So you might have read some stories today about an issue that's being
described as a design flaw in some CPUs which makes it possible for
unprivileged users on an affected system to read from privileged memory
It seems like there are some complex questions still being figured out
about this (like exactly what CPUs are and are not affected, and what
practical consequences there are in various cases), but our kernel team
has decided that we should at least ship a preliminary fix for this
issue that should address it for x86_64 CPUs.
Accordingly, updates are now going out for Fedora 26 and Fedora 27:
and it would be great if we can get these tested and karma filed as
soon as possible, so they can be pushed to stable.
The updates are kernel-4.14.11-200.fc26 and kernel-4.14.11-300.fc27,
respectively. As I write this, the Fedora 27 update has been pushed out
to updates-testing, while the Fedora 26 one has not but should soon.
You can get the packages directly from Koji for testing if you cannot
get them via updates-testing:
Download all the subpackages that are used on your system (usually
kernel, kernel-core, kernel-modules, and possibly kernel-modules-extra,
kernel-devel and/or kernel-headers) and run "dnf update *.rpm" to
Here are some testing notes:
* The most useful feedback is just whether the kernel boots and works
correctly on all systems you have access to (assuming they worked OK
with the previous kernel, of course). If it does, please leave positive
karma on the relevant update.
* It's great if you can run some kind of proof of concept to verify
that the fix works, but not necessary. The kernel team is fairly
confident the fix is present and active.
* We know that the fix can lead to reduced performance in some cases
(this affects synthetic benchmarks rather more than real-world
performance). The kernel team thinks the fix is sufficiently important
that it should go out despite the performance impact. Accordingly,
please do not file negative karma for this reason. If the update
somehow results in such a significant performance impact that the
system becomes unusable, though, please report that.
* The fix is currently applied only to x86_64 kernels. No fix is yet
present for any other architecture, but of course all architectures are
rebuilt for the update.
* If the fix does cause problems on your hardware, you can disable it
by booting with the kernel parameter 'nopti'.
Thanks very much, everyone!
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net