On 23 February 2018 at 16:28, Michael Lange <klappn...@freenet.de> wrote:
> Hi, > > On Fri, 23 Feb 2018 16:52:12 +0100 > Felipe Salvador <felipe.salva...@gmail.com> wrote: > > (...) > > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > > > * Mitigated according to the /sys interface: YES (kernel confirms > > > that the mitigation is active) > > > * Mitigation 1 > > > * Kernel is compiled with IBRS/IBPB support: NO > > > * Currently enabled features > > > * IBRS enabled for Kernel space: NO > > > * IBRS enabled for User space: NO > > > * IBPB enabled: NO > > > * Mitigation 2 > > > * Kernel compiled with retpoline option: YES > > > * Kernel compiled with a retpoline-aware compiler: YES (kernel > > > reports full retpoline compilation) > > > * Retpoline enabled: NO > > ^^ > > I get the same result. I wonder why reptoline is disabled. > > I asked myself the same question (same result here). Maybe the answer is > that it is a bug in the script? With the latest version from github the > respective part here now looks like: > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > * Mitigated according to the /sys interface: YES (kernel confirms that > the mitigation is active) > * Mitigation 1 > * Kernel is compiled with IBRS/IBPB support: NO > * Currently enabled features > * IBRS enabled for Kernel space: NO > * IBRS enabled for User space: NO > * IBPB enabled: NO > * Mitigation 2 > * Kernel compiled with retpoline option: YES > * Kernel compiled with a retpoline-aware compiler: YES (kernel reports > full retpoline compilation) > > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline) > That is a bit topsy turvy.... But maybe it's saying that the compilation did work after all. Regards MF > > Regards > > Michael > > .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. > > Death. Destruction. Disease. Horror. That's what war is all about. > That's what makes it a thing to be avoided. > -- Kirk, "A Taste of Armageddon", stardate 3193.0 > >
