Announcement

**dungeon** · 28 January 2018, 06:36 PM

http://lkml.iu.edu/hypermail/linux/k...1.3/02794.html

ah, you posted it now

To note, what we already know but someone might not

Also, it is worth pointing out that it's not like we're "done" with
spectre/meltdown. There is more work pending (arm, spectre-v1, misc
details), and perhaps equally importantly, to actually get the biggest
fix for the indirect branch mitigations, you need not just the kernel
updates, you need to have a compiler with support for the "retpoline"
indirect branch model.

You can do

cat /sys/devices/system/cpu/vulnerabilities/spectre_v2

and if you don't have a compiler that supports the retpoline
mitigations, you'll get:

Vulnerable: Minimal generic ASM retpoline

because only the assembly code (not the C code) will have the
retpoline mitigation. So keep that in mind.

AMD users will get "Vulnerable: Minimal AMD ASM retpoline", some non x86 users will get "Not affected" and so on

For example RPi users are not affected by neither Meltdown nor Spectre, but PPC users seems are affected by Meltdown but not by Spectre, while AMD users not by Meltdown but is affected by Spectre and so on...

only Intel seems affected clearly by both

Entire spectre is there

Just keep it up to date... hopefully we will get spectre of fixed new CPUs soon, so we don't require to prepare plus run all this BS

Because boring really is good.

The Word.

Code:

> cat /proc/sys/kernel/osrelease
4.15.0
> cat /sys/devices/system/cpu/vulnerabilities/*
Not affected
Vulnerable
Vulnerable: Minimal AMD ASM retpoline

I see no point until spectre_v1 fixes to bother about fixed compiler... let it be like it is for now

**Noee** · 28 January 2018, 07:56 PM

Sorry, brah, but fwiw, Tumbleweed here (Kernel:HEAD), Ryzen5:

Code:

mike@ryzen5:~> cat /proc/sys/kernel/osrelease
4.15.0-rc8-2.ge9a240d-default

mike@ryzen5:~> cat /sys/devices/system/cpu/vulnerabilities/*
Not affected
Vulnerable
Mitigation: Full AMD retpoline

**dungeon** · 28 January 2018, 08:02 PM

Sorry brah but on spectre_v1 we are still vulnerable... so to be continued

And once all BS is there it make sense to do some benchmarks

FWIW is does not worth totally, as it require one more to be boring again

**starshipeleven** · 28 January 2018, 09:41 PM

Opensuse tumbleweed, last 4.14 kernel and Intel(R) Xeon(R) CPU E3-1275 V2 @ 3.50GHz

Code:

openSUSE-xeon:/ # uname -a
Linux openSUSE-xeon 4.14.15-1-default #1 SMP PREEMPT Thu Jan 25 13:26:16 UTC 2018 (5b3d0ce) x86_64 x86_64 x86_64 GNU/Linux  

openSUSE-xeon:/# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline

**dungeon** · 28 January 2018, 09:54 PM

Yeah it is all (or if not quite all, it will be) backported to older kernels (at least these longterm on kernel.org)... only that 4.9 and older got kaiser variant

Same as GCC 8 switches, backported to 7.3 and will likely be on some even older.

Only spectre_v1 is overall missing so that BS is complete

**dungeon** · 29 January 2018, 01:22 AM

Originally posted by Linux_Chemist

$ cat /sys/devices/system/cpu/vulnerabilities/*
Mitigation: PTI
Vulnerable
Mitigation: Full generic retpoline

custom kernel built with retpoline-patched GCC 7.3 on intel i5-3570k. May all those concerned with patching these vulnerabilities keep up their splendid work!

Actually i did the same for my Debian Jessie installation with GCC 7.3.0, as God knows when this will be backported to GCC 4.x and to land there:

Code:

> cat /sys/devices/system/cpu/vulnerabilities/*
Not affected
Vulnerable
Mitigation: Full AMD retpoline

Now just to test how much shit this full return of trampolines is... i guess these with slow HDDs will notice the worse

**ryszardzonk** · 29 January 2018, 03:47 AM

So let's say I have linux guest on which only trusted software is running and there is only single user account how do I disable reptoline? Does adding noreptoline at boot still work like in early patches?

**predator7** · 29 January 2018, 05:26 AM

Is there or will be support for amdgpu.dc=1 on GCN1/SI ?

**dungeon** · 29 January 2018, 05:38 AM

Originally posted by ryszardzonk View Post

So let's say I have linux guest on which only trusted software is running and there is only single user account how do I disable reptoline? Does adding noreptoline at boot still work like in early patches?

That is nospectre_v2 now, while spectre_v2 have several options, etc...

https://git.kernel.org/pub/scm/linux...parameters.txt

Announcement

Linux 4.15 Kernel Released, Time For The Linux 4.16 Merge Window

Linux 4.15 Kernel Released, Time For The Linux 4.16 Merge Window

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment