On 24 January 2018 at 11:21, Michael Fothergill < michael.fotherg...@gmail.com> wrote:
> > > On 24 January 2018 at 10:53, Michael Fothergill < > michael.fotherg...@gmail.com> wrote: > >> >> >> >>> >>> The neowin link above has a link to a Phoronix article[1], which >>> suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was >>> 9 days ago, of course ... Stretch only has 6.3, and even sid only has >>> 7.2, so I don't see it hitting debian soon. >>> >>> Richard >>> >>> [1] >>> https://www.phoronix.com/scan.php?page=news_item&px=Linux-4. >>> 9-4.14-Retpoline >> >> >> Some new patches are coming soon: >> >> https://www.phoronix.com/scan.php?page=news_item&px=Spectre- >> Variant-One-Linux-4.16 >> >> https://www.phoronix.com/scan.php?page=news_item&px=LLVM-Retpoline-Added >> >> I have posted a query on the gentoo forum asking if I have a recent >> enough version of gcc etc for the retpoline. >> >> There is a test program you can install and run and it will tell you if >> both the meltdown and spectre patched are installed which I will try out. >> >> Looks like your all going to have to run the latest kernels....(J) >> >> Regards >> >> MF >> > > > PS I installed the spectre meltdown checker and ran it:djt > /home/mikef/spectre-meltdown-checker # ./spectre-meltdown-checker.sh > Spectre and Meltdown mitigation detection tool v0.32 > > Checking for vulnerabilities on current system > Kernel is Linux 4.14.14-gentoo #1 SMP Tue Jan 23 13:06:23 GMT 2018 x86_64 > CPU is AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G > > CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' > * Mitigated according to the /sys interface: NO (kernel confirms your > system is vulnerable) > > STATUS: VULNERABLE (Vulnerable) > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > * Mitigated according to the /sys interface: NO (kernel confirms your > system is vulnerable) > * Mitigation 1 > * Hardware support (CPU microcode) > * Indirect Branch Restricted Speculation (IBRS) > * SPEC_CTRL MSR is available: NO > * CPU indicates IBRS capability: NO > * Indirect Branch Prediction Barrier (IBPB) > * PRED_CMD MSR is available: NO > * CPU indicates IBPB capability: NO > * Kernel is compiled with IBRS/IBPB support: NO > * Currently enabled features > * IBRS enabled for Kernel space: NO > * IBRS enabled for User space: NO > * IBPB enabled: NO > * Mitigation 2 > * Kernel compiled with retpoline option: YES > * Kernel compiled with a retpoline-aware compiler: NO (kernel reports > minimal retpoline compilation) > * Retpoline enabled: YES > > STATUS: VULNERABLE (Vulnerable: Minimal AMD ASM retpoline) > > CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' > * Mitigated according to the /sys interface: YES (kernel confirms that > your CPU is unaffected) > * Kernel supports Page Table Isolation (PTI): YES > * PTI enabled and active: NO > * Running under Xen PV (64 bits): NO > > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not > vulnerable) > > A false sense of security is worse than no security at all, see > --disclaimer > djt /home/mikef/spectre-meltdown-checker # > > ie it's there but GCC 7.2 can't install it. > > If you look at the discussion here: > > https://forums.gentoo.org/viewtopic-p-8174746.html#8174746 > > you will see that I need to install gcc 7.3.0rc1 > > time to compile your own kernels... > > Cheers > > MF > PPS GCC 7.3 is coming soon: https://www.phoronix.com/scan.php?page=news_item&px=GCC-7.3-In-January so, problem solved..... > > > > > > > > > > > >> >> >> >> >> >> >> >> >> >
