitigation (GDS_FORCE_MITIGATION) [N/y/?] (NEW)
>
> 3) make menuconfig
> 4) make && make modules_install
> 5) make install
> 6) grub-mkconfig -o /boot/grub/grub.cfg
> 7) reboot
>
>> b) Did you make any kernel configuration changes in your 6.1.41 ?
> no; I use what is in /boot
>
> -> ls /boot/
> config-6.1.41-gentoo grub/ System.map-6.1.41-gentoo
> vmlinuz-6.1.41-gentoo
> config-6.1.53-gentoo-r1 lost+found/ System.map-6.1.53-gentoo-r1
> vmlinuz-6.1.53-gentoo-r1
>
>> c) Do you use a bootmanager ? (which ?; grub, refind ?)
>
> I use grub-2
>
> * sys-boot/grub
> Latest version available: 2.06-r9
> Latest version installed: 2.06-r9
>
>
>> d) How did you update to 6.1.53 ? (every step)
>
> -> revdep-rebuild --ignore
> -> emerge --depclean
> -> eclean distfiles
> -> eclean packages
> -> emerge @preserved-rebuild
> -> emerge --sync
> -> etc-update
> -> env-update
> (run a script to source profile)
> -> emerge -vp --update --newuse --deep --tree --with-bdeps=y @world
> check conflicts etc., fetch files, then run without -vp
>
>>
>> To better understand your system, I would look at the output of
>> "parted -l" (complete),
>> "dmesg" (complete),
>> "lspci -k" and
>> "emerge --info"
>> (after you have booted 6.1.41).
>>
>> To clarify all this here via the mailing list might be difficult;
>> therefore I
>> would suggest to create a thread in our Gentoo support forum:
>
> I will give it shot.
>
>>
>> https://forums.gentoo.org/
>>
>> (I am there also; but we have also a lot of great experts there)
>>
>> If you create a thread in our forum, then please use wgetpaste for big
>> files:
>> https://wiki.gentoo.org/wiki/Wgetpaste
>>
>> Greetings,
>> Peter
>>
>
> Thanks,
> --
> Valmor