* dirty-pipe ? @ 2022-03-09 12:26 gene heskett 2022-03-09 18:22 ` Arve Barsnes 0 siblings, 1 reply; 5+ messages in thread From: gene heskett @ 2022-03-09 12:26 UTC (permalink / raw) To: linux-rt-users Greetings all; Is this kernel vulnerable? 4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020 armv7l GNU/Linux If so, link to update patch please Thank you. Cheers, Gene Heskett. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dirty-pipe ? 2022-03-09 12:26 dirty-pipe ? gene heskett @ 2022-03-09 18:22 ` Arve Barsnes 2022-03-09 19:15 ` Ralf Mardorf 2022-03-14 18:02 ` Daniel Wagner 0 siblings, 2 replies; 5+ messages in thread From: Arve Barsnes @ 2022-03-09 18:22 UTC (permalink / raw) To: linux-rt-users On Wed, 9 Mar 2022 at 19:16, gene heskett <gheskett@shentel.net> wrote: > > Greetings all; > > Is this kernel vulnerable? > 4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020 armv7l > GNU/Linux No, the vulnerability was introduced in kernel 5.8 Regards, Arve ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dirty-pipe ? 2022-03-09 18:22 ` Arve Barsnes @ 2022-03-09 19:15 ` Ralf Mardorf 2022-03-14 18:02 ` Daniel Wagner 1 sibling, 0 replies; 5+ messages in thread From: Ralf Mardorf @ 2022-03-09 19:15 UTC (permalink / raw) To: linux-rt-users On Wed, 9 Mar 2022 19:22:15 +0100, Arve Barsnes wrote: >On Wed, 9 Mar 2022 at 19:16, gene heskett <gheskett@shentel.net> wrote: >> Is this kernel vulnerable? >> 4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020 >> armv7l GNU/Linux > >No, the vulnerability was introduced in kernel 5.8 Hi, that is my understanding, too, hence my reply yesterday on another mailing list, see https://lists.ubuntu.com/archives/ubuntu-users/2022-March/307093.html . However, 4.19 kernels received many patches and I haven't verified myself that non of those patches includes a backport introducing dirty pipe or any other nasty issue. Regards, Ralf -- [rocketmouse@archlinux ~]$ pacman -Q linux-rt{-cornflower,-pussytoes,,-securityink}|cut -d\ -f2 4.19.230_rt103-0.300 4.19.227_rt102-0.300 4.19.223_rt100-0.1000 4.19.219_rt97-0.300 [rocketmouse@archlinux ~]$ echo $(uname -srvm;zgrep CONFIG_AUDIT\ /proc/config.gz || zgrep CONFIG_AUDIT= /proc/config.gz);echo;cat /proc/cmdline;echo;grep . /sys/devices/system/cpu/vulnerabilities/* | cut -d/ -f7;rtirq status|head -8 Linux 4.19.230-rt103-0.300-cornflower #1 SMP PREEMPT RT Tue, 22 Feb 2022 07:30:23 +0100 x86_64 # CONFIG_AUDIT is not set BOOT_IMAGE=../vmlinuz-linux-rt-cornflower root=LABEL=s3.archlinux ro initrd=../intel-ucode.img,../initramfs-linux-rt-cornflower.img itlb_multihit:KVM: Mitigation: Split huge pages l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled mds:Mitigation: Clear CPU buffers; SMT disabled meltdown:Mitigation: PTI spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp spectre_v1:Mitigation: usercopy spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling srbds:Mitigation: Microcode tsx_async_abort:Not affected PID CLS RTPRIO NI PRI %CPU STAT COMMAND 142 FF 90 - 130 0.0 S irq/24-xhci_hcd 153 FF 90 - 130 0.0 S irq/16-ehci_hcd 156 FF 89 - 129 0.0 S irq/23-ehci_hcd 312 FF 85 - 125 0.0 S irq/16-snd_hdsp 339 FF 80 - 120 0.0 S irq/16-snd_ice1 42 FF 50 - 90 0.0 S irq/9-acpi ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dirty-pipe ? 2022-03-09 18:22 ` Arve Barsnes 2022-03-09 19:15 ` Ralf Mardorf @ 2022-03-14 18:02 ` Daniel Wagner [not found] ` <1752976.GyQ78RL1t7@coyote> 1 sibling, 1 reply; 5+ messages in thread From: Daniel Wagner @ 2022-03-14 18:02 UTC (permalink / raw) To: Arve Barsnes; +Cc: linux-rt-users On Wed, Mar 09, 2022 at 07:22:15PM +0100, Arve Barsnes wrote: > On Wed, 9 Mar 2022 at 19:16, gene heskett <gheskett@shentel.net> wrote: > > > > Greetings all; > > > > Is this kernel vulnerable? > > 4.19.71-rt24-v7l+ #1 SMP PREEMPT RT Thu Feb 6 07:09:18 EST 2020 armv7l > > GNU/Linux > > No, the vulnerability was introduced in kernel 5.8 And the latest release is v4.19.233-rt105, while you are still on v4.19.71-rt24. So you are missing out of other security bug fixes for sure. As GregKH would say: All users of the 4.19(-rt) kernel series must upgrade. ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <1752976.GyQ78RL1t7@coyote>]
* Re: dirty-pipe ? [not found] ` <1752976.GyQ78RL1t7@coyote> @ 2022-03-15 9:35 ` Daniel Wagner 0 siblings, 0 replies; 5+ messages in thread From: Daniel Wagner @ 2022-03-15 9:35 UTC (permalink / raw) To: gene heskett; +Cc: linux-rt-users On Mon, Mar 14, 2022 at 07:02:12PM -0400, gene heskett wrote: > For armhf, thats probably best addressed with a quilt command in my > present rpi4 working kernel for buster. Is it possible to autogenerate > that quilt file? quilt series are just a file containing one file name per line, so you can generate the quilt series by something like ls -1 *.patch > quilt-series The patches you can get via 'git format-patch v4.19.233..v4.19.233-rt105' from the v4.19-rt-rebase branch. Note my instruction might not work out of the box, you need to adapt your local setup. > And what quilt stuff do I need to install on the rpi4? The compile toolchain, git and quilt? ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-04-06 20:05 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-09 12:26 dirty-pipe ? gene heskett
2022-03-09 18:22 ` Arve Barsnes
2022-03-09 19:15 ` Ralf Mardorf
2022-03-14 18:02 ` Daniel Wagner
[not found] ` <1752976.GyQ78RL1t7@coyote>
2022-03-15 9:35 ` Daniel Wagner
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.