Re: Question on CVE-2017-5754 on Debian 8.9
There was a newer version of the script (about 4 hours newer), but the
new version yields the same result.
So I have a debian 8.6 machine for which this test in the script is failing:
if ! dmesg | grep -qE '(^|\] )Linux version [0-9]'; then
# dmesg truncated
return 2
fi
So on that one debian server, the string "Linux version" does _not_
appear in dmesg output, like so:
# dmesg | grep Linux
[ 0.564432] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
[ 1.108492] Linux agpgart interface v0.103
[ 2.192537] pps_core: LinuxPPS API ver. 1 registered
[ 2.209475] usb usb1: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
[ 2.225593] usb usb2: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
So my question becomes: Is it just my server, or others too? And why me?
On Tue, Jan 23, 2018 at 4:54 PM, Richard Hector <richard@walnut.gen.nz> wrote:
> On 24/01/18 11:27, Michael Fothergill wrote:
>>
>>
>>
>>
>>
>> Hi there, I am running kernel 4.14.14 under gentoo testing on an
>> AMD kaveri box.
>>
>> The version of GCC I am using is 7.2. Whether that means the
>> reptoline patch is working for me I am not quite sure but it could
>> be I guess.....
>>
>> Someone who is smarter than the average bear has written a patch for
>> the spectre problem with no performance penalty:
>>
>> https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414
>> <https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414>
>>
>> I am not sure if you can do this as debian testing or experimental.
>>
>> Cheers
>>
>> Michael Fothergill
>>
>>
>> You can compile the kernel in debian:
>>
>> https://www.debian.org/releases/jessie/i386/ch08s06.html.en
>>
>>
>> There is also a debian page on gcc7
>>
>> https://wiki.debian.org/GCC7
>>
>> If I ask the gentoo folks they will tell me if the KPTI and retpoline
>> patches are turned on automatically in kernel 4.14.14
>> or if you have to set a specific flag when you run make menuconfig (runs
>> in Debian too); then if GCC7 is new enough for this
>> you are good to go......
>
> The neowin link above has a link to a Phoronix article[1], which
> suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was
> 9 days ago, of course ... Stretch only has 6.3, and even sid only has
> 7.2, so I don't see it hitting debian soon.
>
> Richard
>
> [1]
> https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-4.14-Retpoline
>
Reply to: