Meltdown and Spectre patches

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: Meltdown and Spectre patches

Postby Wheelerof4te » 2018-01-14 17:45

Head_on_a_Stick wrote:...And here we go:

http://lists.alpinelinux.org/alpine-devel/6022.html

^According to the Alpine Linux developers, the backported fix (as used by Debian stable) is based on the flawed KAISER patch rather than KTPI and it doesn't really work.

Oh dear.

Oh, thank God I've switched to a corporate-backed OS.
Viva La Microsoft!
User avatar
Wheelerof4te
 
Posts: 1134
Joined: 2015-08-30 20:14

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 17:58

Wheelerof4te wrote:Oh, thank God I've switched to a corporate-backed OS.
Viva La Microsoft!

^ Is this a joke?

At least with the open source operating systems we can see exactly what goes into the patches and can thus evaluate them independently.

With proprietary operating systems the users must trust in the ability of the developers to write a bug-free software abstraction layer with no peer review at all beyond the corporate environment.

It is my understanding that MS have sacked their entire testing department and now instead rely on the Microsoft Insiders Program to garner feedback from paying users... :lol:
User avatar
Head_on_a_Stick
 
Posts: 8004
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby Wheelerof4te » 2018-01-14 18:06

^It's not a joke. MS has a lot to lose from this, and at least concerning Meltdown and Spectre, the patches have to work. But then again, so does Red Hat, and Novell. Canonical is already doing business in the red zone, so they bided their time.
OTOH, Red Hat and SUSE had patches ready almost instantly.
So yeah, if you need an OS for your PC, choose ones that have something to lose when things go south.
User avatar
Wheelerof4te
 
Posts: 1134
Joined: 2015-08-30 20:14

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 18:10

Wheelerof4te wrote:Red Hat and SUSE had patches ready almost instantly

Not really, Intel have known about the problem since June 2017 and made the commercial operating systems aware of it (under a non-disclosure agreement, of course) back in October 2017.

Has Microsoft fixed Spectre yet? *innocent look*

Link: https://www.theregister.co.uk/2018/01/0 ... _problems/

EDIT: all I can say is that you are very trusting, and some would even say gullible.
User avatar
Head_on_a_Stick
 
Posts: 8004
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby bw123 » 2018-01-14 18:52

Head_on_a_Stick wrote:...And here we go:

http://lists.alpinelinux.org/alpine-devel/6022.html

^According to the Alpine Linux developers, the backported fix (as used by Debian stable) is based on the flawed KAISER patch rather than KTPI and it doesn't really work.

Oh dear.

I did not read that the same way, the link says it has "reliability" issues, not that it "does not work" against meltdown?

The reference link says this:
At least some versions of "KAISER", on meltdown-affected hardware, expose the kernel stack to userspace.


please fight the FUD and misinformation.
User avatar
bw123
 
Posts: 3392
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 18:57

bw123 wrote:please fight the FUD and misinformation

Well for me "works" means "corrects the hardware defect" and the KAISER patch clearly does not do that to the same extent as the KTPI patch.

This is the reason why Alpine Linux (a security-orientated distribution) have decided to switch their stock kernel to the non-LTS version that uses the genuine KTPI patch — they do no consider that the KAISER patch (as used for the LTS kernels) offers the same level of vulnerability mitigation as the KTPI patch and I agree with them.
User avatar
Head_on_a_Stick
 
Posts: 8004
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby Wheelerof4te » 2018-01-14 19:00

You are quoting me about RH and SUSE, and post an article about MS and some patch that made some machines unusable. I said they had patches almost instantly when they baceme public...certanly waaay before Debian.
So what if Intel contacted only commercial distros? Isn't that the point I'm making about using corporate OSes? Intel had something to lose if it didn't. It does not have anything to lose when compared to, say, Debian.
User avatar
Wheelerof4te
 
Posts: 1134
Joined: 2015-08-30 20:14

Re: Meltdown and Spectre patches

Postby bw123 » 2018-01-14 19:03

bw123 wrote:please fight the FUD and misinformation


...the KAISER patch clearly does not do that to the same extent as the KTPI patch.


Okay without any references that statementt is hard to evaluate.

I also don't see any references for this satement that was made:

the backported fix (as used by Debian stable) is based on the flawed KAISER patch


A lot of code is based on flawed code, but where is the proof that the patch in debian specifically "doesn't really work" ?
User avatar
bw123
 
Posts: 3392
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 19:08

Wheelerof4te wrote:So what if Intel contacted only commercial distros?

If Intel and all of the commercial operating systems have been lying to their users since June last year what on Earth makes you think they will stop now?

You are very naïve.
User avatar
Head_on_a_Stick
 
Posts: 8004
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 19:11

bw123 wrote:where is the proof that the patch in debian specifically "doesn't really work" ?

The Hacker News thread linked in the mailing list post:
amiuto wrote:Contrary to its marketing, KAISER does not effectively mitigate the old kASLR leaks. PTI very nearly does, and I intend to improve it further once I find some time to do so. I doubt those improvements will get backported to pre-4.14 kernels.

Also:
If you can put pressure on your organization or suppliers to update to 4.14 or better, please do so.

https://news.ycombinator.com/item?id=16087736

I have already suggested that BunsenLabs moves to the Liquorix kernel instead to gain access to the genuine KTPI patch.
User avatar
Head_on_a_Stick
 
Posts: 8004
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby bw123 » 2018-01-14 19:18

Head_on_a_Stick wrote:
bw123 wrote:where is the proof that the patch in debian specifically "doesn't really work" ?

The Hacker News thread linked in the mailing list post:
amiuto wrote:Contrary to its marketing, KAISER does not effectively mitigate the old kASLR leaks. PTI very nearly does, and I intend to improve it further once I find some time to do so. I doubt those improvements will get backported to pre-4.14 kernels.

Also:
If you can put pressure on your organization or suppliers to update to 4.14 or better, please do so.

https://news.ycombinator.com/item?id=16087736

I have already suggested that BunsenLabs moves to the Liquorix kernel instead to gain access to the genuine KTPI patch.


You get on here, and make claims about debian Based on one post from a user handle on "Hacker News" okay well, that sounds pretty rush to judgement to believe them over debian kernel developers, but it's your distro.

and I am pretty sure it kpti not KTPI isn't it? Page table Isolation is the thing...

I bet a lot of distros and os vendors and even hardware makers are going to be using fud and misinformation to push their agendas. That really has nothing to do with debian though, so why spread mis-info this way?
Last edited by bw123 on 2018-01-14 19:33, edited 1 time in total.
User avatar
bw123
 
Posts: 3392
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Meltdown and Spectre patches

Postby Wheelerof4te » 2018-01-14 19:31

Head_on_a_Stick wrote:
Wheelerof4te wrote:So what if Intel contacted only commercial distros?

If Intel and all of the commercial operating systems have been lying to their users since June last year what on Earth makes you think they will stop now?

You are very naïve.

So you think they should have announced this MAJOR security flaw for all to see, when there isn't even a fix ready? People have been working on a fix since and only came forward when ready. At least they would have, if someone hasn't leaked the info. You are the one who is very ignorant and naive.
User avatar
Wheelerof4te
 
Posts: 1134
Joined: 2015-08-30 20:14

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 19:35

bw123 wrote:You get on here, and make claims about debian Based on one post from a user handle on "Hacker News"

I was posting here because of the notification on the Alpine Linux mailing lists that they have decided to switch kernel version.

Alpine Linux clearly believe this is serious enough to warrant such an action and I would tend to agree with them.

and I am pretty sure it kpti not KTPI isn't it? Page table Isolation is the thing...

Damn it, yes it is.

Dyslexia is embarrassing sometimes, sorry about that :oops:

EDIT: no, I'm right because the kernel parameter to disable it is notpi so the it must be called the Kernel Table Page Isolation patch (I think).
User avatar
Head_on_a_Stick
 
Posts: 8004
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Meltdown and Spectre patches

Postby bw123 » 2018-01-14 19:54

Head_on_a_Stick wrote:
bw123 wrote:You get on here, and make claims about debian Based on one post from a user handle on "Hacker News"

I was posting here because of the notification on the Alpine Linux mailing lists that they have decided to switch kernel version.


Well, if you can get me proof the kaiser patches don't work "on debian" I will file the bug, "on debian" for you.

no, I'm right because the kernel parameter to disable it is notpi so the it must be called the Kernel Table Page Isolation patch (I think).


According to the changelog "on debian" they added a "nokaiser" switch, I have no idea what you are using for documentation, "on debian."
User avatar
bw123
 
Posts: 3392
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Meltdown and Spectre patches

Postby Head_on_a_Stick » 2018-01-14 20:06

bw123 wrote:According to the changelog "on debian" they added a "nokaiser" switch

Do you have a source for this please?

So Debian stable is using the old, abandoned KAISER patch but Debian sid is using the KTPI[1] patch?

[1] That's definitely it, you were right: https://github.com/torvalds/linux/blob/ ... .txt#L3309
User avatar
Head_on_a_Stick
 
Posts: 8004
Joined: 2014-06-01 17:46
Location: /dev/chair

PreviousNext

Return to Offtopic

Who is online

Users browsing this forum: esalvesen and 5 guests

fashionable