Spectre V2 warning on fresh Mint 19 install

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
strangerinusall
Level 1
Level 1
Posts: 2
Joined: Wed Sep 19, 2018 2:48 am

Spectre V2 warning on fresh Mint 19 install

Post by strangerinusall » Wed Sep 19, 2018 2:59 am

Hi everyone,

I just did a fresh install of Mint 19 XFCE via VirtualBox. Now every time I boot I get the following message "Spectre V2 : Spectre mitigattion: LFENCE not serializing, switching to genering retpooline". And then after 5 seconds it boots properly.

I updated my kernel just in case to 4.18.8-041808-generic, however same issue remains. My Bios and VirtualBox has VT-x/AMD-V enabled, with plenty of RAM allocated. Also I have pretty new PC with Ryzen 5 1600.

Is it something I should be worried, or can I just ignore this message? I did some research but couldn't find a solution to this yet.
Attachments
2018-09-19 08_53_04-Linux mint [Running] - Oracle VM VirtualBox.png

User avatar
catweazel
Level 17
Level 17
Posts: 7490
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Spectre V2 warning on fresh Mint 19 install

Post by catweazel » Wed Sep 19, 2018 3:25 am

strangerinusall wrote:
Wed Sep 19, 2018 2:59 am
Is it something I should be worried, or can I just ignore this message?
In a VM, don't worry about it. The hardware layer on your machine is not fully accessible to the VM so it probably can't download the cpu microcode into the cpu. On a bare metal installation, you should get something like this in linux's dmesg output:

[ 0.015412] Spectre V2 : Mitigation: Full AMD retpoline
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

gm10
Level 10
Level 10
Posts: 3393
Joined: Thu Jun 21, 2018 5:11 pm

Re: Spectre V2 warning on fresh Mint 19 install

Post by gm10 » Wed Sep 19, 2018 4:20 am

A fresh Mint 19 install does not include the microcode updates, and the unsupported mainline kernel package that you are apparently using does not depend on them, either, so unless you manually installed them I guess that would be your problem.

strangerinusall
Level 1
Level 1
Posts: 2
Joined: Wed Sep 19, 2018 2:48 am

Re: Spectre V2 warning on fresh Mint 19 install

Post by strangerinusall » Wed Sep 19, 2018 4:35 am

catweazel wrote:
Wed Sep 19, 2018 3:25 am
strangerinusall wrote:
Wed Sep 19, 2018 2:59 am
Is it something I should be worried, or can I just ignore this message?
In a VM, don't worry about it. The hardware layer on your machine is not fully accessible to the VM so it probably can't download the cpu microcode into the cpu. On a bare metal installation, you should get something like this in linux's dmesg output:

[ 0.015412] Spectre V2 : Mitigation: Full AMD retpoline

okay that makes sense.



gm10 wrote:
Wed Sep 19, 2018 4:20 am
A fresh Mint 19 install does not include the microcode updates, and the unsupported mainline kernel package that you are apparently using does not depend on them, either, so unless you manually installed them I guess that would be your problem.
"... unsupported mainline kernel" - So i should not have updated the kernel? When I installed Mint 19, it came with 4.15 kernel and it was the same issue.

So at this point, in terms of security and stability, should i make some improvements in terms of installing different kernel or installing microcode updates?

gm10
Level 10
Level 10
Posts: 3393
Joined: Thu Jun 21, 2018 5:11 pm

Re: Spectre V2 warning on fresh Mint 19 install

Post by gm10 » Wed Sep 19, 2018 4:51 am

I'm not getting that message in VMs on my intel CPUs, but might be an AMD support issue.
strangerinusall wrote:
Wed Sep 19, 2018 4:35 am
So at this point, in terms of security and stability, should i make some improvements in terms of installing different kernel or installing microcode updates?
My point was just to make sure the microcode update is actually installed:

Code: Select all

apt install amd64-microcode

User avatar
catweazel
Level 17
Level 17
Posts: 7490
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Spectre V2 warning on fresh Mint 19 install

Post by catweazel » Wed Sep 19, 2018 4:56 am

gm10 wrote:
Wed Sep 19, 2018 4:51 am
My point was just to make sure the microcode update is actually installed:

Code: Select all

apt install amd64-microcode
I'm not convinced it will work because it's a VM. The host will have, or should have, loaded the mitigation itself prior to the VM starting. Let me test it...

Edit:

[ 0.004000] Spectre V2 mitigation: LFENCE not serializing. Switching to generic retpoline

That's after installing the microcode in the VM.

Further edit:

Code: Select all

retpoline_auto:
    if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) {
        retpoline_amd:
        if (!boot_cpu_has(X86_FEATURE_LFENCE_RDTSC)) {
            pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n");
            goto retpoline_generic;
    }
It seems the CPU lacks support for X86_FEATURE_LFENCE_RDTSC. dmesg | grep retpolinr should return:

[ 0.015412] Spectre V2 : Mitigation: Full AMD retpoline
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

gm10
Level 10
Level 10
Posts: 3393
Joined: Thu Jun 21, 2018 5:11 pm

Re: Spectre V2 warning on fresh Mint 19 install

Post by gm10 » Wed Sep 19, 2018 5:19 am

catweazel wrote:
Wed Sep 19, 2018 4:56 am
It seems the CPU lacks support for X86_FEATURE_LFENCE_RDTSC.
Yep, that's why I thinking the microcode would be the issue. But if you're saying that on your machine it looks fine on the host but not in the VM despite the loaded microcode I guess it's just a VirtualBox bug?

User avatar
thx-1138
Level 6
Level 6
Posts: 1143
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Spectre V2 warning on fresh Mint 19 install

Post by thx-1138 » Wed Sep 19, 2018 5:24 am

...the spectre_v2 mitigation defaults to (what else?), 'auto'.
You could *probably* avoid that 5sec delay & thereby masquerade that message,
by passing it spectre_v2=retpoline,generic (since that's what it chose anyway).

However, this does not explain why such happens in the first place.

Googling reveals that if LFENCE was used instead, it would probably give you a slightly better performance, as far as i can understand it.

Hopefully someone that understands the x86 instruction set can further clarify such for you -
i'd be interested to know / understand that as well myself.
Last edited by thx-1138 on Wed Sep 19, 2018 5:25 am, edited 1 time in total.

User avatar
catweazel
Level 17
Level 17
Posts: 7490
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Spectre V2 warning on fresh Mint 19 install

Post by catweazel » Wed Sep 19, 2018 5:25 am

gm10 wrote:
Wed Sep 19, 2018 5:19 am
catweazel wrote:
Wed Sep 19, 2018 4:56 am
It seems the CPU lacks support for X86_FEATURE_LFENCE_RDTSC.
Yep, that's why I thinking the microcode would be the issue. But if you're saying that on your machine it looks fine on the host but not in the VM despite the loaded microcode I guess it's just a VirtualBox bug?
On the host I get Spectre V2 : Mitigation: Full AMD retpoline out of dmesg. What I don't get on the host, but do get on the guest is that same message and [ 0.004000] Spectre V2 mitigation: LFENCE not serializing. Switching to generic retpoline.

Like I said, I'm not sure it's an issue at all because the guest won't have full access to the CPU, only to various cores.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

gm10
Level 10
Level 10
Posts: 3393
Joined: Thu Jun 21, 2018 5:11 pm

Re: Spectre V2 warning on fresh Mint 19 install

Post by gm10 » Wed Sep 19, 2018 5:35 am

catweazel wrote:
Wed Sep 19, 2018 5:25 am
Like I said, I'm not sure it's an issue at all because the guest won't have full access to the CPU, only to various cores.
The vbox driver should still pass through the full feature set, that's why I said it's probably a vbox issue. Or AMD-V isn't working properly.

User avatar
catweazel
Level 17
Level 17
Posts: 7490
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Spectre V2 warning on fresh Mint 19 install

Post by catweazel » Wed Sep 19, 2018 5:37 am

gm10 wrote:
Wed Sep 19, 2018 5:35 am
The vbox driver should still pass through the full feature set, that's why I said it's probably a vbox issue. Or AMD-V isn't working properly.
I'll agree to that.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

User avatar
thx-1138
Level 6
Level 6
Posts: 1143
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Spectre V2 warning on fresh Mint 19 install

Post by thx-1138 » Wed Sep 19, 2018 6:11 am

...side note: microcode does not have an effect being installed under VMs (it's useful only on the host).
If else was the case... :wink:

User avatar
catweazel
Level 17
Level 17
Posts: 7490
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: Spectre V2 warning on fresh Mint 19 install

Post by catweazel » Wed Sep 19, 2018 6:19 am

thx-1138 wrote:
Wed Sep 19, 2018 6:11 am
...side note: microcode does not have an effect being installed under VMs (it's useful only on the host).
If else was the case... :wink:
That was my impression too.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

Post Reply

Return to “Installation & Boot”