Hi folks! So you might have read some stories today about an issue that's being described as a design flaw in some CPUs which makes it possible for unprivileged users on an affected system to read from privileged memory locations. It seems like there are some complex questions still being figured out about this (like exactly what CPUs are and are not affected, and what practical consequences there are in various cases), but our kernel team has decided that we should at least ship a preliminary fix for this issue that should address it for x86_64 CPUs. Accordingly, updates are now going out for Fedora 26 and Fedora 27: * https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ed5eff2c0 (Fedora 26) * https://bodhi.fedoraproject.org/updates/FEDORA-2018-22d5fa8a90 (Fedora 27) and it would be great if we can get these tested and karma filed as soon as possible, so they can be pushed to stable. The updates are kernel-4.14.11-200.fc26 and kernel-4.14.11-300.fc27, respectively. As I write this, the Fedora 27 update has been pushed out to updates-testing, while the Fedora 26 one has not but should soon. You can get the packages directly from Koji for testing if you cannot get them via updates-testing: * https://koji.fedoraproject.org/koji/buildinfo?buildID=1012983 (Fedora 26) * https://koji.fedoraproject.org/koji/buildinfo?buildID=1012982 (Fedora 27) Download all the subpackages that are used on your system (usually kernel, kernel-core, kernel-modules, and possibly kernel-modules-extra, kernel-devel and/or kernel-headers) and run "dnf update *.rpm" to update. Here are some testing notes: * The most useful feedback is just whether the kernel boots and works correctly on all systems you have access to (assuming they worked OK with the previous kernel, of course). If it does, please leave positive karma on the relevant update. * It's great if you can run some kind of proof of concept to verify that the fix works, but not necessary. The kernel team is fairly confident the fix is present and active. * We know that the fix can lead to reduced performance in some cases (this affects synthetic benchmarks rather more than real-world performance). The kernel team thinks the fix is sufficiently important that it should go out despite the performance impact. Accordingly, please do not file negative karma for this reason. If the update somehow results in such a significant performance impact that the system becomes unusable, though, please report that. * The fix is currently applied only to x86_64 kernels. No fix is yet present for any other architecture, but of course all architectures are rebuilt for the update. * If the fix does cause problems on your hardware, you can disable it by booting with the kernel parameter 'nopti'. Thanks very much, everyone! -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net