On 23 February 2018 at 14:14, Michael Fothergill < michael.fotherg...@gmail.com> wrote:
> > > On 23 February 2018 at 14:05, mlnl <m...@mailbox.org> wrote: > >> Hi, >> >> > Can it be true? A version of gcc that runs on stretch that will >> > compile the latest fancy spectre fixes etc? >> >> with latest vanilla kernel 4.15.4 and updated gcc-6: >> >> CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' >> * Mitigated according to the /sys interface: YES (kernel confirms that >> the mitigation is active) >> * Kernel has array_index_mask_nospec: YES (1 occurence(s) found of 64 >> bits array_index_mask_nospec()) >> > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization) >> >> CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' >> * Mitigated according to the /sys interface: YES (kernel confirms that >> the mitigation is active) >> * Mitigation 1 >> * Kernel is compiled with IBRS/IBPB support: NO >> * Currently enabled features >> * IBRS enabled for Kernel space: NO >> * IBRS enabled for User space: NO >> * IBPB enabled: NO >> * Mitigation 2 >> * Kernel compiled with retpoline option: YES >> * Kernel compiled with a retpoline-aware compiler: YES (kernel >> reports full retpoline compilation) >> * Retpoline enabled: NO >> > Wot? How can retpoline not be enabled but the status is not vulnerable...... > > STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline) >> >> CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' >> * Mitigated according to the /sys interface: YES (kernel confirms that >> the mitigation is active) >> * Kernel supports Page Table Isolation (PTI): YES >> * PTI enabled and active: YES >> * Running as a Xen PV DomU: NO >> > STATUS: NOT VULNERABLE (Mitigation: PTI) >> > > Absolutely whale harpooned it.... > > Great stuff. > > Cheers > > MF > > >> >> grep bugs /proc/cpuinfo >> bugs : cpu_meltdown spectre_v1 spectre_v2 >> model name : Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz >> >> >> >> stepping : 3 >> >> >> >> microcode : 0x22 >> >> -- >> mlnl >> >> >
