Spectre-Meltdown mitigation update

This update comes to us courtesy of tmb, our kernel magician:

Since we released 4.14.18 yesterday, we now are in pretty good shape with the mitigations, especially on x86_64. We now have bits in place for Spectre v1, v2 and Meltdown.

Of course over the coming weeks/months there will be more follow-up fixes upstream to cover corner cases, missed fixes and improvements for all of this…

And we still need Intel and AMD to release microcodes so hardware vendors can release updated BIOS/EFI firmwares and to the public so we can provide microcode updates in case of vendors not providing new BIOS/EFI firmwares.

Oh, and for those that like to check 🙂 The official way of checking the kernel status is:

grep . /sys/devices/system/cpu/vulnerabilities/*

We still lack meltdown support for 32bit in mga6, but we have now (Feb 9th) merged the upstream suggested patches for it in Cauldron, so a kernel with those patches will land in testing later today along with an update to 4.14.19

It still lacks some performance related bits, but we are getting there.

Many thanks to tmb for taking the time to bring us this update!

 

Edit: we corrected the grep command due to the helpful comments.

This entry was posted in security. Bookmark the permalink.

Curious about Mageia? Download it, give it a try and tell us how you feel about it.

Want to bring something to it? Learn how you can contribute and donate.

13 Responses to Spectre-Meltdown mitigation update

  1. Alf says:

    the above command to check the kernels state does not provide any output, but cat /sys/devices/system/cpu/vulnerabilities/* works well:
    Mitigation: PTI
    Mitigation: __user pointer sanitization
    Mitigation: Full generic retpoline

  2. Asaln says:

    sudo grep . /sys/devices/system/cpu/vulnerabilities/*

    with a space after the dot and not :

    sudo grep ./sys/devices/system/cpu/vulnerabilities/*

    for those that like to check

    If you like humour, don’t mistake 😉

    • Rémi Verschelde says:

      Thanks for the report, I fixed it as suggested by Alf above, seems more obvious.

      *Edit:* Actually fixed back to `grep . ` which apparently gives more info.

  3. Pingback: Update zu Entschärfung von Spectre-Meltdown | Mageia Blog (Deutsch)

  4. Pingback: Atualização da mitigação Spectra-Meltdown | Mageia Blog (Português)

  5. Pingback: Оновлення щодо усування Spectra-Meltdown | Mageia Blog (Україна)

  6. Pierre Demorand says:

    Don’t spend your time with spectre meltdown. We don’t care about this shit. Stop listening to the medias. This is minor issue.

  7. drakkar says:

    Stop listening to the media? Why not, it’s an opinion.
    But I would still listen to those experts like Jon Masters (from RedHat) giving technical explanations during the FOSDEM 2018, that’s quite interesting in my opinion.
    http://bofh.nikhef.nl/events/FOSDEM/2018/Janson/closing_keynote.webm

    • Henrink Griefen says:

      This so-called expert knows nothing on the topic. His conference is bullshit, plain and simple, nothing more. Normal users don’t care about spectre meldown, they are not affected. Only obscure systems are affected. The attack is very complex. Not practical.

      • Steve Borrowoth says:

        lol !!!!

        and you want to tell us you are a better expert ???????? you prove here that you know nothing about computer security.

        read the meltdown paper before saying it is not practical !!!! there are example of exploiting it. IT IS EXPLOITABLE FOR REAL !!!!!

        now shut up your fucking mouth

  8. Patricia Fraser says:

    Hi folks – there’s room in Mageia for disagreement, but we kind of hope you can do it with courtesy…

  9. M.Z. says:

    From what I’ve read on the matter via Ars Technica & elsewhere the Spectre & Meltdown issues are big ones for those running websites in virtual machines and there are many vulnerable servers across all OS families. I know it’s not a huge issue for desktop users until they go on line & log into anything secure, but regardless I’m glad that Mageia is acting responsibly & trying to make all users more secure whether we are using Mageia for a server or a desktop. And of course those of us who only use desktop Linux better hope that whatever severs we connect to securely on line are powered by an OS working as hard to be secure as Mageia.

    Thanks for all the effort. Given both that & the issues I’ve been having with my Fedora install eating it’s copy of GRUB I think Mageia will be my goto Distro for doing secure on line transactions. I think Mageia would become the perfect distro for all desktop users if you defaulted to a more modern software center as an alternative to rpmdrake & did a few more things to add extra desktop polish.