Bug#888263: Spectre : release kernel 4.9.77 to stretch before p-u

[Julien Aubin <julien.aubin@gmail.com>]

2018-01-24 13:52 GMT+01:00 Yves-Alexis Perez <corsac@debian.org>:

On Wed, 2018-01-24 at 13:43 +0100, Julien Aubin wrote:
> Package: linux-image-4.9.0-5-amd64
> Version: 4.9.65-3+deb9u2
> Severity: serious
> Tags: security
> Justification: root security hole
>
> Hi,
>
> Now that kernel release 4.9.77 has been released and contains the full
> retpoline fixes, could you please bring it to stretch before the next p-u ?

Hi,

work on 4.9.77 is mostly done, so yes I'd like to push it to stretch before
next point relase. 4.9.78 is just out but I'm unsure if we want to hold it or
not.
>
> I know this situation is quite exceptionnal, but all the Spectre story is.
> I'm not sure backporting only the required changes for retpoline would be
> that easy.

That beeing said, retpoline support in the kernel is not enough. It also needs
gcc fixes, which are not yet available, as far as I can tell. So while we can
push an updated kernel to stretch, spectre won't be mitigated.

I know it... :'( But as you rebuild the kernel image the updated compiler may come a bit later w/o needing another kernel update ?

Anyway if you want someone to test the updates please push the updated packages to stretch-p-u and I'll tell you if it works on my four boxes which are :

- An Intel Core i7 4790 w/ NVidia blob 384.111

- An AMD Phenom 9850 w/ NVidia blob 384.111

- An Intel Core i7 4800MQ laptop

- An Intel NUC Atom Apollo Lake

 

Rgds,

Regards,
--
Yves-Alexis