On 26/04/18 13:28, Peter Humphrey wrote:
On Thursday, 26 April 2018 11:13:12 BST Adam Carter wrote:
Does grep . /sys/devices/system/cpu/vulnerabilities/* find anything?
# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic
ASM retpoline, IBPB, IBRS_FW
That means the kernel implements the needed mitigations, except for full
GCC retpoline, which requires a recent GCC (7.3.0 here.) I don't know if
6.4.0 supports it.
