Bug#888263: Spectre : release kernel 4.9.77 to stretch before p-u

2018-01-24 Thread Julien Aubin 
Le 24 janv. 2018 14:07, "Yves-Alexis Perez"  a écrit :

On Wed, 2018-01-24 at 14:03 +0100, Julien Aubin wrote:
> I know it... :'( But as you rebuild the kernel image the updated compiler
> may come a bit later w/o needing another kernel update ?

I'm not really sure we will do a kernel binNMU in stretch-pu, but in any
case
that's a discussion for when we will actually have a fix.
>
> Anyway if you want someone to test the updates please push the updated
> packages to stretch-p-u and I'll tell you if it works on my four boxes
which
> are :
> - An Intel Core i7 4790 w/ NVidia blob 384.111
> - An AMD Phenom 9850 w/ NVidia blob 384.111
> - An Intel Core i7 4800MQ laptop
> - An Intel NUC Atom Apollo Lake

You'll be notified when the upload is done and this bug is closed, so you'll
be able to test at that point.

Regards,
--
Yves-Alexis


Okay so whatever you decide w/ security team (retpoline fixes only or full
4.9.77) I can test if it helps.

Bug#888263: Spectre : release kernel 4.9.77 to stretch before p-u

2018-01-24 Thread Yves-Alexis Perez 
On Wed, 2018-01-24 at 14:03 +0100, Julien Aubin wrote:
> I know it... :'( But as you rebuild the kernel image the updated compiler
> may come a bit later w/o needing another kernel update ?

I'm not really sure we will do a kernel binNMU in stretch-pu, but in any case
that's a discussion for when we will actually have a fix.
> 
> Anyway if you want someone to test the updates please push the updated
> packages to stretch-p-u and I'll tell you if it works on my four boxes which
> are :
> - An Intel Core i7 4790 w/ NVidia blob 384.111
> - An AMD Phenom 9850 w/ NVidia blob 384.111
> - An Intel Core i7 4800MQ laptop
> - An Intel NUC Atom Apollo Lake

You'll be notified when the upload is done and this bug is closed, so you'll
be able to test at that point.

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#888263: Spectre : release kernel 4.9.77 to stretch before p-u

2018-01-24 Thread Julien Aubin 
2018-01-24 13:52 GMT+01:00 Yves-Alexis Perez :

> On Wed, 2018-01-24 at 13:43 +0100, Julien Aubin wrote:
> > Package: linux-image-4.9.0-5-amd64
> > Version: 4.9.65-3+deb9u2
> > Severity: serious
> > Tags: security
> > Justification: root security hole
> >
> > Hi,
> >
> > Now that kernel release 4.9.77 has been released and contains the full
> > retpoline fixes, could you please bring it to stretch before the next
> p-u ?
>
> Hi,
>
> work on 4.9.77 is mostly done, so yes I'd like to push it to stretch before
> next point relase. 4.9.78 is just out but I'm unsure if we want to hold it
> or
> not.
> >
> > I know this situation is quite exceptionnal, but all the Spectre story
> is.
> > I'm not sure backporting only the required changes for retpoline would be
> > that easy.
>
> That beeing said, retpoline support in the kernel is not enough. It also
> needs
> gcc fixes, which are not yet available, as far as I can tell. So while we
> can
> push an updated kernel to stretch, spectre won't be mitigated.
>

I know it... :'( But as you rebuild the kernel image the updated compiler
may come a bit later w/o needing another kernel update ?

Anyway if you want someone to test the updates please push the updated
packages to stretch-p-u and I'll tell you if it works on my four boxes
which are :
- An Intel Core i7 4790 w/ NVidia blob 384.111
- An AMD Phenom 9850 w/ NVidia blob 384.111
- An Intel Core i7 4800MQ laptop
- An Intel NUC Atom Apollo Lake

Rgds,

>
> Regards,
> --
> Yves-Alexis

Bug#888263: Spectre : release kernel 4.9.77 to stretch before p-u

2018-01-24 Thread Yves-Alexis Perez 
On Wed, 2018-01-24 at 13:43 +0100, Julien Aubin wrote:
> Package: linux-image-4.9.0-5-amd64
> Version: 4.9.65-3+deb9u2
> Severity: serious
> Tags: security
> Justification: root security hole
> 
> Hi,
> 
> Now that kernel release 4.9.77 has been released and contains the full
> retpoline fixes, could you please bring it to stretch before the next p-u ?

Hi,

work on 4.9.77 is mostly done, so yes I'd like to push it to stretch before
next point relase. 4.9.78 is just out but I'm unsure if we want to hold it or
not.
> 
> I know this situation is quite exceptionnal, but all the Spectre story is.
> I'm not sure backporting only the required changes for retpoline would be
> that easy.

That beeing said, retpoline support in the kernel is not enough. It also needs
gcc fixes, which are not yet available, as far as I can tell. So while we can
push an updated kernel to stretch, spectre won't be mitigated.

Regards,
-- 
Yves-Alexis

signature.asc
Description: This is a digitally signed message part

Bug#888263: Spectre : release kernel 4.9.77 to stretch before p-u

2018-01-24 Thread Julien Aubin 
Package: linux-image-4.9.0-5-amd64
Version: 4.9.65-3+deb9u2
Severity: serious
Tags: security
Justification: root security hole

Hi,

Now that kernel release 4.9.77 has been released and contains the full
retpoline fixes, could you please bring it to stretch before the next p-u ?

I know this situation is quite exceptionnal, but all the Spectre story is.
I'm not sure backporting only the required changes for retpoline would be
that easy.

Thanks a lot,