Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

which 4.9 kernel is the patched one for MX 16? [solved]

Help for Current Versions of MX
Message
Author
User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15938
Joined: Fri Dec 15, 2006 8:07 pm

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#11 Post by Stevo » Thu Jan 18, 2018 9:36 pm

Interestingly, the latest Liquorix kernel mentions retpoline, but exactly how much hardening this means is beyond me:
* enable retpoline per configuration refresh
From Wikipedia:
On January 4, 2018, Google detailed a new technique on their security blog called "Retpoline" (return trampoline)[46] which can overcome the Spectre vulnerability with a negligible amount of processor overhead. It involves compiler level steering of indirect branches towards a different target that does not result in a vulnerable speculative out-of-order execution taking place.[47][48] While it was developed for the x86 instruction set, the Google engineers believe the technique is transferable to other processors as well.[49]

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15938
Joined: Fri Dec 15, 2006 8:07 pm

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#12 Post by Stevo » Thu Jan 18, 2018 9:38 pm

lonesomepoint wrote:
Stevo wrote:However, 32-bit kernels currently don't offer any Meltdown mitigation at all.
What? I thought that was explicitly stated in Dolphin's notice. That was the point of my downloading the new kernel.

Not aimed at you, but some people still seem confused about that.

lonesomepoint
Forum Regular
Forum Regular
Posts: 340
Joined: Thu Oct 25, 2012 2:34 pm

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#13 Post by lonesomepoint » Thu Jan 18, 2018 9:50 pm

Stevo wrote:
lonesomepoint wrote:
Stevo wrote:Not aimed at you, but some people still seem confused about that.
Rereading the notice and trying to reconcile your statement with it.

...oh. The notice mentions only 64-bit kernels. You know, some of you could have told me several replies ago that I was wasting my time. I'll have to find out whether my Thinkpad T61 can even run 64-bit. (search results say yes...)

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15938
Joined: Fri Dec 15, 2006 8:07 pm

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#14 Post by Stevo » Fri Jan 19, 2018 6:41 pm

There is some hope for 32-bit kernels eventually: https://lkml.org/lkml/2018/1/16/668

Apparently, according to Inspectre, which I downloaded and ran with Wine, MS has not done anything for 32-bit Windows either.

lonesomepoint
Forum Regular
Forum Regular
Posts: 340
Joined: Thu Oct 25, 2012 2:34 pm

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#15 Post by lonesomepoint » Thu Feb 01, 2018 3:12 pm

Okay, so I've gotten back around to trying this again--upgrading to a new kernel using the MX package installer--now that I understand that I must have the 64-bit kernel in order to avoid Meltdown.

Um...why don't I see any 64-bit kernels in the list? There are only 32-bit kernels here [screenshot].
no 64-bit.png
I admit I don't remember whether I saw any 64-bit kernels available before, either, but then I wasn't looking for them.
You do not have the required permissions to view the files attached to this post.

User avatar
anticapitalista
Forum Veteran
Forum Veteran
Posts: 5668
Joined: Sat Jul 15, 2006 10:40 am

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#16 Post by anticapitalista » Thu Feb 01, 2018 3:30 pm

If you are using the 32 bit iso, then you won't see any 64 bit kernels
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX-17 "Heather Heyer" - lean and mean.
https://antixlinux.com

lonesomepoint
Forum Regular
Forum Regular
Posts: 340
Joined: Thu Oct 25, 2012 2:34 pm

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#17 Post by lonesomepoint » Thu Feb 01, 2018 3:46 pm

Got it, thanks. That's simple enough--off to switch ISOs. Until this problem, I had completely ignored 64-bit kernels, or ISOs or anything else 64-bit, because 32-bit served me perfectly well. Not used to thinking about what they require.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 15938
Joined: Fri Dec 15, 2006 8:07 pm

Re: which 4.9 kernel is the patched one for MX 16? [solved]

#18 Post by Stevo » Thu Feb 01, 2018 4:17 pm

Currently, there aren't any Meltdown or Spectre exploits in the wild, so you might just want to sit on 32-bit with the older kernel to avoid any performance loss that the fixes will create, especially on older machines (pre-Haswell). There is work being done on 32-bit kernels by very smart people, but it may take a while. I'm sure we'll be discussing that here.

Right now I'm porting over the newer 2.8.16 webk2gtk browser engines from stretch-backports and jessie-backports-sloppy, since they have a lot of security fixes, including for Spectre. They probably do a lot by reducing the browser engine timer accuracy (fuzzing it), because these attacks rely on very accurate timing, millionths and billionths of seconds, in order to pick up the information that's supposed to be protected. Those look like they need to go straight to main.

Future processors from Intel will probably have the extremely accurate timer function restricted to only privileged processes like the kernel; not accessible to userland processes like web browsers.

Post Reply

Return to “MX Help”