[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release status of i386 for Bullseye and long term support for 3 years?

On Sun, 2020-12-13 at 01:53 -0800, Steve Langasek wrote:
> While the ongoing
> costs of maintaining a full port were a consideration, of equal concern was
> the fact that we believed we would not be able to provide security support
> for the architecture as a whole at par with other architectures, due to,
> among other things, lack of adequate support from the upstream
> kernel/toolchain community.  I'm not sure if i386 has caught up and now has
> adequate mitigation for Spectre etc, but it definitely wasn't available on
> an equivalent timeline as amd64.

I agree that kernel security support for i386 is seriously lacking.

The Spectre mitigations were actually available for both x86
architectures at the same time, but the initial Meltdown mitigation was
amd64-specific and was not extended to i386 until Linux 4.19.  The
implementation used in stable kernel branches (KAISER) was sufficiently
different from that used upstream, that i386 support has not been added
to it.

As a result, stretch:i386 is still vulnerable when running the default
(4.9-based) kernel.


Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: