On 23 January 2018 at 21:16, Sven Hartge <s...@svenhartge.de> wrote: > Nicholas Geovanis <nickgeova...@gmail.com> wrote: > > > I've installed the patch for CVE-2017-5754 as well as the microcode > update: > > Well, Intel majorly fscked up their microcodes and strongly recommends > to revert to an earlier BIOS/UEFI firmware (if possible) and also > advised all vendors shipping microcode as a separate package (meaning > VMware and all Linux vendors here) to revert to the version from > November 2017, which so far all major Linux distributions have done. > > (Debian didn't even ship the update for Stable/Oldstable because the > problems where already showing two weeks ago.) > > So, right now, unless you have the latest bleeding edge kernel, compiled > with a repoline-aware pre-release GCC, you will be vulnerable for > CVE-2017-5753 (Spectre#1) and CVE-2017-5715 (Spectre#2) for quite some > time. > > Hi there, I am running kernel 4.14.14 under gentoo testing on an AMD kaveri box.
The version of GCC I am using is 7.2. Whether that means the reptoline patch is working for me I am not quite sure but it could be I guess..... Someone who is smarter than the average bear has written a patch for the spectre problem with no performance penalty: https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414 I am not sure if you can do this as debian testing or experimental. Cheers Michael Fothergill > > # uname -a > > Linux ftp51 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) > > x86_64 GNU/Linux > > # dmesg | grep isolation > > [ 0.000000] Kernel/User page tables isolation: enabled > > > And yet, the widely-recommended test script at > > https://raw.githubusercontent.com/speed47/spectre-meltdown- > checker/master/spectre-meltdown-checker.sh > > Did you run the script as root? Did you use the most recent version of > it? It gets developed quite rapidly, maybe you got a version which was > not correctly functioning at that moment, giving that you download the > script from the master-branch instead of one of the tagged releases. > > S° > > -- > Sigmentation fault. Core dumped. > >
