Bug 30157

AMD x86_64 Plasma


TESTS
=====
```
browser: ok
tunderbird: ok
nextcloud-client: ok
sound: ok
webcam: ok
virtualbox: ok
solaar (logitech mouse and keboard): ok
Bluetooth: ok
boinc with openCL: ok
mock: ok
signal-desktop (Mageia package): ok
schildichat matrix client (Mageia package): ok
psensor / sensors-detect: ok  (GPU fan speed still off but not worse, not better)
libreoffice with openCL: ok
```

INSTALLATION
============
```
Via QArepo and urpmi --auto-update. No issues.

Pour satisfaire les dépendances, les paquetages suivants vont être installés :
  Paquetage                      Version      Révision      Arch    
(média « QA Testing (64-bit) »)
  cpupower                       5.15.28      1.mga8        x86_64  
  kernel-desktop-5.15.28-1.mga8  1            1.mga8        x86_64  
  kernel-desktop-latest          5.15.28      1.mga8        x86_64  
  kernel-userspace-headers       5.15.28      1.mga8        x86_64  
  lib64bpf0                      5.15.28      1.mga8        x86_64  
  virtualbox-kernel-5.15.28-des> 6.1.32       1.8.mga8      x86_64  
  virtualbox-kernel-desktop-lat> 6.1.32       1.8.mga8      x86_64  
un espace additionnel de 77Mo sera utilisé.
70Mo de paquets seront récupérés.
```

SYSTEM CONFIGURATION
====================

```
System:    Host: cbct-desk Kernel: 5.15.28-desktop-1.mga8 x86_64 bits: 64 Desktop: KDE Plasma 5.20.4 Distro: Mageia 8 mga8 
Machine:   Type: Desktop System: ASUS product: N/A v: N/A serial: <superuser required> 
           Mobo: ASUSTeK model: TUF GAMING B550M-PLUS v: Rev X.0x serial: <superuser required> UEFI: American Megatrends 
           v: 2423 date: 08/10/2021 
CPU:       Info: 12-Core model: AMD Ryzen 9 5900X bits: 64 type: MT MCP L2 cache: 6 MiB 
           Speed: 2878 MHz min/max: 2200/3700 MHz Core speeds (MHz): 1: 2878 2: 3600 3: 4603 4: 3713 5: 2885 6: 3671 
           7: 3609 8: 3506 9: 3633 10: 2985 11: 4589 12: 4645 13: 3642 14: 4071 15: 4601 16: 3869 17: 3673 18: 3645 
           19: 3640 20: 2881 21: 3910 22: 4512 23: 4459 24: 3703 
Graphics:  Device-1: Advanced Micro Devices [AMD/ATI] Ellesmere [Radeon RX 470/480/570/570X/580/580X/590] driver: amdgpu 
           v: kernel 
           Display: x11 server: Mageia X.org 1.20.14 driver: amdgpu,v4l resolution: 2560x1440~60Hz 
           OpenGL: renderer: AMD Radeon RX 570 Series (POLARIS10 DRM 3.42.0 5.15.28-desktop-1.mga8 LLVM 11.0.1) 
           v: 4.6 Mesa 21.3.6 
Audio:     Device-1: AMD Ellesmere HDMI Audio [Radeon RX 470/480 / 570/580/590] driver: snd_hda_intel 
           Device-2: Advanced Micro Devices [AMD] Starship/Matisse HD Audio driver: snd_hda_intel 
           Device-3: Logitech HD Webcam C525 type: USB driver: snd-usb-audio,uvcvideo 
           Sound Server: ALSA v: k5.15.28-desktop-1.mga8 
Network:   Device-1: Realtek RTL8125 2.5GbE driver: r8169 
           IF: enp6s0 state: up speed: 1000 Mbps duplex: full mac: f0:2f:74:2e:5b:c5 
Drives:    Local Storage: total: 1.59 TiB used: 727.34 GiB (44.6%) 
           ID-1: /dev/nvme0n1 vendor: Seagate model: FireCuda 520 SSD ZP500GM30002 size: 465.76 GiB 
           ID-2: /dev/sda vendor: Western Digital model: WD10EZEX-00RKKA0 size: 931.51 GiB 
           ID-3: /dev/sdb vendor: Samsung model: SSD 850 EVO 250GB size: 232.89 GiB 
Partition: ID-1: / size: 83.17 GiB used: 39.34 GiB (47.3%) fs: ext4 dev: /dev/nvme0n1p2 
           ID-2: /home size: 369.45 GiB used: 168.03 GiB (45.5%) fs: ext4 dev: /dev/nvme0n1p4 
Swap:      ID-1: swap-1 type: file size: 16 GiB used: 0 KiB (0.0%) file: /swapfile 
           ID-2: swap-2 type: partition size: 3.91 GiB used: 0 KiB (0.0%) dev: /dev/nvme0n1p3 
Sensors:   System Temperatures: cpu: 38.0 C mobo: 34.0 C gpu: amdgpu temp: 45.0 C 
           Fan Speeds (RPM): fan-1: 1011 fan-2: 1017 fan-3: 0 fan-7: 817 gpu: amdgpu fan: 1773 
Info:      Processes: 438 Uptime: 11m Memory: 31.33 GiB used: 4.53 GiB (14.4%) Shell: Bash inxi: 3.2.0

openCL AMD by installing manually some files of amdgpu-pro-20.20-1089974-rhel-8.2
```

CC: (none) => chb0

OK here mga8-64, i7, nvidia-current

System was running backport kernel 5.16.12-1, also 5.15.25 installed OK

Disabled backports repo and downgraded 5.16.12-1 versions to 5.15.28-1:
$ sudo urpmi --downgrade cpupower kernel-userspace-headers lib64bpf0
 then
$ sudo urpmi --downgrade kernel-desktop kernel-desktop-devel
 and when asked, choose 5.15.28-1 versions. And then:
$ sudo urpmi virtualbox-kernel-5.15.28-desktop-1.mga8

-reboot-

$ uname -a
Linux svarten.tribun 5.15.28-desktop-1.mga8 #1 SMP Fri Mar 11 15:54:53 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

$ dkms status - say nvidia and virtualbox modules are correct

BOINC detects CUDA and OpenCL

Hardware:
  My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display.  Disk&Filesystem: SSD with /boot/EFI and ext4 /boot, LUKS{LVM {swap, ext4 /home & / } and a spinner at /mnt/spinner


Tested:

Plasma desktop; using Thunderbird, LibreOffice, Ktorrent, Nextcloud client, Syncthing, Firefox ESR with video, flatpak Firefox, java program FriBOK, ... 

 VirtualBox tests OK: 

a) Guest: my usual MSW7pro-64, tests OK: bidirectional clipboard, shared folders write protected and not, USB2 memory stick read&write (using upstream extension pack), drag file from Dolphin to Windows Explorer, video playing in Firefox and Chrome.

b) Guest: Mageia 8 -64 LXDE: booted before and after kernel update update in guest.  Test OK: Window resizing, bidirectional clipboard, host file sharing, internet, USB flashstick.

c) Guest: BOINC Rosetta Python Projects (four instances running while all other tests in this comment was performed)

CC: (none) => fri

i5-2500, Intel graphics,wired Internet, rtl8192eu wifi, mga8-64 Plasma system using the server kernel.

No installation issues. Vbox and rtl8192eu modules appeared to build and install without incident. After reboot, I was able to establish a connection with the wifi device, using it now. Tried a mga8-64 Plasma guest in Vbox that had not been run in a while, got over 100 updates, rebooted, all without incident. Firefox and Libreoffice Calc are OK.

Looks good on this system.

CC: (none) => andrewsfarm

MGA8-64, AMD x3-450, Nvidia 730gt (Nvidia 390)

The following 6 packages are going to be installed:

- cpupower-5.15.28-1.mga8.x86_64
- kernel-desktop-5.15.28-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-5.15.28-1.mga8-1-1.mga8.x86_64
- kernel-desktop-devel-latest-5.15.28-1.mga8.x86_64
- kernel-desktop-latest-5.15.28-1.mga8.x86_64
- kernel-userspace-headers-5.15.28-1.mga8.x86_64


-- rebooted


# uname -a
Linux localhost.localdomain 5.15.28-desktop-1.mga8 #1 SMP Fri Mar 11 15:54:53 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux


# lsmod | grep nvidia
nvidia_uvm            933888  0
nvidia_drm             53248  1
drm_kms_helper        307200  1 nvidia_drm
nvidia_modeset       1060864  8 nvidia_drm
nvidia              15888384  307 nvidia_uvm,nvidia_modeset
ipmi_msghandler        69632  2 ipmi_devintf,nvidia
drm                   626688  4 drm_kms_helper,nvidia_drm


--

- firefox working
- audio working
- no graphics issues
- VLC works
- mousepad works
- libreoffice working

CC: (none) => brtians1

M8 x64 Plasma, i7-6700HQ, HD Graphics 530

No issues at all.

CC: (none) => mageia

10-Core Intel Core i9-7900X
NVIDIA GeForce GTX 1080 Ti

Installed everything except the kernel source packages.  Needed `drakboot --boot` to see the new entries in the grub menu.
Common applications working fine so far.

CC: (none) => tarazed25

No regressions on any of my systems or vb guests

CC: (none) => davidwhodgins

MGA 64 XFCE Core I3, 4Go RAM, Nvidia GEForce 520M Driver 390 and broadcom nonfree

Updated with QA Repo and rpms:

cpupower                       5.15.28      1.mga8        x86_64  
kernel-desktop-5.15.28-1.mga8  1            1.mga8        x86_64  
kernel-desktop-devel-5.15.28-> 1            1.mga8        x86_64  
kernel-desktop-devel-latest    5.15.28      1.mga8        x86_64  
kernel-desktop-latest          5.15.28      1.mga8        x86_64  
kernel-userspace-headers       5.15.28      1.mga8        x86_64  
lib64bpf0                      5.15.28      1.mga8        x86_64  
virtualbox-kernel-5.15.28-des> 6.1.32       1.8.mga8      x86_64  
virtualbox-kernel-desktop-lat> 6.1.32       1.8.mga8      x86_64

No issues after reboot:

Switching with mageia-prime OK
Internet browsing OK
Webcam OK
Sounds OK
Thunderbird OK

CC: (none) => guillaume.royer

Asus netbook, 64bit 
Celeron(R) N4000 
GeminiLake [UHD Graphics 600]


installed usual 4 for desktop-latest


---rebooted---

$ uname -a
Linux localhost.localdomain 5.15.28-desktop-1.mga8 #1 SMP Fri Mar 11 15:54:53 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux


browser working
wifi working
sound works
luks encryption working
suspend works.

Hi,

Updated in Vbox Mga x86_64, without issues.

Reboot ok.
Applications ok.
Wifi ok.
Sound ok.
Videos ok.

I'm working frome Vbox without problems.

Greetings!!

CC: (none) => joselp

Thanks for the tests, flushing out...

Advisory, added to svn:

type: security
subject: Updated kernel packages fix security vulnerabilities
CVE:
 - CVE-2022-0001
 - CVE-2022-0002
 - CVE-2022-23036
 - CVE-2022-23037
 - CVE-2022-23038
 - CVE-2022-23039
 - CVE-2022-23040
 - CVE-2022-23041
 - CVE-2022-23042
 - CVE-2022-23960
src:
  8:
   core:
     - kernel-5.15.28-1.mga8
     - kmod-virtualbox-6.1.32-1.8.mga8
     - kmod-xtables-addons-3.18-1.58.mga8
description: |
  This kernel update is based on upstream 5.15.28 and fixes at least the
  following security issues:

  Non-transparent sharing of branch predictor selectors between contexts
  in some Intel(R) Processors may allow an authorized user to potentially
  enable information disclosure via local access (CVE-2022-0001).

  Non-transparent sharing of branch predictor within a context in some
  Intel(R) Processors may allow an authorized user to potentially enable
  information disclosure via local access (CVE-2022-0002).

  Several Linux PV device frontends are using the grant table interfaces
  for removing access rights of the backends in ways being subject to
  race conditions, resulting in potential data leaks, data corruption
  by malicious backends, and denial of service triggered by malicious
  backends:

  blkfront, netfront, scsifront and the gntalloc driver are testing
  whether a grant reference is still in use. If this is not the case,
  they assume that a following removal of the granted access will always
  succeed, which is not true in case the backend has mapped the granted
  page between those two operations. As a result the backend can keep
  access to the memory page of the guest no matter how the page will be
  used after the frontend I/O has finished. The xenbus driver has a
  similar problem, as it doesn't check the success of removing the
  granted access of a shared ring buffer (blkfront: CVE-2022-23036,
  netfront: CVE-2022-23037, scsifront: CVE-2022-23038,
  gntalloc: CVE-2022-23039, xenbus: CVE-2022-23040)

  blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront,
  and pvcalls are using a functionality to delay freeing a grant reference
  until it is no longer in use, but the freeing of the related data page
  is not synchronized with dropping the granted access. As a result the
  backend can keep access to the memory page even after it has been freed
  and then re-used for a different purpose (CVE-2022-23041).

  netfront will fail a BUG_ON() assertion if it fails to revoke access in
  the rx path. This will result in a Denial of Service (DoS) situation of
  the guest which can be triggered by the backend (CVE-2022-23042).

  Certain Arm Cortex and Neoverse processors through 2022-03-08 do not
  properly restrict cache speculation, aka Spectre-BHB. An attacker can
  leverage the shared branch history in the Branch History Buffer (BHB)
  to influence mispredicted branches. Then, cache allocation can allow
  the attacker to obtain sensitive information (CVE-2022-23960).

  It was found that the default LFENCE-based Spectre v2 mitigation on
  AMD cpus is insufficient to mitigate such attacks. Becuse of that,
  the code have been switched to use generic retpolines on AMD cpus
  by default.

  For other upstream fixes, see the referenced changelogs.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30157
 - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html
 - https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb
 - https://seclists.org/oss-sec/2022/q1/173
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.26
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.27
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.28

Whiteboard: (none) => MGA8-64-OK, MGA8-32-OK
Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0100.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED