Forum Stats

  • 3,824,768 Users
  • 2,260,416 Discussions
  • 7,896,309 Comments

Discussions

UEK5 preview kernels are now available

WimCoekaerts-Oracle
WimCoekaerts-Oracle Member Posts: 73 Employee
edited Mar 3, 2018 12:41PM in Oracle Linux and UEK Preview

Let's kickstart a uek5 discussion here. This group's been stale and it's time to stir it up a bit

We just published an initial preview version of our next kernel-uek. This is based on upstream Linux 4.14 (latest stable -14). UEK4 is/was based on a 4.1 upstream Linux kernel.

If you want to try it out, you can just add the yum repo below on your  Oracle Linux 7-based system. If you don't have a quick OL7 environment, remember you can sign up for a free account on Oracle Cloud and quickly create an Oracle Linux 7 instance and do exactly the same.

There will be very regular updates of this preview kernel going forward so you can remain up to date with our development efforts. The source code is there as well and we are going to push the git repos onto github/oracle soon(ish).

All you have to do is add the following to your /etc/yum.repos.d/public-yum-ol7.repo file.

[ol7_developer_UEKR5] name=Oracle Linux $releasever UEK5 Development Packages ($basearch) baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_UEKR5/$basearch/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 

and then upgrade your kernel

# yum upgrade kernel-uek 

reboot and you are all set.

Note - pasted this from my blog (https://blogs.oracle.com/wim/oracle-linux-7-uek5-linux-kernel-414-sneak-preview )

I

user10174131remzi.akyuz

Comments

  • WimCoekaerts-Oracle
    WimCoekaerts-Oracle Member Posts: 73 Employee
    edited Feb 25, 2018 2:27PM

    Also, a good place to see what's new in this kernel since uek4, is going through http://kernelnewbies.org.

    For each kernel release they have a separate changelog URL with the highlights of changes. If you have some time, you can go through each revision there.

    eg:

    https://kernelnewbies.org/Linux_4.2

    and so on from _4.2 to _4.14.

    There are more changes in uek5 than just that changelog, when I find time, I will post a summary of new features but for now that's a good place to go look.

  • user10174131
    user10174131 Member Posts: 37 Blue Ribbon
    edited Mar 2, 2018 12:27PM

    This is so very close to perfection!

         Kernel is Linux 4.14.20-1.el7uek.x86_64 #2 SMP Thu Feb 22 20:18:31 PST 2018 x86_64

    CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'

    * Mitigated according to the /sys interface: NO  (kernel confirms your system is vulnerable)

    * Mitigation 1

      * Kernel is compiled with IBRS/IBPB support:  NO

      * Currently enabled features

        * IBRS enabled for Kernel space:  NO

        * IBRS enabled for User space:  NO

        * IBPB enabled:  NO

    * Mitigation 2

      * Kernel compiled with retpoline option:  YES

      * Kernel compiled with a retpoline-aware compiler:  NO  (kernel reports minimal retpoline compilation)

    > STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)

    You added Retpoline support to the v7 backport on 2/9:

    $ rpm -q --changelog gcc | head -4

    * Fri Feb 09 2018 Jose E. Marchesi <[email protected]> 4.8.5-16.0.1.el7_4.1

    - [Orabug: 27524661]

    - Support for retpolines as a mitigation for CVE-2017-5715 aka

      variant-2 in x86 targets.

    Will this also run on RedHat and CentOS by simply adding the repository?

  • WimCoekaerts-Oracle
    WimCoekaerts-Oracle Member Posts: 73 Employee
    edited Mar 2, 2018 1:45PM

    technically these RPMs would install - you might have to pull in a few dependencies but nothing prevents it from working.

    user10174131
  • user10174131
    user10174131 Member Posts: 37 Blue Ribbon
    edited Mar 2, 2018 4:30PM

    Version 4.14.23-1.el7uek came down today. When will Retpoline support be complete?

  • WimCoekaerts-Oracle
    WimCoekaerts-Oracle Member Posts: 73 Employee
    edited Mar 3, 2018 12:41PM

    Wow you're current! We need to switch the build environment to using the right version of gcc. We are close to releasing an updated uek4 that has retpoline support (production) and was compiled with gcc4.8 (we backported the retpoline stuff from upstream gcc). We need to do the same w/ uek5 - should happen soon.

    user10174131
This discussion has been closed.