On 2018-02-19 14:10:14 +, Brad Rogers wrote:
> If anyone wants to check their (linux) system specifically for the
> current state of spectre+meltdown mitigation on a given machine then
> have a look here:
>
> https://github.com/speed47/spectre-meltdown-checker
>
> Really simple instructions
On Mon, 26 Feb 2018, Curt wrote:
> What does that mean 'bugs : cpu_meltdown spectre_v1 spectre_v2
> exactly?
It it is supposed to mean your processor has those defects. It does not
say anything about the mitigation strategy being employed to avoid those
defects.
Obviously, that thing
On 2018-02-23, Reco wrote:
> So it seems. New kernel came today with the usual 'apt update && apt
> upgrade' routine:
>
> $ uname -r
> 4.9.0-6-amd64
>
> $ grep bug /proc/cpuinfo
> bugs: cpu_meltdown spectre_v1 spectre_v2
> ...
What does that mean 'bugs
On 23 February 2018 at 18:41, Michael Lange wrote:
> On Fri, 23 Feb 2018 16:27:23 +
> Michael Fothergill wrote:
>
> >
> > Sure enough, looking at the spectre meltdown checker on the kernel I am
> > using in gentoo
> > shows the
> >
> >
On Fri, 23 Feb 2018 16:27:23 +
Michael Fothergill wrote:
>
> Sure enough, looking at the spectre meltdown checker on the kernel I am
> using in gentoo
> shows the
>
> retpoline is enabled and that the vulnerability status is "not
> vulnerable".
>
> It's
On Fri, 23 Feb 2018 16:40:00 +
Michael Fothergill wrote:
(...)
> > * Mitigation 2
> > * Kernel compiled with retpoline option: YES
> > * Kernel compiled with a retpoline-aware compiler: YES (kernel
> > reports full retpoline compilation)
> > > STATUS:
On 23 February 2018 at 16:28, Michael Lange wrote:
> Hi,
>
> On Fri, 23 Feb 2018 16:52:12 +0100
> Felipe Salvador wrote:
>
> (...)
> > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> > > * Mitigated according to the /sys
On 23 February 2018 at 16:14, Michael Fothergill <
michael.fotherg...@gmail.com> wrote:
>
>
> On 23 February 2018 at 14:14, Michael Fothergill <
> michael.fotherg...@gmail.com> wrote:
>
>>
>>
>> On 23 February 2018 at 14:05, mlnl wrote:
>>
>>> Hi,
>>>
>>> > Can it be true? A
Hi,
On Fri, 23 Feb 2018 16:52:12 +0100
Felipe Salvador wrote:
(...)
> > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
> > * Mitigated according to the /sys interface: YES (kernel confirms
> > that the mitigation is active)
> > * Mitigation 1
> >
On 23 February 2018 at 14:14, Michael Fothergill <
michael.fotherg...@gmail.com> wrote:
>
>
> On 23 February 2018 at 14:05, mlnl wrote:
>
>> Hi,
>>
>> > Can it be true? A version of gcc that runs on stretch that will
>> > compile the latest fancy spectre fixes etc?
>>
>> with
On Fri, Feb 23, 2018 at 03:05:18PM +0100, mlnl wrote:
> Hi,
>
> > Can it be true? A version of gcc that runs on stretch that will
> > compile the latest fancy spectre fixes etc?
>
> with latest vanilla kernel 4.15.4 and updated gcc-6:
>
> CVE-2017-5753 [bounds check bypass] aka 'Spectre
On 23 February 2018 at 14:05, mlnl wrote:
> Hi,
>
> > Can it be true? A version of gcc that runs on stretch that will
> > compile the latest fancy spectre fixes etc?
>
> with latest vanilla kernel 4.15.4 and updated gcc-6:
>
> CVE-2017-5753 [bounds check bypass] aka 'Spectre
On 23 February 2018 at 14:08, Reco wrote:
> Hi.
>
> On Fri, Feb 23, 2018 at 01:47:25PM +, Michael Fothergill wrote:
> > On 23 February 2018 at 13:42, Reco wrote:
> >
> > > Hi.
> > >
> > > On Fri, Feb 23, 2018 at 01:14:16PM +,
Hi.
On Fri, Feb 23, 2018 at 01:47:25PM +, Michael Fothergill wrote:
> On 23 February 2018 at 13:42, Reco wrote:
>
> > Hi.
> >
> > On Fri, Feb 23, 2018 at 01:14:16PM +, Michael Fothergill wrote:
> > > On 23 February 2018 at 12:43, Reco
Hi,
> Can it be true? A version of gcc that runs on stretch that will
> compile the latest fancy spectre fixes etc?
with latest vanilla kernel 4.15.4 and updated gcc-6:
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel
On 23 February 2018 at 13:42, Reco wrote:
> Hi.
>
> On Fri, Feb 23, 2018 at 01:14:16PM +, Michael Fothergill wrote:
> > On 23 February 2018 at 12:43, Reco wrote:
> >
> > > Hi.
> > >
> > > On Wed, Feb 21, 2018 at 06:46:05PM +0100,
Hi.
On Fri, Feb 23, 2018 at 08:54:31AM -0500, Greg Wooledge wrote:
> On Fri, Feb 23, 2018 at 04:42:01PM +0300, Reco wrote:
> > So it seems. New kernel came today with the usual 'apt update && apt
> > upgrade' routine:
> >
> > $ uname -r
> > 4.9.0-6-amd64
>
> You mean "apt (or apt-get)
On Fri, Feb 23, 2018 at 04:42:01PM +0300, Reco wrote:
> So it seems. New kernel came today with the usual 'apt update && apt
> upgrade' routine:
>
> $ uname -r
> 4.9.0-6-amd64
You mean "apt (or apt-get) dist-upgrade", right?
/me tries it on a different computer that hasn't dist-upgraded yet...
Hi.
On Fri, Feb 23, 2018 at 01:14:16PM +, Michael Fothergill wrote:
> On 23 February 2018 at 12:43, Reco wrote:
>
> > Hi.
> >
> > On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote:
> > > Hi,
> > >
> > > Do you have any clue on when the gcc
On 23 February 2018 at 12:43, Reco wrote:
> Hi.
>
> On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote:
> > Hi,
> >
> > Do you have any clue on when the gcc fix for stretch is to be released ?
> >
> > Actually the retpoline-compliant kernel is ready, and
Hi.
On Wed, Feb 21, 2018 at 06:46:05PM +0100, Julien Aubin wrote:
> Hi,
>
> Do you have any clue on when the gcc fix for stretch is to be released ?
>
> Actually the retpoline-compliant kernel is ready, and gcc fixes for stretch
> seem to have already been implemented. So I dunno what
On 21 February 2018 at 17:46, Julien Aubin wrote:
> Hi,
>
> Do you have any clue on when the gcc fix for stretch is to be released ?
>
> Actually the retpoline-compliant kernel is ready, and gcc fixes for
> stretch seem to have already been implemented. So I dunno what is
Hi,
Do you have any clue on when the gcc fix for stretch is to be released ?
Actually the retpoline-compliant kernel is ready, and gcc fixes for stretch
seem to have already been implemented. So I dunno what is still blocking
the release. :'(
Thanks a lot.
Hi Stephen,
On Tue, Feb 20, 2018 at 10:09:52AM +0100, Stephan Seitz wrote:
> On Di, Feb 20, 2018 at 05:09:12 +, Andy Smith wrote:
> >CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere
> >yet, not even in Linux upstream.
>
> Are you sure?
[…]
> >STATUS: NOT VULNERABLE
On 20 February 2018 at 10:01, Michael Lange wrote:
> Hi,
>
> On Tue, 20 Feb 2018 08:05:19 +
> Michael Fothergill wrote:
>
> > For me at any rate if the new version of gcc 4.9 makes it easier for a
> > new user to get access to that
On Tue, Feb 20, 2018 at 04:52:45AM +, Andy Smith wrote:
> Versions of gcc that have the retpoline feature backported into them
> have already hit stable and oldstable (and maybe others; haven't
> checked),
Just oldstable, actually. Not stable yet.
Hi,
On Tue, 20 Feb 2018 08:05:19 +
Michael Fothergill wrote:
> For me at any rate if the new version of gcc 4.9 makes it easier for a
> new user to get access to that portion of Spectre vulnerability jointly
> with the the availability of Meltdown as is, then
On Di, Feb 20, 2018 at 05:09:12 +, Andy Smith wrote:
CVE-2017-5753 is Spectre v1. There is no fix for Spectre v1 anywhere
yet, not even in Linux upstream.
Are you sure?
CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel
On 20 February 2018 at 05:09, Andy Smith wrote:
> Hello,
>
> On Mon, Feb 19, 2018 at 09:03:20PM +, Michael Fothergill wrote:
> > On 19 February 2018 at 19:10, Michael Lange
> wrote:
> > > no, I meant to say that you were looking at the wrong place
Hello,
On Mon, Feb 19, 2018 at 09:03:20PM +, Michael Fothergill wrote:
> On 19 February 2018 at 19:10, Michael Lange wrote:
> > no, I meant to say that you were looking at the wrong place if you wanted
> > to see if the "spectre-2" fix has arrived in debian, for this
Hello,
> On 19 February 2018 at 13:13, Turritopsis Dohrnii Teo En Ming <
> tdteoenm...@gmail.com> wrote:
>
> > What are the patches that I can download and install to be protected
> > against the Meltdown and Spectre security vulnerabilities?
The linux-kernel-* packages in Debian stable already
On Monday 19 February 2018 15:43:16 Greg Wooledge wrote:
> On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote:
> > On Monday 19 February 2018 13:31:46 Michael Lange wrote:
> > > apt-get install spectre-meltdown-checker
> >
> > not available for stretch on arm64, why?
>
> Because this
On Mon, 19 Feb 2018 15:43:16 -0500
Greg Wooledge wrote:
> On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote:
> > On Monday 19 February 2018 13:31:46 Michael Lange wrote:
> > > apt-get install spectre-meltdown-checker
> > not available for stretch on arm64, why?
>
On 19 February 2018 at 19:10, Michael Lange wrote:
> Hi,
>
> On Mon, 19 Feb 2018 18:46:15 +
> Michael Fothergill wrote:
>
> > Are you saying that this link:
> >
> > https://security-tracker.debian.org/tracker/CVE-2017-5753
> >
> > which
On Mon, Feb 19, 2018 at 03:27:36PM -0500, Gene Heskett wrote:
> On Monday 19 February 2018 13:31:46 Michael Lange wrote:
> > apt-get install spectre-meltdown-checker
> not available for stretch on arm64, why?
Because this package did not exist at the time stretch was frozen.
Nor even at the time
On Monday 19 February 2018 13:31:46 Michael Lange wrote:
> Hi,
>
> On Mon, 19 Feb 2018 14:10:14 +
> Brad Rogers wrote:
>
> (...)
>
> > If anyone wants to check their (linux) system specifically for the
> > current state of spectre+meltdown mitigation on a given machine
Hi,
On Mon, 19 Feb 2018 18:46:15 +
Michael Fothergill wrote:
> Are you saying that this link:
>
> https://security-tracker.debian.org/tracker/CVE-2017-5753
>
> which looks like it should be going to a spectre 1 fix is actually a
> discussion and tables etc
On Mon, 19 Feb 2018 19:31:46 +0100
Michael Lange wrote:
Hello Michael,
>With debian it is even simpler:
>apt-get install spectre-meltdown-checker
>sudo spectre-meltdown-checker
I hadn't realised it was in the repos.
--
Regards _
/ ) "The blindingly
On 19 February 2018 at 18:24, Michael Lange wrote:
> Hi,
>
> On Mon, 19 Feb 2018 16:40:19 +
> Michael Fothergill wrote:
>
> > On 19 February 2018 at 14:10, Greg Wooledge wrote:
> >
> > > On Mon, Feb 19, 2018 at
Hi,
On Mon, 19 Feb 2018 14:10:14 +
Brad Rogers wrote:
(...)
> If anyone wants to check their (linux) system specifically for the
> current state of spectre+meltdown mitigation on a given machine then
> have a look here:
>
>
On Mon, 19 Feb 2018 21:00:08 +0300
Reco wrote:
> On Mon, Feb 19, 2018 at 05:24:18PM +, Michael Fothergill wrote:
> > On 19 February 2018 at 17:03, Reco wrote:
> >
> > > Hi.
> > >
> > > On Mon, Feb 19, 2018 at 04:40:19PM +, Michael
Hi,
On Mon, 19 Feb 2018 16:40:19 +
Michael Fothergill wrote:
> On 19 February 2018 at 14:10, Greg Wooledge wrote:
>
> > On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En
> > Ming wrote:
> > > What are the patches that I
On Mon, Feb 19, 2018 at 05:24:18PM +, Michael Fothergill wrote:
> On 19 February 2018 at 17:03, Reco wrote:
>
> > Hi.
> >
> > On Mon, Feb 19, 2018 at 04:40:19PM +, Michael Fothergill wrote:
> > > I had thought up to now that e.g. kernel 4.15.4-1 was new
On 19 February 2018 at 17:03, Reco wrote:
> Hi.
>
> On Mon, Feb 19, 2018 at 04:40:19PM +, Michael Fothergill wrote:
> > I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> > you compiled it with gcc 7.3 then the spectre fix would then
Hi.
On Mon, Feb 19, 2018 at 04:40:19PM +, Michael Fothergill wrote:
> I had thought up to now that e.g. kernel 4.15.4-1 was new enough that if
> you compiled it with gcc 7.3 then the spectre fix would then work.
Not unless you apply the retpoline patch to the gcc.
For instance, just
On 19 February 2018 at 14:10, Greg Wooledge wrote:
> On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming
> wrote:
> > What are the patches that I can download and install to be protected
> > against the Meltdown and Spectre security vulnerabilities?
>
>
On Mon, Feb 19, 2018 at 01:23:25PM +, Michael Fothergill wrote:
>
>Checkout the debian backports suite (kindly resourcefully suggested by
>Andy Smith)
>Easiest thing to do when requiring a newer kernel would be to check
>the backports suite, so in this case in
On Mon, 19 Feb 2018 21:13:42 +0800
Turritopsis Dohrnii Teo En Ming wrote:
Hello Turritopsis,
>What are the patches that I can download and install to be protected
>against the Meltdown and Spectre security vulnerabilities?
First, you might want to check whether your
On Mon, Feb 19, 2018 at 09:13:42PM +0800, Turritopsis Dohrnii Teo En Ming wrote:
> What are the patches that I can download and install to be protected
> against the Meltdown and Spectre security vulnerabilities?
Meltdown patch went out a month ago.
Spectre, see here:
On 19 February 2018 at 13:13, Turritopsis Dohrnii Teo En Ming <
tdteoenm...@gmail.com> wrote:
> What are the patches that I can download and install to be protected
> against the Meltdown and Spectre security vulnerabilities?
>
> ===BEGIN SIGNATURE===
>
> Turritopsis Dohrnii Teo En Ming's
50 matches
Mail list logo