[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question on CVE-2017-5754 on Debian 8.9

Sorry, should have added that the string "Linux version" also does not
appear in the dmesg results
after a reboot. So despite the check script's advice, a reboot doesn't
change the results here.

On Tue, Jan 23, 2018 at 5:02 PM, Nicholas Geovanis
<nickgeovanis@gmail.com> wrote:
> There was a newer version of the script (about 4 hours newer), but the
> new version yields the same result.
>
> So I have a debian 8.6 machine for which this test in the script is failing:
>         if ! dmesg | grep -qE '(^|\] )Linux version [0-9]'; then
>                 # dmesg truncated
>                 return 2
>         fi
>
> So on that one debian server, the string "Linux version" does _not_
> appear in dmesg output, like so:
> # dmesg | grep Linux
> [    0.564432] [Firmware Bug]: ACPI: BIOS _OSI(Linux) query ignored
> [    1.108492] Linux agpgart interface v0.103
> [    2.192537] pps_core: LinuxPPS API ver. 1 registered
> [    2.209475] usb usb1: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
> [    2.225593] usb usb2: Manufacturer: Linux 3.16.0-5-amd64 ehci_hcd
>
> So my question becomes: Is it just my server, or others too? And why me?
>
>
> On Tue, Jan 23, 2018 at 4:54 PM, Richard Hector <richard@walnut.gen.nz> wrote:
>> On 24/01/18 11:27, Michael Fothergill wrote:
>>>
>>>
>>>
>>>
>>>
>>>     Hi there,  I am running kernel 4.14.14 under gentoo testing on an
>>>     AMD kaveri box.
>>>
>>>     The version of GCC I am using is 7.2.  Whether that means the
>>>     reptoline patch is working for me I am not quite sure but it could
>>>     be I guess.....
>>>
>>>     Someone who is smarter than the average bear has written a patch for
>>>     the spectre problem with no performance penalty:
>>>
>>>     https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414
>>>     <https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414>
>>>
>>>     I am not sure if you can do this as debian testing or experimental.
>>>
>>>     Cheers
>>>
>>>     Michael Fothergill
>>>
>>>
>>> You can compile the kernel in debian:
>>>
>>>     https://www.debian.org/releases/jessie/i386/ch08s06.html.en
>>>
>>>
>>> There is also a debian page on gcc7
>>>
>>> https://wiki.debian.org/GCC7
>>>
>>> If I ask the gentoo folks they will tell me if the KPTI and retpoline
>>> patches are turned on automatically in kernel 4.14.14
>>> or if you have to set a specific flag when you run make menuconfig (runs
>>> in Debian too); then if GCC7 is new enough for this
>>> you are good to go......
>>
>> The neowin link above has a link to a Phoronix article[1], which
>> suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was
>> 9 days ago, of course ... Stretch only has 6.3, and even sid only has
>> 7.2, so I don't see it hitting debian soon.
>>
>> Richard
>>
>> [1]
>> https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.9-4.14-Retpoline
>>
Reply to: