[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question on CVE-2017-5754 on Debian 8.9



There was a newer version of the script (about 4 hours newer), but the
new version yields the same result.

So I have a debian 8.6 machine for which this test in the script is failing:
        if ! dmesg | grep -qE '(^|\] )Linux version [0-9]'; then
                # dmesg truncated
                return 2
        fi

So on that one debian server, the string "Linux version" does _not_
appear in dmesg output, like so:
# dmesg | grep Linux
[    0.564432] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
[    1.108492] Linux agpgart interface v0.103
[    2.192537] pps_core: LinuxPPS API ver. 1 registered
[    2.209475] usb usb1: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
[    2.225593] usb usb2: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd

So my question becomes: Is it just my server, or others too? And why me?


On Tue, Jan 23, 2018 at 4:54 PM, Richard Hector <richard@walnut.gen.nz> wrote:
> On 24/01/18 11:27, Michael Fothergill wrote:
>>
>>
>>
>>
>>
>>     Hi there,  I am running kernel 4.14.14 under gentoo testing on an
>>     AMD kaveri box.
>>
>>     The version of GCC I am using is 7.2.  Whether that means the
>>     reptoline patch is working for me I am not quite sure but it could
>>     be I guess.....
>>
>>     Someone who is smarter than the average bear has written a patch for
>>     the spectre problem with no performance penalty:
>>
>>     https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414
>>     <https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414>
>>
>>     I am not sure if you can do this as debian testing or experimental.
>>
>>     Cheers
>>
>>     Michael Fothergill
>>
>>
>> You can compile the kernel in debian:
>>
>>     https://www.debian.org/releases/jessie/i386/ch08s06.html.en
>>
>>
>> There is also a debian page on gcc7
>>
>> https://wiki.debian.org/GCC7
>>
>> If I ask the gentoo folks they will tell me if the KPTI and retpoline
>> patches are turned on automatically in kernel 4.14.14
>> or if you have to set a specific flag when you run make menuconfig (runs
>> in Debian too); then if GCC7 is new enough for this
>> you are good to go......
>
> The neowin link above has a link to a Phoronix article[1], which
> suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was
> 9 days ago, of course ... Stretch only has 6.3, and even sid only has
> 7.2, so I don't see it hitting debian soon.
>
> Richard
>
> [1]
> https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-4.14-Retpoline
>


Reply to: