This update comes to us courtesy of tmb, our kernel magician:
Since we released 4.14.18 yesterday, we now are in pretty good shape with the mitigations, especially on x86_64. We now have bits in place for Spectre v1, v2 and Meltdown.
Of course over the coming weeks/months there will be more follow-up fixes upstream to cover corner cases, missed fixes and improvements for all of this…
And we still need Intel and AMD to release microcodes so hardware vendors can release updated BIOS/EFI firmwares and to the public so we can provide microcode updates in case of vendors not providing new BIOS/EFI firmwares.
Oh, and for those that like to check 🙂 The official way of checking the kernel status is:
grep . /sys/devices/system/cpu/vulnerabilities/*
We still lack meltdown support for 32bit in mga6, but we have now (Feb 9th) merged the upstream suggested patches for it in Cauldron, so a kernel with those patches will land in testing later today along with an update to 4.14.19
It still lacks some performance related bits, but we are getting there.
Many thanks to tmb for taking the time to bring us this update!
Edit: we corrected the grep command due to the helpful comments.
the above command to check the kernels state does not provide any output, but cat /sys/devices/system/cpu/vulnerabilities/* works well:
Mitigation: PTI
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline
Thanks, fixed it.
sudo grep . /sys/devices/system/cpu/vulnerabilities/*
with a space after the dot and not :
sudo grep ./sys/devices/system/cpu/vulnerabilities/*
for those that like to check
If you like humour, don’t mistake 😉
Thanks for the report, I fixed it as suggested by Alf above, seems more obvious.
*Edit:* Actually fixed back to `grep . ` which apparently gives more info.
Pingback: Update zu Entschärfung von Spectre-Meltdown | Mageia Blog (Deutsch)
Pingback: Atualização da mitigação Spectra-Meltdown | Mageia Blog (Português)
Pingback: Оновлення щодо усування Spectra-Meltdown | Mageia Blog (Україна)
Don’t spend your time with spectre meltdown. We don’t care about this shit. Stop listening to the medias. This is minor issue.
Stop listening to the media? Why not, it’s an opinion.
But I would still listen to those experts like Jon Masters (from RedHat) giving technical explanations during the FOSDEM 2018, that’s quite interesting in my opinion.
http://bofh.nikhef.nl/events/FOSDEM/2018/Janson/closing_keynote.webm
This so-called expert knows nothing on the topic. His conference is bullshit, plain and simple, nothing more. Normal users don’t care about spectre meldown, they are not affected. Only obscure systems are affected. The attack is very complex. Not practical.
lol !!!!
and you want to tell us you are a better expert ???????? you prove here that you know nothing about computer security.
read the meltdown paper before saying it is not practical !!!! there are example of exploiting it. IT IS EXPLOITABLE FOR REAL !!!!!
now shut up your fucking mouth
Hi folks – there’s room in Mageia for disagreement, but we kind of hope you can do it with courtesy…
From what I’ve read on the matter via Ars Technica & elsewhere the Spectre & Meltdown issues are big ones for those running websites in virtual machines and there are many vulnerable servers across all OS families. I know it’s not a huge issue for desktop users until they go on line & log into anything secure, but regardless I’m glad that Mageia is acting responsibly & trying to make all users more secure whether we are using Mageia for a server or a desktop. And of course those of us who only use desktop Linux better hope that whatever severs we connect to securely on line are powered by an OS working as hard to be secure as Mageia.
Thanks for all the effort. Given both that & the issues I’ve been having with my Fedora install eating it’s copy of GRUB I think Mageia will be my goto Distro for doing secure on line transactions. I think Mageia would become the perfect distro for all desktop users if you defaulted to a more modern software center as an alternative to rpmdrake & did a few more things to add extra desktop polish.