Official Debian standpoint on Meltdown/Spectre

Here you can discuss every aspect of Debian. Note: not for support requests!

Re: Official Debian standpoint on Meltdown/Spectre

Postby Lysander » 2018-02-08 10:49

Thorny wrote:I'm pedantic, but you probably already realise that. :-)


I think each case of pedantry has contextual validity. When it comes to Linux-learning, specificity is definitely a good thing.

Thorny wrote:I'm fairly sure you mean you invoke apt update and then apt upgrade if called for.
Just so lurkers and the inexperienced are clear.


That is indeed what I mean, thanks for the clarification.
User avatar
Lysander
 
Posts: 417
Joined: 2017-02-23 10:07
Location: London

Re: Official Debian standpoint on Meltdown/Spectre

Postby n_hologram » 2018-02-08 12:16

Lysander wrote:My netbook [Slackware] runs an Atom N270 so is theoretically, and reportedly, immune. By reportedly, I mean that the output of spectre-meltdown-checker states such.

Are you running a 32 or 64-bit kernel.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 309
Joined: 2013-06-16 00:10

Re: Official Debian standpoint on Meltdown/Spectre

Postby acewiza » 2018-02-08 14:57

I believe the most important Debian-specific remediation's will involve what kernels are showing up where and when.
Nobody would ever ask questions If everyone possessed encyclopedic knowledge of the man pages.
User avatar
acewiza
 
Posts: 313
Joined: 2013-05-28 12:38
Location: Out West

Re: Official Debian standpoint on Meltdown/Spectre

Postby Lysander » 2018-02-08 15:42

n_hologram wrote:Are you running a 32 or 64-bit kernel.


The N270 is 32bit only, so I am running a 32bit smp.
User avatar
Lysander
 
Posts: 417
Joined: 2017-02-23 10:07
Location: London

Re: Official Debian standpoint on Meltdown/Spectre

Postby n_hologram » 2018-02-08 15:50

I forgot that several atom processors are invulnerable, so I'm assuming yours is one. If so, correct me if I'm wrong, but I'm not sure the kernel makes much of a difference.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 309
Joined: 2013-06-16 00:10

Re: Official Debian standpoint on Meltdown/Spectre

Postby Lysander » 2018-02-08 15:56

n_hologram wrote:I forgot that several atom processors are invulnerable, so I'm assuming yours is one. If so, correct me if I'm wrong, but I'm not sure the kernel makes much of a difference.


I am pretty sure it doesn't, I just update it anyway. But yes, I remember reading that diamondville processors were among those unaffected.
User avatar
Lysander
 
Posts: 417
Joined: 2017-02-23 10:07
Location: London

Re: Official Debian standpoint on Meltdown/Spectre

Postby stevepusser » 2018-02-08 21:39

I thought that only the most recent kernels are going to show that vulnerabilities folder in /sys. Currently, no 32-bit kernels have any mitigation for Meltdown, AFAIK, as has been stated in several threads here and confirmed by a kernel developer. There is some work being done towards fixing that sad situation. It seems browsers are easily able to block any Spectre attacks by reducing their timer resolution to a millisecond or so, which is far below the precision that those attacks depend on.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Krita 3.3.3, Pale Moon 27.7.2, Yacreader 9.0rc1, Calligra 3.1, VLC 3.0.0, Firefox 58.0.2, QMPlay2 17.12.31
User avatar
stevepusser
 
Posts: 9225
Joined: 2009-10-06 05:53

Re: Official Debian standpoint on Meltdown/Spectre

Postby Lysander » 2018-02-08 22:10

NB: this post does not relate to Debian, apologies.

stevepusser wrote:I thought that only the most recent kernels are going to show that vulnerabilities folder in /sys. Currently, no 32-bit kernels have any mitigation for Meltdown, AFAIK, as has been stated in several threads here and confirmed by a kernel developer. There is some work being done towards fixing that sad situation.


Ah, that would explain why I got this:

Code: Select all
bash-4.3# gawk '{ print FILENAME ":\t" $0 }' /sys/devices/system/cpu/vulnerabilities/*

/sys/devices/system/cpu/vulnerabilities/meltdown:   Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:   Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:   Mitigation: Full generic retpoline


Thanks for clearing that up, Steve. Furthermore, the point that I was making re my CPU was that it is apparently immune to both vulnerabilties [N270]. But kernel-wise, yes, it seems we are not yet there with the mitigation for 32bit [though complete mitigation has been achieved now in 64bit {Slack} - sorry for taking this off-distro].

Resume normal service, I will bow out.
User avatar
Lysander
 
Posts: 417
Joined: 2017-02-23 10:07
Location: London

Re: Official Debian standpoint on Meltdown/Spectre

Postby milomak » 2018-02-18 16:35

sorry guys. what does this mean for me

Code: Select all
grep -r . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline - vulnerable module loaded
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
iMac - MacOS and Windows 10 (Bootcamp)/ Debian Sid (External SSD)
Laptop (64-bit) - Debian Sid, Win10,
Kodi Box - Debian Sid
milomak
 
Posts: 1683
Joined: 2009-06-09 22:20

Re: Official Debian standpoint on Meltdown/Spectre

Postby Head_on_a_Stick » 2018-02-18 18:19

milomak wrote:what does this mean for me

Looks good to me but I don't know what this means:
Code: Select all
vulnerable module loaded

My Arch box has the "full generic retpoline" message but without the module bit and my Alpine Linux machine has "minimal generic ASM retpoline", I think that is gcc-version-dependent.

Just remember to disable javascript whenever possible and you should be fine.
"Men are born ignorant, not stupid. They are made stupid by education." — Bertrand Russell
User avatar
Head_on_a_Stick
 
Posts: 7189
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Official Debian standpoint on Meltdown/Spectre

Postby n_hologram » 2018-02-20 17:44

Lol I love that my thread is already completely ignored. Are we due for a Skyfall thread yet?

Here's a horrifying glimpse at the current 2018 CVE list: https://imgs.xkcd.com/comics/2018_cve_list.png
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 309
Joined: 2013-06-16 00:10

Previous

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 1 guest

fashionable