LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Since mainline-kernel, presumably 4.16.7, no content in /boot/retpoline-4.16.x-xxxxx-config. Why? (https://www.linuxquestions.org/questions/linux-security-4/since-mainline-kernel-presumably-4-16-7-no-content-in-boot-retpoline-4-16-x-xxxxx-config-why-4175629681/)

Andreas7 05-14-2018 08:14 AM
Since mainline-kernel, presumably 4.16.7, no content in /boot/retpoline-4.16.x-xxxxx-config. Why?
 
Hallo together!

Sorry, i speak only bad english, better only a few words. I hope you can understand me.

Presumably since mainline-kernel 4.16.7, current 4.16.8 is in /boot/retpoline-4.16.8-041608-config no order more, what will be do retpoline agains spectre_v2 attack. The file is absolutly blank. Under mainline-kernel 4.16.6 was this not so.

My question is now, how protect the mainline-kernel 4.16.8 agains spectre_v2 with retpoline? And especially without exact order, what to do.

For the others installed kernel are the exact order for example in /boot/retpoline-4.13-xxx-config with the content:

PHP Code:
arch/x86/platform/efi/efi_stub_64..text efi_call callq *%rdi
arch/x86/platform/efi/efi_thunk_64..text efi64_thunk callq *%rbx
arch/x86/platform/efi/efi_thunk_64..text efi_enter32 callq *%rdi
drivers/watchdog/hpwdt..text asminline_call callq *%r12 
I think, without exact order what should do retpoline agains a spectre_v2 attack, is retpoline in kernel senceless.

I have copy the content from /boot/retpoline-4.13-xxxx-config in /boot/retpoline_4.16.8-xxxx-config.

But I don't no, is this right so. I think yes, but I don't no. Can somebody help me perhaps?

Thank You, very much!

Andreas7

frankbell 05-15-2018 06:58 PM
What distro/version.

Your user agent icon says "Ubuntu," but that might mean one of a number of *buntus, plus you may not be using the machine you are asking about.

Andreas7 05-15-2018 08:12 PM
Hi frankbell and thanks! Hi together!

The distro is kubuntu (xenial). Sorry, why do you want to knows this? What has this to do with the blank current retpoline-4.16.8-xxxxx-generic?


Bye, Andreas7

Andreas7 05-23-2018 05:06 PM
Hello everybody!



I have discovered kernel 4.15 in the package sources here, as a hwe-edge package. Have then replaced the hwe package with kernel 4.13 against the package with kernel 4.15.

With kernel 4.13 there was the file retpoline .... 4.13 .....- generic with content still in / boot.
But even the kernel 4.15 installed from the Ubuntu repositories will only create an empty file in / boot retpoline-4.15 .... generic. Just as it is the case with Mainline Kernel 4.16.

At least it seems that this is normal now. But I still do not understand it. Or were the retpoline files with content about no guidance on what to do in a specter_v2 attack.

So I find that currently still very strange. Since there was more or less all the time in / boot the retpoline ... generic files with the same content. Currently, this is only the case with Kernel 4.4.

And suddenly these files are suddenly without content? Without instructions, what to do with spectre_v2 attacks? Provided, of course, /boot/retpoline....-generic were the work instructions.



Greeting Andi

AwesomeMachine 05-29-2018 01:36 PM
retpoline is one fix for spectre. But there are others now. You can install 'spectre-meltdown-checker' and check the system for vulnerabilities.


All times are GMT -5. The time now is 10:10 AM.