* dirty-pipe ?
@ 2022-03-09 12:26 gene heskett
2022-03-09 18:22 ` Arve Barsnes
0 siblings, 1 reply; 5+ messages in thread
From: gene heskett @ 2022-03-09 12:26 UTC (permalink / raw)
To: linux-rt-users
Greetings all;
Is this kernel vulnerable?
4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020 armv7l
GNU/Linux
If so, link to update patch please
Thank you.
Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dirty-pipe ?
2022-03-09 12:26 dirty-pipe ? gene heskett
@ 2022-03-09 18:22 ` Arve Barsnes
2022-03-09 19:15 ` Ralf Mardorf
2022-03-14 18:02 ` Daniel Wagner
0 siblings, 2 replies; 5+ messages in thread
From: Arve Barsnes @ 2022-03-09 18:22 UTC (permalink / raw)
To: linux-rt-users
On Wed, 9 Mar 2022 at 19:16, gene heskett <gheskett@shentel.net> wrote:
>
> Greetings all;
>
> Is this kernel vulnerable?
> 4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020 armv7l
> GNU/Linux
No, the vulnerability was introduced in kernel 5.8
Regards,
Arve
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dirty-pipe ?
2022-03-09 18:22 ` Arve Barsnes
@ 2022-03-09 19:15 ` Ralf Mardorf
2022-03-14 18:02 ` Daniel Wagner
1 sibling, 0 replies; 5+ messages in thread
From: Ralf Mardorf @ 2022-03-09 19:15 UTC (permalink / raw)
To: linux-rt-users
On Wed, 9 Mar 2022 19:22:15 +0100, Arve Barsnes wrote:
>On Wed, 9 Mar 2022 at 19:16, gene heskett <gheskett@shentel.net> wrote:
>> Is this kernel vulnerable?
>> 4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020
>> armv7l GNU/Linux
>
>No, the vulnerability was introduced in kernel 5.8
Hi,
that is my understanding, too, hence my reply yesterday on another
mailing list, see
https://lists.ubuntu.com/archives/ubuntu-users/2022-March/307093.html .
However, 4.19 kernels received many patches and I haven't verified
myself that non of those patches includes a backport introducing dirty
pipe or any other nasty issue.
Regards,
Ralf
--
[rocketmouse@archlinux ~]$ pacman -Q linux-rt{-cornflower,-pussytoes,,-securityink}|cut -d\ -f2
4.19.230_rt103-0.300
4.19.227_rt102-0.300
4.19.223_rt100-0.1000
4.19.219_rt97-0.300
[rocketmouse@archlinux ~]$ echo $(uname -srvm;zgrep CONFIG_AUDIT\ /proc/config.gz || zgrep CONFIG_AUDIT= /proc/config.gz);echo;cat /proc/cmdline;echo;grep . /sys/devices/system/cpu/vulnerabilities/* | cut -d/ -f7;rtirq status|head -8
Linux 4.19.230-rt103-0.300-cornflower #1 SMP PREEMPT RT Tue, 22 Feb 2022 07:30:23 +0100 x86_64 # CONFIG_AUDIT is not set
BOOT_IMAGE=../vmlinuz-linux-rt-cornflower root=LABEL=s3.archlinux ro initrd=../intel-ucode.img,../initramfs-linux-rt-cornflower.img
itlb_multihit:KVM: Mitigation: Split huge pages
l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
mds:Mitigation: Clear CPU buffers; SMT disabled
meltdown:Mitigation: PTI
spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1:Mitigation: usercopy
spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
srbds:Mitigation: Microcode
tsx_async_abort:Not affected
PID CLS RTPRIO NI PRI %CPU STAT COMMAND
142 FF 90 - 130 0.0 S irq/24-xhci_hcd
153 FF 90 - 130 0.0 S irq/16-ehci_hcd
156 FF 89 - 129 0.0 S irq/23-ehci_hcd
312 FF 85 - 125 0.0 S irq/16-snd_hdsp
339 FF 80 - 120 0.0 S irq/16-snd_ice1
42 FF 50 - 90 0.0 S irq/9-acpi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dirty-pipe ?
2022-03-09 18:22 ` Arve Barsnes
2022-03-09 19:15 ` Ralf Mardorf
@ 2022-03-14 18:02 ` Daniel Wagner
[not found] ` <1752976.GyQ78RL1t7@coyote>
1 sibling, 1 reply; 5+ messages in thread
From: Daniel Wagner @ 2022-03-14 18:02 UTC (permalink / raw)
To: Arve Barsnes; +Cc: linux-rt-users
On Wed, Mar 09, 2022 at 07:22:15PM +0100, Arve Barsnes wrote:
> On Wed, 9 Mar 2022 at 19:16, gene heskett <gheskett@shentel.net> wrote:
> >
> > Greetings all;
> >
> > Is this kernel vulnerable?
> > 4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020 armv7l
> > GNU/Linux
>
> No, the vulnerability was introduced in kernel 5.8
And the latest release is v4.19.233-rt105, while you are still on
v4.19.71-rt24. So you are missing out of other security bug fixes for
sure. As GregKH would say: All users of the 4.19(-rt) kernel series must
upgrade.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dirty-pipe ?
[not found] ` <1752976.GyQ78RL1t7@coyote>
@ 2022-03-15 9:35 ` Daniel Wagner
0 siblings, 0 replies; 5+ messages in thread
From: Daniel Wagner @ 2022-03-15 9:35 UTC (permalink / raw)
To: gene heskett; +Cc: linux-rt-users
On Mon, Mar 14, 2022 at 07:02:12PM -0400, gene heskett wrote:
> For armhf, thats probably best addressed with a quilt command in my
> present rpi4 working kernel for buster. Is it possible to autogenerate
> that quilt file?
quilt series are just a file containing one file name per line, so you
can generate the quilt series by something like
ls -1 *.patch > quilt-series
The patches you can get via 'git format-patch
v4.19.233..v4.19.233-rt105' from the v4.19-rt-rebase branch. Note my
instruction might not work out of the box, you need to adapt your local
setup.
> And what quilt stuff do I need to install on the rpi4?
The compile toolchain, git and quilt?
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-04-06 20:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-09 12:26 dirty-pipe ? gene heskett
2022-03-09 18:22 ` Arve Barsnes
2022-03-09 19:15 ` Ralf Mardorf
2022-03-14 18:02 ` Daniel Wagner
[not found] ` <1752976.GyQ78RL1t7@coyote>
2022-03-15 9:35 ` Daniel Wagner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.