“spectre” and “meltdown” – security kernel upgrades

Forum Forums News Announcements “spectre” and “meltdown” – security kernel upgrades

This topic contains 62 replies, has 16 voices, and was last updated by Fonsis Apr 16-8:00 am.

Viewing 15 posts - 46 through 60 (of 63 total)
  • Author
    Posts
  • #6566
    Forum Admin
    anticapitalista
    anticapitalista

    Re-read my edited post

    Philosophers have interpreted the world in many ways; the point is to change it.

    #6567
    Member
    caprea
    caprea

    How did you solve , is not solved ?

    • This reply was modified 3 months ago by caprea.
    • This reply was modified 3 months ago by caprea.
    #6570
    Member
    sleekmason
    sleekmason

    Okay, installed the new broadcom-sta-dkms
    reinstalled kernel and headers, Same problem. ran reconfigure again and the problem still exists.

    error in terminal is:

    Building initial module for 4.14.14-antix.1-amd64-smp
    Error! Bad return status for module build on kernel: 4.14.14-antix.1-amd64-smp (x86_64)
    Consult /var/lib/dkms/broadcom-sta/6.30.223.271/build/make.log for more information.

    The error in make.log:

    DKMS make.log for broadcom-sta-6.30.223.271 for kernel 4.14.14-antix.1-amd64-smp (x86_64)
    Wed Feb 14 16:26:33 CST 2018
    /bin/sh: 1: [: Illegal number: 
    /bin/sh: 1: [: Illegal number: 
    Wireless Extension is the only possible API for this kernel version
    Using Wireless Extension API
    KBUILD_NOPEDANTIC=1 make -C /lib/modules/4.14.14-antix.1-amd64-smp/build M=<code>pwd</code>
    make[1]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.
    make[1]: Entering directory '/usr/src/linux-headers-4.14.14-antix.1-amd64-smp'
    CFG80211 API is prefered for this kernel version
    Using CFG80211 API
    Kernel architecture is X86_64
      AR      /var/lib/dkms/broadcom-sta/6.30.223.271/build/built-in.o
      CC [M]  /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.o
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.c: In function ‘osl_os_get_image_block’:
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.c:1083:26: warning: passing argument 2 of ‘kernel_read’ makes pointer from integer without a cast [-Wint-conversion]
      rdlen = kernel_read(fp, fp->f_pos, buf, len);
                              ^~
    In file included from ./include/linux/huge_mm.h:7:0,
                     from ./include/linux/mm.h:453,
                     from /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/include/linuxver.h:65,
                     from /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.c:25:
    ./include/linux/fs.h:2823:16: note: expected ‘void *’ but argument is of type ‘loff_t {aka long long int}’
     extern ssize_t kernel_read(struct file *, void *, size_t, loff_t *);
                    ^~~~~~~~~~~
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.c:1083:37: warning: passing argument 3 of ‘kernel_read’ makes integer from pointer without a cast [-Wint-conversion]
      rdlen = kernel_read(fp, fp->f_pos, buf, len);
                                         ^~~
    In file included from ./include/linux/huge_mm.h:7:0,
                     from ./include/linux/mm.h:453,
                     from /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/include/linuxver.h:65,
                     from /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.c:25:
    ./include/linux/fs.h:2823:16: note: expected ‘size_t {aka long unsigned int}’ but argument is of type ‘char *’
     extern ssize_t kernel_read(struct file *, void *, size_t, loff_t *);
                    ^~~~~~~~~~~
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.c:1083:42: warning: passing argument 4 of ‘kernel_read’ makes pointer from integer without a cast [-Wint-conversion]
      rdlen = kernel_read(fp, fp->f_pos, buf, len);
                                              ^~~
    In file included from ./include/linux/huge_mm.h:7:0,
                     from ./include/linux/mm.h:453,
                     from /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/include/linuxver.h:65,
                     from /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/shared/linux_osl.c:25:
    ./include/linux/fs.h:2823:16: note: expected ‘loff_t * {aka long long int *}’ but argument is of type ‘int’
     extern ssize_t kernel_read(struct file *, void *, size_t, loff_t *);
                    ^~~~~~~~~~~
      CC [M]  /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.o
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c: In function ‘wl_pci_probe’:
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c:774:2: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
      if ((val & 0x0000ff00) != 0)
      ^~
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c:776:3: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
       bar1_size = pci_resource_len(pdev, 2);
       ^~~~~~~~~
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c: In function ‘wl_monitor’:
    /var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.c:2915:10: error: ‘struct net_device’ has no member named ‘last_rx’
      skb->dev->last_rx = jiffies;
              ^~
    scripts/Makefile.build:314: recipe for target '/var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.o' failed
    make[2]: *** [/var/lib/dkms/broadcom-sta/6.30.223.271/build/src/wl/sys/wl_linux.o] Error 1
    Makefile:1518: recipe for target '_module_/var/lib/dkms/broadcom-sta/6.30.223.271/build' failed
    make[1]: *** [_module_/var/lib/dkms/broadcom-sta/6.30.223.271/build] Error 2
    make[1]: Leaving directory '/usr/src/linux-headers-4.14.14-antix.1-amd64-smp'
    Makefile:177: recipe for target 'all' failed
    make: *** [all] Error 2

    The module builds fine in the original kernel.

    #6573
    Member
    linuxdaddy
    linuxdaddy

    Hello,
    Spectre/meltdown question here
    If my cpu outputs “bugs : fxsave_leak sysret_ss_attrs swapgs_fence amd_e400 spectre_v1 spectre_v2”
    All of these bugs is kernel 4.14.14-antix.1-686-smp-pae the right one to be using or should I
    put the 4.9 patched one. I have included some of dmesg output and cpuinfo in the txt file.
    It’s running antix-17-full 32 bit.

    Attachments:
    1. cpuspectre.txt
    #6614
    Member
    sleekmason
    sleekmason

    **SOLVED for Broadcom-sta module problems. I currently am running kernel 4.14.14-antix.1-amd64-smp with no issues.
    Anti had it right, just needed to go one furthur.
    Install broadcom-sta-dkms from sid. Heres the link.
    broadcom-sta-dkms (6.30.223.271-8)

    Install by navigating to your ~/Downloads folder, and then:
    sudo dpkg -i broadcom-sta-dkms_6.30.223.271-8_all.deb

    Then do:
    for i in $(dpkg-query -l |grep "\-dkms" |awk '{print $2'}); do dpkg-reconfigure $i |tee -a /var/log/rebuild-dkms.log; done
    If the new kernel is already installed.
    Reboot.

    *Note, Before I tried using the package from sid, I had installed the broadcom-sta-source which dragged in some dependencies as well. If the above does not work for some reason, maybe try installing that. I don’t believe they are related.

    • This reply was modified 3 months ago by sleekmason.
    • This reply was modified 3 months ago by sleekmason.
    #6739
    Member
    partsman
    partsman

    Hi all 🙂
    Just was wondering will there be an updated iso in the near future with a kernel patched for
    spectre and meltdown and the latest security updates applied ?
    Or since I run live on a usb should I get busy with doing this myself ? LOL ! 😉
    Maybe we should even be doing like they are over at MX Linux and do monthly snapshots ?
    Anyway just thinking here 🙂 Thanks to all who reply 😉

    Anyone can build a fast processor. The trick is to build a fast system. (Seymour Cray)

    #6740
    Member

    skidoo

    Yes, will be. (was already announced & prior to release folks are betatesting new eudev)
    Yes. you can. (you can perform live-remaster, then followup by running live-kernel-replacer)
    No. (don’t hold your breath hoping for snapshots)

    #6855
    Member
    poorguy
    poorguy

    The new 4.15.4 kernel installed and works well on my old computers.

    Thanks.

    Under certain circumstances, profanity provides a relief denied even to prayer.
    (Mark Twain)

    Inspiration can be found in a pile of junk. Sometimes, you can put it together with a good imagination and invent something.
    (Thomas Edison)

    #6869
    Member

    greyowl

    Yes, will be. (was already announced & prior to release folks are betatesting new eudev)
    Yes. you can. (you can perform live-remaster, then followup by running live-kernel-replacer)
    No. (don’t hold your breath hoping for snapshots)

    What is your guess on how soon an updated iso (eg antiX 17.1) with a kernel patched for spectre and meltdown and with the latest security updates applied will be coming out? I’m holding off on putting antiX on another computer until the next updated version is available.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #6876
    Forum Admin
    anticapitalista
    anticapitalista

    What is your guess on how soon an updated iso (eg antiX 17.1) with a kernel patched for spectre and meltdown and with the latest security updates applied will be coming out? I’m holding off on putting antiX on another computer until the next updated version is available.

    In a couple of weeks, hopefully, maybe sooner.

    Just after I built the latest kernels, gcc got updated in jessie (antiX-16) and stretch (antiX-17) to be even more secure against spectre.
    So, I am building a new set of kernels that will be the most secure to date (at least for 64 bit users). These need testing of course.
    Once that is done, I can then build antiX-17.1

    Philosophers have interpreted the world in many ways; the point is to change it.

    #6891
    Member

    greyowl

    Thanks for the information on the coming version 17.1.
    It will be great to have a more secure system.
    I sure appreciate your work on this.

    Dell Latitude D610 laptop (1.86 GHz, 2G RAM, 32 bit) - antiX 17

    #6950
    Moderator
    fatmac
    fatmac

    Thanks for the information on the coming version 17.1.
    It will be great to have a more secure system.
    I sure appreciate your work on this.

    Likewise. 🙂

    (I’m upgraded with 4.15.4 on my main machine, but would love to have the newer installation media.)

    Linux (& BSD) since 1999

    #7010
    Moderator
    fatmac
    fatmac

    Just a note to mention that the kernel is now up to 4.15.5 – which should be in the new releases, (as per another thread).

    Linux (& BSD) since 1999

    #7959
    Member

    andfree

    I understand that the 4.9.75 is not patched, so I installed 4.9.87-antix.1-486-smp (32-bit) kernel to this old kit:

    System:    Host: antix1 Kernel: 4.9.87-antix.1-486-smp i686 bits: 32 gcc: 6.3.0
               Desktop: IceWM 1.4.2 Distro: antiX-17_386-base Heather Heyer 24 October 2017
    Machine:   Device: laptop System: Hewlett-Packard product: Presario 2100 v: KE.M1.54 serial: N/A
               Mobo: Hewlett-Packard model: 002A v: NS570 Version PQ1A74 serial: N/A
               BIOS: Phoenix v: KE.M1.54 date: 12/17/20022
    CPU:       Single core Mobile Intel Celeron (-UP-) 
               arch: Netburst Willamette rev.7 cache: 256 KB
               flags: (pae sse sse2) bmips: 3190 speed: 1595 MHz (max)
    Graphics:  Card: Advanced Micro Devices [AMD/ATI] RS200M [Radeon IGP 330M/340M/345M/350M]
               bus-ID: 01:05.0
               Display Server: X.Org 1.19.2
               drivers: ati,radeon (unloaded: modesetting,fbdev,vesa)
               Resolution: 1024x768@60.00hz
               OpenGL: renderer: Gallium 0.4 on llvmpipe (LLVM 3.9, 128 bits)
               version: 3.3 Mesa 13.0.6 Direct Render: Yes
    Audio:     Card ULi M5451 PCI AC-Link Controller Audio Device
               driver: snd_ali5451 port: 1000 bus-ID: 00:06.0
               Sound: Advanced Linux Sound Architecture v: k4.9.87-antix.1-486-smp
    Network:   Card-1: National DP83815 (MacPhyter) Ethernet Controller
               driver: natsemi port: 2400 bus-ID: 00:12.0
               IF: eth0 state: down mac: <filter>
               Card-2: Atheros TP-Link TL-WN821N v2 / TL-WN822N v1 802.11n [Atheros AR9170]
               driver: carl9170 usb-ID: 001-003
               IF: wlan0 state: N/A mac: N/A
    Drives:    HDD Total Size: 60.0GB (30.8% used)
               ID-1: /dev/sda model: TOSHIBA_MK6025GA size: 60.0GB
    Partition: ID-1: / size: 53G used: 16G (31%) fs: ext4 dev: /dev/sda1
               ID-2: swap-1 size: 2.18GB used: 0.00GB (0%) fs: swap dev: /dev/sda2
    Sensors:   System Temperatures: cpu: 45.0C mobo: N/A
               Fan Speeds (in rpm): cpu: N/A
    Info:      Processes: 126 Uptime: 10 min Memory: 99.6/487.8MB
               Init: SysVinit runlevel: 5 Gcc sys: 6.3.0
               Client: Shell (bash 4.4.121) inxi: 2.3.54 

    The installation gave me (too) this error message:

    Error! Bad return status for module build on kernel: 4.9.87-antix.1-486-smp (i686)
    Consult /var/lib/dkms/virtualbox-guest/5.2.4/build/make.log for more information.

    Afterwards, rebuilding dkms gave exactly the same error. It had given the same error when rebuilded dkms for 4.9.75 kernel, too.
    The new kernel seems to work without problems.

    #7960
    Forum Admin
    anticapitalista
    anticapitalista

    If you don’t use virtualbox or run antiX in it, you can remove these 3 packages

    virtualbox-guest-dkms
    virtualbox-guest-utils
    virtualbox-guest-x11

    Philosophers have interpreted the world in many ways; the point is to change it.

Viewing 15 posts - 46 through 60 (of 63 total)

You must be logged in to reply to this topic.