| dax | !kpti | 01:20 |
|---|---|---|
| ubottu | Spectre and Meltdown are security issues that affect most processors, mitigated by a set of Linux kernel patches named KPTI. | General info: https://spectreattack.com/ | Ubuntu (and flavors) info: http://ubottu.com/y/ubukpti/ | An Ubuntu Security Notice will be released when updates are available, subscribe at https://usn.ubuntu.com/usn/ | 01:20 |
| dax | !-kpti | 01:20 |
| ubottu | kpti aliases: kaiser, spectre, meltdown - added by dax on 2018-01-03 21:09:51 - last edited by dax on 2018-01-05 00:58:01 | 01:20 |
| dax | not sure this is gonna fit on one line | 01:27 |
| dax | !no, meltdown is <reply> Meltdown is a security issue affecting (primarily) Intel processors. It is mitigated by Linux kernel patches named KPTI. Ubuntu released security updates for 14.04, 16.04, and 17.10 with these patches. 17.04 will not receive this update. 18.04 will ship with kernel 4.15, which is patched already. 16.04 has updates for Linux 4.4 (release) and 4.13 (HWE), installs with 4.10 should | 01:27 |
| ubottu | I'll remember that dax | 01:27 |
| dax | upgrade to 4.13. | 01:27 |
| dax | lol | 01:27 |
| dax | !no, meltdown is <reply> Meltdown is a security issue with (primarily) Intel processors. It's mitigated by kernel patches named KPTI. Ubuntu released them in security updates for 14.04, 16.04, and 17.10. 17.04 will not receive this update. 18.04 will ship with kernel 4.15, which is patched already. 16.04 has updates for Linux 4.4 (release) and 4.13 (HWE), installs with 4.10 should upgrade to 4.13. | 01:27 |
| ubottu | I'll remember that dax | 01:27 |
| dax | !no, kpti is <alias> meltdown | 01:28 |
| ubottu | I'll remember that dax | 01:28 |
| dax | !forget kaiser | 01:28 |
| ubottu | I'll forget that, dax | 01:28 |
| dax | !-spectre | 01:28 |
| ubottu | spectre is <alias> kpti - added by dax on 2018-01-03 22:56:29 | 01:28 |
| dax | !no, spectre is <reply> Spectre is a security issue in almost all modern processors, which was released along with !Meltdown (but is not the same thing). While there are several initiatives underway to mitigate it, there is no "magic bullet" software fix. Ubuntu is monitoring ongoing efforts and will provide security updates as they become available. See !usn for security update notifications. | 01:30 |
| ubottu | I'll remember that dax | 01:30 |
| dax | !nopti is <reply> KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), KPTI has a sigificant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub but should only be done if absolutely necessary. | 01:34 |
| ubottu | I'll remember that, dax | 01:34 |
| dax | !nopti =~ s/should/this should/ | 01:34 |
| ubottu | I'll remember that dax | 01:34 |
| dax | !meltdown =~ s/$/ See also !spectre, !nopti/ | 01:35 |
| ubottu | I'll remember that dax | 01:35 |
| dax | !meltdown | 01:35 |
| ubottu | Meltdown is a security issue with (primarily) Intel processors. It's mitigated by kernel patches named KPTI. Ubuntu released them in security updates for 14.04, 16.04, and 17.10. 17.04 will not receive this update. 18.04 will ship with kernel 4.15, which is patched already. 16.04 has updates for Linux 4.4 (release) and 4.13 (HWE), installs with 4.10 should upgrade to 4.13. See also !spectre, !nopti | 01:35 |
| dax | \o/ | 01:35 |
| dax | !nopti =~ s/sigificant/significant/ | 01:40 |
| ubottu | I'll remember that dax | 01:40 |
| dax | !nopti =~ s/especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), // | 01:54 |
| ubottu | Too many (or not enough) delimiters | 01:54 |
| dax | !nopti =~ s#especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), ## | 01:54 |
| ubottu | Nothing changed there | 01:54 |
| dax | !nopti | 01:54 |
| ubottu | KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), KPTI has a significant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub but this should only be done if absolutely necessary. | 01:54 |
| dax | !nopti =~ s^especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), ^^ | 01:54 |
| ubottu | Nothing changed there | 01:54 |
| dax | hrm | 01:54 |
| dax | !no, nopti is <reply> KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, KPTI has a significant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub but this should only be done if absolutely necessary. | 01:55 |
| ubottu | I'll remember that dax | 01:55 |
| dax | !nopti =~ s/.$/ because it will disable proctections against Meltdown./ | 02:04 |
| ubottu | I'll remember that dax | 02:04 |
| dax | !nopti =~ s/.$/ and thus allows any malicious user process to read memory and probably escalate to root./ | 02:05 |
| ubottu | I'll remember that dax | 02:05 |
| dax | !nopti | 02:05 |
| ubottu | KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, KPTI has a significant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub but this should only be done if absolutely necessary because it will disable proctections against Meltdown and thus allows any malicious user process to read memory and probably escalate to root. | 02:05 |
| dax | !nopti =~ s/ but this/. This/ | 02:06 |
| ubottu | I'll remember that dax | 02:06 |
| dax | !nopti | 02:06 |
| ubottu | KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, KPTI has a significant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub. This should only be done if absolutely necessary because it will disable proctections against Meltdown and thus allows any malicious user process to read memory and probably escalate to root. | 02:06 |
| dax | !nopti =~ s/allows/allow/ | 02:06 |
| ubottu | I'll remember that dax | 02:06 |
| dax | (sorry for all the noise) | 02:06 |
| dax | !nopti | 02:06 |
| ubottu | KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, KPTI has a significant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub. This should only be done if absolutely necessary because it will disable proctections against Meltdown and thus allow any malicious user process to read memory and probably escalate to root. | 02:06 |
| dax | !nopti =~ s/proctections/protections/ | 02:07 |
| ubottu | I'll remember that dax | 02:07 |
| dax | oh hell, let's do another topic while we're at it | 02:37 |
| dax | !search lenovo | 02:38 |
| ubottu | Found: | 02:38 |
| dax | !lenovobug is <reply> Current Ubuntu 17.10 ISOs contain a bug that makes firmware memory read-only. The bug description on https://pad.lv/1734147 contains more information and fixes for users affected by this issue. The kernel in the 17.10 repositories has been updated and will not trigger this bug, so upgrading is now safe. Ubuntu 17.10 ISOs will be re-released on January 11th with updated, safe, | 02:40 |
| dax | packages. | 02:40 |
| ubottu | Launchpad bug 1734147 in linux (Ubuntu Artful) "corrupted BIOS due to Intel SPI bug in kernel" [Critical,Fix released] | 02:40 |
| ubottu | I'll remember that, dax | 02:40 |
| dax | dangit | 02:40 |
| dax | !no, lenovobug is <reply> Current Ubuntu 17.10 ISOs contain a bug that makes firmware memory read-only. https://pad.lv/1734147 contains more information and fixes for users affected by this issue. The kernel in the 17.10 repositories has been updated and will not trigger this bug, so upgrading is now safe. Ubuntu 17.10 ISOs will be re-released on January 11th with updated, safe, packages. | 02:41 |
| ubottu | I'll remember that dax | 02:41 |
| dax | !artfulrespin is <alias> lenovobug | 02:41 |
| ubottu | I'll remember that, dax | 02:41 |
| dax | !intel-spi is <alias> lenovobug | 02:41 |
| ubottu | I'll remember that, dax | 02:41 |
| dax | !intelspi is <alias> lenovobug | 02:41 |
| ubottu | I'll remember that, dax | 02:41 |
| dax | better late than never. | 02:41 |
| TJ- | dax: the current 17.10 ISOs are fixed, see http://iso.qa.ubuntu.com/qatracker/milestones/385/builds and http://cdimage.ubuntu.com/artful/daily-live/pending/ | 02:43 |
| dax | those aren't "the current 17.10 ISOs" until Thursday | 02:43 |
| dax | and yes, I'm aware of the testing ISOs :) | 02:43 |
| dax | hrm, i swear i saw somewhere on LP saying upgrades were safe, but now that i'm double-checking i can't find it | 02:48 |
| dax | "We have not done this because the kernel you get with a dist-upgrade is /fixed/ to no longer trigger this issue." yay ok good | 02:49 |
| TJ- | the kernels without SPI_INTEL_SPI_PLATFORM being published, you mean? | 02:50 |
| TJ- | ah, right | 02:50 |
| JackFrost | https://launchpad.net/ubuntu/+source/linux/4.13.0-21.24 | 02:50 |
| dax | thanks JackFrost, meltdown crapped all over the publishing history and i'm too tired to find it from there | 02:50 |
| JackFrost | Indeed. | 02:50 |
| lotuspsychje | morning guys, could anyone reload ubottu for right kernels on the kpti its happening on !usn | 03:48 |
| lotuspsychje | tnx | 03:49 |
| ikonia | hey TJ- | 12:01 |
| TJ- | hallo. Oh, it auto-reconnected after last night! | 12:13 |
| === JackFrost is now known as Unit193 | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!