On 23 February 2018 at 14:05, mlnl <m...@mailbox.org> wrote: > Hi, > > > Can it be true? A version of gcc that runs on stretch that will > > compile the latest fancy spectre fixes etc? > > with latest vanilla kernel 4.15.4 and updated gcc-6: > > CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' > * Mitigated according to the /sys interface: YES (kernel confirms that > the mitigation is active) > * Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 > bits array_index_mask_nospec()) > > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization) > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > * Mitigated according to the /sys interface: YES (kernel confirms that > the mitigation is active) > * Mitigation 1 > * Kernel is compiled with IBRS/IBPB support: NO > * Currently enabled features > * IBRS enabled for Kernel space: NO > * IBRS enabled for User space: NO > * IBPB enabled: NO > * Mitigation 2 > * Kernel compiled with retpoline option: YES > * Kernel compiled with a retpoline-aware compiler: YES (kernel > reports full retpoline compilation) > * Retpoline enabled: NO > > STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline) > > CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' > * Mitigated according to the /sys interface: YES (kernel confirms that > the mitigation is active) > * Kernel supports Page Table Isolation (PTI): YES > * PTI enabled and active: YES > * Running as a Xen PV DomU: NO > > STATUS: NOT VULNERABLE (Mitigation: PTI) > Absolutely whale harpooned it....
Great stuff. Cheers MF > > grep bugs /proc/cpuinfo > bugs : cpu_meltdown spectre_v1 spectre_v2 > model name : Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz > > > > stepping : 3 > > > > microcode : 0x22 > > -- > mlnl > >
