Jump to content
funtoo forums
dkg

Meltdown patches

Recommended Posts

Any insights on Meltdown patches for containers?  I assume they are vulnerable (Intel Xeon), and that there is nothing I can do to patch it myself.

Share this post


Link to post
Share on other sites

Is there something that I need to do?  I don't seem to have a new kernel.

$ uname -a
Linux dkg 2.6.32-042stab123.3 #1 SMP Sun Jun 4 01:36:20 MDT 2017 x86_64 Intel(R) Xeon(R) CPU X5650 @ 2.67GHz GenuineIntel GNU/Linux

 

Share this post


Link to post
Share on other sites

Hello! If you search info about how to update/upgrade the kernel, check your kernel info: version and producer

# uname -r
4.14.2-1
# ls /boot
System.map-debian-sources-x86_64-4.14.2-1
System.map-debian-sources-x86_64-4.8.15-1
System.map-genkernel-x86_64-4.14.2-1
early_ucode.cpio
grub
initramfs-debian-sources-x86_64-4.14.2-1
initramfs-debian-sources-x86_64-4.8.15-1
initramfs-genkernel-x86_64-4.14.2-1
kernel-debian-sources-x86_64-4.14.2-1
kernel-debian-sources-x86_64-4.8.15-1
kernel-genkernel-x86_64-4.14.2-1
lost+found
memtest86.bin

# ls -la /usr/src/linux
lrwxrwxrwx 1 root root 27 янв  4 19:39 /usr/src/linux -> linux-debian-sources-4.14.2

The /usr/src/linux  points to /usr/src/linux-debian-sources-4.14.2 and the /boot directory contains debian-sorces archives. This says I use debian-sources.

Run these lines to upgrade the kernel

# eix-sync
# emere -auDN debian-sources

This will download and compile debian-sources that has meltdown&spectre  patch. Now this is linux-debian-sources-4.14.12-2. Directory /usr/src/linux-debian-sources-4.14.12-2 will appears. To check this run

# ls /usr/src
linux  linux-debian-sources-4.14.12  linux-debian-sources-4.14.2  linux-debian-sources-4.8.15

Also need the iniramfs in /boot. To check this

# ls /boot

or
# fdisk -l
# mount /dev/sda1 /boot
# ls /boot

If there is new kernel, update grub and reboot

# boot-update -v
# reboot

During booting grub will show you your new kernel version. But you will need to link /usr/src/linux to your new kernel for using it by default as described here https://www.funtoo.org/Funtoo_Linux_Kernels

# cd /usr/src
# rm linux
# ln -s linux-debian-sources-4.14.12 linux

 

Share this post


Link to post
Share on other sites
9 hours ago, Oleg Vinichenko said:

containers are sharing the host node kernel. Update has to be performed on that servers.

Hi.  I understand that the containers share the kernel on the host, and that the host kernel needs to be updated.  What I do not now, not being familiar with OpenVZ, is whether something additional needs to happen with the container, like rebooting it.  However, I did reboot my container yesterday, and did not see an updated kernel.  Any timeline on when the host kernels will get patched?  I saw on the OpenVZ support forums that they released a new kernel.

Share this post


Link to post
Share on other sites
6 hours ago, znavko said:

Hello! If you search info about how to update/upgrade the kernel, check your kernel info: version and producer

Hi.  Perhaps you didn't notice this was posted in the Funtoo Hosting forum.  I configure and compile my own kernels usually, but this is a completely different situation. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×