* Backport of KPTI to 2.6.32 available @ 2018-01-11 17:42 Corey Minyard 2018-01-11 17:55 ` Willy Tarreau 2018-01-11 20:32 ` Greg KH 0 siblings, 2 replies; 4+ messages in thread From: Corey Minyard @ 2018-01-11 17:42 UTC (permalink / raw) To: linux-kernel I've completed a backport of KPTI from linux-stable-3.2.y to 2.6.32.71, in case anyone is interested and wants to avoid all the work I went through. It's available at: https://github.com/MontaVista-OpenSourceTechnology/linux-nonlts-secfix.git linux-2.6.32-secfix I'll try to keep it up to date with fixes andn with Spectre fixes. A 3.10 branch will hopefully be coming, too. -corey ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Backport of KPTI to 2.6.32 available 2018-01-11 17:42 Backport of KPTI to 2.6.32 available Corey Minyard @ 2018-01-11 17:55 ` Willy Tarreau 2018-01-11 20:32 ` Greg KH 1 sibling, 0 replies; 4+ messages in thread From: Willy Tarreau @ 2018-01-11 17:55 UTC (permalink / raw) To: Corey Minyard; +Cc: linux-kernel Hi Corey, On Thu, Jan 11, 2018 at 11:42:38AM -0600, Corey Minyard wrote: > I've completed a backport of KPTI from linux-stable-3.2.y to 2.6.32.71, in > case anyone is interested and wants to avoid all the work I went through. > It's available at: > > https://github.com/MontaVista-OpenSourceTechnology/linux-nonlts-secfix.git > linux-2.6.32-secfix Well, good job on this, thanks for sharing! However, this is just a friendly reminder to everyone still running 2.6.32 that during my 3.10 maintenance period after I dropped 2.6.32, I saw a significant number of bugs affecting older versions, 2.6.32 included. So if people are using your branch above to pick your patches and apply them to their locally maintained kernel, that's possibly fine. However please guys don't run just the kernel above as-is as it's definitely missing a few hundreds of fixes (~1300 were fixed in 3.10 since 2.6.32.71 was released, some addressing local privilege escalations). Cheers, Willy ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Backport of KPTI to 2.6.32 available 2018-01-11 17:42 Backport of KPTI to 2.6.32 available Corey Minyard 2018-01-11 17:55 ` Willy Tarreau @ 2018-01-11 20:32 ` Greg KH 2018-01-11 21:10 ` Corey Minyard 1 sibling, 1 reply; 4+ messages in thread From: Greg KH @ 2018-01-11 20:32 UTC (permalink / raw) To: Corey Minyard; +Cc: linux-kernel On Thu, Jan 11, 2018 at 11:42:38AM -0600, Corey Minyard wrote: > I've completed a backport of KPTI from linux-stable-3.2.y to 2.6.32.71, in > case anyone is interested and wants to avoid all the work I went through. > It's available at: > > https://github.com/MontaVista-OpenSourceTechnology/linux-nonlts-secfix.git > linux-2.6.32-secfix > > I'll try to keep it up to date with fixes andn with Spectre fixes. That's crazy, why update it now, when it's missing hundreds, if not thousands, of other much more severe security fixes? What makes this one more "urgent" than all of the others? Anyway, anyone running this branch is getting a very false sense of "I'm running a fixed kernel!" I strongly recommend it not be used for anything... > A 3.10 branch will hopefully be coming, too. Again, why? There's backports for this in the android-common tree if you really want it. But again, you really do not. thanks, greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Backport of KPTI to 2.6.32 available 2018-01-11 20:32 ` Greg KH @ 2018-01-11 21:10 ` Corey Minyard 0 siblings, 0 replies; 4+ messages in thread From: Corey Minyard @ 2018-01-11 21:10 UTC (permalink / raw) To: Greg KH; +Cc: linux-kernel On 01/11/2018 02:32 PM, Greg KH wrote: > On Thu, Jan 11, 2018 at 11:42:38AM -0600, Corey Minyard wrote: >> I've completed a backport of KPTI from linux-stable-3.2.y to 2.6.32.71, in >> case anyone is interested and wants to avoid all the work I went through. >> It's available at: >> >> https://github.com/MontaVista-OpenSourceTechnology/linux-nonlts-secfix.git >> linux-2.6.32-secfix >> >> I'll try to keep it up to date with fixes andn with Spectre fixes. > That's crazy, why update it now, when it's missing hundreds, if not > thousands, of other much more severe security fixes? What makes this > one more "urgent" than all of the others? > > Anyway, anyone running this branch is getting a very false sense of "I'm > running a fixed kernel!" I strongly recommend it not be used for > anything... Yes, this is not useful as it is, you must be maintaining the kernel separately. I put this out as a help to anyone else who might need this. I certainly don't expect it to be used as-is. >> A 3.10 branch will hopefully be coming, too. > Again, why? There's backports for this in the android-common tree if > you really want it. But again, you really do not. Oh yeah, I guess the android kernel would be the way to go here. Never mind. -corey ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-01-11 21:10 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-01-11 17:42 Backport of KPTI to 2.6.32 available Corey Minyard 2018-01-11 17:55 ` Willy Tarreau 2018-01-11 20:32 ` Greg KH 2018-01-11 21:10 ` Corey Minyard
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox