VectorLinux

The nuts and bolts => Kernel => Topic started by: overthere on January 19, 2018, 08:38:09 pm

Title: meltdown and spectra?
Post by: overthere on January 19, 2018, 08:38:09 pm
Shortly after release of 7.2 there was a kernel update for security, now meltdown and spectra require a patch? and affects all chips to my general understanding.

Question..was the kernel update built to the available 7.2 iso and also is there any news on the meltdown/spectra patch.

wondering if I will have to update kernel prior to patch as installing back to my laptop after some upgrades.

thanks
Title: Re: meltdown and spectra?
Post by: nightflier on January 20, 2018, 04:03:31 am
A new kernel with these patches is available. You need to use the "untested" repository.

http://forum.vectorlinux.com/index.php?topic=19139.msg106524#msg106524
Title: Re: meltdown and spectra?
Post by: overthere on January 21, 2018, 05:16:41 pm
currently have VL-std 7.2 installed to an acer aspire netbook.

It boots fine with the default .76 and also the .89

when booting .14 the screen distorts and nothing is readable, the desktop is not usable

if I "e" at grub and change vga=788 to something else and f10 it stops boot and gives choice to view options or continue..if I continue the system boots to desktop as expected and appears to function normally..also couple of acpi errors list at boot before screen distorts and after continue..added no apci and no apic during grub edit but no change..not sure how to edit grub effectively.

not that a lot of folks will use this hardware but do not have my laptop put back together yet,,had to tear down to clean intake

adding...the  best case on this hardware seems to be hit "e" at grub use the arrow keys to locate and remove vga=788 and hit f10. ignore the two acpi errors and sign in as usual.
Title: Re: meltdown and spectra?
Post by: overthere on January 21, 2018, 09:53:09 pm
As the old lappy booted ok, thought I would try running the spectre-meltdown-checker from github

perhaps 32 bit remains vulnerable? anyone checked on 64 bit? or is the script from github a false sense of security. or in my case a indication to visit the recycle depot..lol

Code: [Select]
someone:$ su
Password:
You are working as root

root:# ./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.32

Checking for vulnerabilities against running kernel Linux 4.14.14 #1 SMP Thu Jan 18 14:37:24 CST 2018 i686
CPU is  Intel(R) Atom(TM) CPU N270   @ 1.60GHz

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable: Minimal generic ASM retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Checking whether we're safe according to the /sys interface:  NO  (kernel confirms your system is vulnerable)
> STATUS:  VULNERABLE  (Vulnerable)

A false sense of security is worse than no security at all, see --disclaimer
vector://home/someone/Downloads/spectre-meltdown-checker-master
root:#

Title: Re: meltdown and spectra?
Post by: retired1af on January 21, 2018, 10:48:20 pm
That script isn't really accurate. Author admits it may or  may not be valid.

Something we should also look at is updating the Intel microcode if it's possible.
Title: Re: meltdown and spectra?
Post by: overthere on January 22, 2018, 12:07:00 am
updating the browser(s) would also be part of addressing the issue.
Title: Re: meltdown and spectra?
Post by: M0E-lnx on January 22, 2018, 11:51:42 am
The 4.14 kernel is being built as they roll them out (it is also the next LTS, so it makes sense to switch to that).

About the meltdown/spectre bugs... bare in mind that there are no fixes for this stuff... what they're doing is adding mitigation patches.  The mitigation patches are being retroactively backported from what I understand.  I dont expect much of a focus on fixing 32bit, just because everyone is phasing 32-bit out.

Any input or test results from running that 4.14 kernel would be really helpful so we can shift focus on VL for that version.