• how many kernels must a penguin compile before they call it stable?

    From Maurice Kinal@2:280/464.113 to Benny Pedersen on Tuesday, July 04, 2023 22:41:59
    Hey Benny!

    :r /proc/version
    Linux version 6.4.1 (root@itsii) (gcc (GCC) 13.1.0, GNU ld (GNU Binutils) 2.40) #1 SMP PREEMPT_DYNAMIC Tue Jul 4 06:18:18 UTC 2023

    :r !lscpu
    Architecture: x86_64
    CPU op-mode(s): 32-bit, 64-bit
    Address sizes: 39 bits physical, 48 bits virtual
    Byte Order: Little Endian
    CPU(s): 4
    On-line CPU(s) list: 0-3
    Vendor ID: GenuineIntel
    Model name: Intel(R) Celeron(R) CPU N3450 @ 1.10GHz
    CPU family: 6
    Model: 92
    Thread(s) per core: 1
    Core(s) per socket: 4
    Socket(s): 1
    Stepping: 9
    CPU(s) scaling MHz: 68%
    CPU max MHz: 2200.0000
    CPU min MHz: 800.0000
    BogoMIPS: 2188.80
    Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts vnmi md_clear arch_capabilities
    Virtualization: VT-x
    L1d cache: 96 KiB (4 instances)
    L1i cache: 128 KiB (4 instances)
    L2 cache: 2 MiB (2 instances)
    NUMA node(s): 1
    NUMA node0 CPU(s): 0-3
    Vulnerability Itlb multihit: Not affected
    Vulnerability L1tf: Not affected
    Vulnerability Mds: Not affected
    Vulnerability Meltdown: Not affected
    Vulnerability Mmio stale data: Not affected
    Vulnerability Retbleed: Not affected
    Vulnerability Spec store bypass: Not affected
    Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
    Vulnerability Spectre v2: Mitigation; Retpolines, IBPB conditional, IBRS_FW, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
    Vulnerability Srbds: Not affected
    Vulnerability Tsx async abort: Not affected

    Life is good,
    Maurice

    o- -o -o o-
    /) (\ (\ /)
    ^^ ^^ ^^ ^^
    ... Wærwyrde sceal wisfæst hæle, breostum hycgan.
    Wary with words, a wise man should meditate in his heart.
    --- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
    * Origin: Little Mikey's EuroPoint @ (2:280/464.113)
  • From Benny Pedersen@2:230/0 to Maurice Kinal on Wednesday, July 26, 2023 00:15:42
    Hello Maurice!

    04 Jul 2023 22:41, Maurice Kinal wrote to Benny Pedersen:

    Hey Benny!

    :r /proc/version
    Linux version 6.4.1 (root@itsii) (gcc (GCC) 13.1.0, GNU ld (GNU
    Binutils) 2.40) #1 SMP PREEMPT_DYNAMIC Tue Jul 4 06:18:18 UTC 2023

    now i have 6.4.6 with have zenblead fixes

    keep away from zen2 hardware is safe on its own



    Regards Benny

    ... too late to die young :)

    --- Msged/LNX 6.1.2 (Linux/6.4.6-gentoo-dist (x86_64))
    * Origin: gopher://fido.junc.eu/ (2:230/0)
  • From Maurice Kinal@1:153/7001.2989 to Benny Pedersen on Wednesday, July 26, 2023 03:12:27
    Hey Benny!

    now i have 6.4.6 with have zenblead fixes

    Which zenblead fixes? I just booted it up on this machine earlier today but see little to no difference.

    keep away from zen2 hardware is safe on its own

    I am not convinced but it isn't like I can cite any unsafe behavior so far. This machine is deploying a AMD Ryzen 7 5800U which if I am not mistaken is a zen3. The Europoint is on a zen1 (AMD Ryzen Embedded R1505G). I also have a zen2 but it is an Epyc and isn't part of the fidonet mix. I am using it solely for R&D.

    As for the www it is even more fsck'ed than it ever was. No surprises there. I note many a site that won't support my webbrowser anymore and it was probably the safest any browser ever is/was. Very sad although I never really cared for the www so I wan't be missing it. How about you?

    Life is good,
    Maurice

    o- o- -o o- -o o- o- o- o- -o o- -o o- o- -o -o /) /) (\ /) (\ /) /) /) /) (\ /) (\ /) /) (\ (\ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ... Fidonet 4K - You load sixteen penguins and what do you get?
    --- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
    * Origin: One of us @ (1:153/7001.2989)
  • From Benny Pedersen@2:230/0 to Maurice Kinal on Wednesday, July 26, 2023 07:45:42
    Hello Maurice!

    26 Jul 2023 03:12, Maurice Kinal wrote to Benny Pedersen:

    Which zenblead fixes?

    why do you ask me ? :=)

    I just booted it up on this machine earlier
    today but see little to no difference.

    then you possible are fine with zen3 or zen4 with dont have this bugs to be solved in ucode

    keep away from zen2 hardware is safe on its own

    I am not convinced but it isn't like I can cite any unsafe behavior so far. This machine is deploying a AMD Ryzen 7 5800U which if I am not mistaken is a zen3. The Europoint is on a zen1 (AMD Ryzen Embedded R1505G). I also have a zen2 but it is an Epyc and isn't part of the fidonet mix. I am using it solely for R&D.

    does it say epyc in uname -a ? :)

    there exists zenbleed tarball that have tools to test if something is missing in ucode, i dont know if the ucode is part of kernel, but imho only 6.4.6 have zenbleed fix, not currently older kernels

    i still don't have any epyc cpu, so i am happy :=)

    As for the www it is even more fsck'ed than it ever was. No surprises there. I note many a site that won't support my webbrowser anymore
    and it was probably the safest any browser ever is/was. Very sad although I never really cared for the www so I wan't be missing it.
    How about you?

    gopher is not well designed for roundcube webmail, lol :)

    i dont know if there exists webmail based on gopher protocol, i will let it be upto the reader to find why it does not work

    sadly dovecot have planed to support jmap, but so far only cyrus-imapd have it, on the other hand cyrus-imapd miss support for weakforced, it complicated for secureity, i could just make reject rules in iptables change to accept for a limited ip ranges where i have users, it would be rock solid, firewalls should be static rule set, not dynamic, and this is why i think fail2ban is designed for the incorrect problem


    Regards Benny

    ... too late to die young :)

    --- Msged/LNX 6.1.2 (Linux/6.4.6-gentoo-dist (x86_64))
    * Origin: gopher://fido.junc.eu/ (2:230/0)
  • From Maurice Kinal@1:153/7001.53423 to Benny Pedersen on Wednesday, July 26, 2023 16:17:17
    Hey Benny!

    does it say epyc in uname -a ?

    Nope. All kernels are reporting x86_64 which from the kernel's point of view is correct for all despite the differences. As far as zen3/zen2 goes, I see very little difference other than speed.

    i still don't have any epyc cpu, so i am happy :=)

    :r !lscpu
    Architecture: x86_64
    CPU op-mode(s): 32-bit, 64-bit
    Address sizes: 48 bits physical, 48 bits virtual
    Byte Order: Little Endian
    CPU(s): 16
    On-line CPU(s) list: 0-15
    Vendor ID: AuthenticAMD
    Model name: AMD EPYC 3251 8-Core Processor
    CPU family: 23
    Model: 1
    Thread(s) per core: 2
    Core(s) per socket: 8
    Socket(s): 1
    Stepping: 2
    Frequency boost: enabled
    CPU(s) scaling MHz: 48%
    CPU max MHz: 2500.0000
    CPU min MHz: 1200.0000
    BogoMIPS: 5000.05
    Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate ssbd ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
    Virtualization: AMD-V
    L1d cache: 256 KiB (8 instances)
    L1i cache: 512 KiB (8 instances)
    L2 cache: 4 MiB (8 instances)
    L3 cache: 16 MiB (2 instances)
    NUMA node(s): 1
    NUMA node0 CPU(s): 0-15
    Vulnerability Itlb multihit: Not affected
    Vulnerability L1tf: Not affected
    Vulnerability Mds: Not affected
    Vulnerability Meltdown: Not affected
    Vulnerability Mmio stale data: Not affected
    Vulnerability Retbleed: Mitigation; untrained return thunk; SMT vulnerable
    Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
    Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
    Vulnerability Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
    Vulnerability Srbds: Not affected
    Vulnerability Tsx async abort: Not affected

    The above is a zen2 processor. Also ecc ddr4 at it's disposal which is very nice. Also, also a samsung nvme (default boot disk) which so far has been the best when compared to other brands. Also, also, also four hotswappable sata drives.

    Life is good,
    Maurice

    -o o- o- -o o- o- -o -o o- -o o- o- -o o- -o -o
    (\ /) /) (\ /) /) (\ (\ /) (\ /) /) (\ /) (\ (\
    ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ... Fidonet Unplugged - One in a million.
    --- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
    * Origin: One of us @ (1:153/7001.53423)
  • From Maurice Kinal@1:153/7001.2989 to Benny Pedersen on Friday, July 28, 2023 21:54:58
    Hey Benny!

    why do you ask me ? :=)

    You're the one that brought it up. Anyhow here is what I've figured out so far as zenbleed relates to the local scene.

    ----- From https://www.xda-developers.com/zenbleed/
    Here's a table that should make it all clear:

    ┌─────────────────┬────────────────────────────────────┐
    │ │Impacted CPUs │ ├─────────────────┼────────────────────────────────────┤
    │Ryzen 3000 Series│All except APUs (e.g. Ryzen 3 3200G)│ ├─────────────────┼────────────────────────────────────┤
    │Epyc Rome │All │ ├─────────────────┼────────────────────────────────────┤
    │Ryzen 4000 Series│All │ ├─────────────────┼────────────────────────────────────┤
    │Ryzen 5000 Series│Only the 5300U, 5500U, and 5700U │ ├─────────────────┼────────────────────────────────────┤
    │Ryzen 7000 Series│Only 7020 APUs (e.g. Ryzen 3 7320U) │ └─────────────────┴────────────────────────────────────┘
    -----

    Note that "AMD Ryzen 7 5800U with Radeon Graphics", which is a zen3 appears to be safe from this particular cpu exploit. Also the "AMD Ryzen Embedded R1505G", which runs EuroPoint, is a zen1 and thus not affected by this particular exploit. However according to lscpu these are the exploits that do exist on that cpu;

    Vulnerabilities:
    Itlb multihit: Not affected
    L1tf: Not affected
    Mds: Not affected
    Meltdown: Not affected
    Mmio stale data: Not affected
    Retbleed: Mitigation; untrained return thunk; SMT vulnerable
    Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
    Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
    Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
    Srbds: Not affected
    Tsx async abort: Not affected

    Currently it appears that none of the deployed AMDs in this neck of the woods suffer from this particular exploit (zenbleed) ... :::knocking on wood:::

    Life is good,
    Maurice

    -o o- o- -o -o -o o- -o -o o- o- o- -o -o -o -o
    (\ /) /) (\ (\ (\ /) (\ (\ /) /) /) (\ (\ (\ (\
    ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ... Fidonet 4K - You load sixteen penguins and what do you get?
    --- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
    * Origin: One of us @ (1:153/7001.2989)