On 24 January 2018 at 10:53, Michael Fothergill < michael.fotherg...@gmail.com> wrote:
> > > >> >> The neowin link above has a link to a Phoronix article[1], which >> suggests you need GCC 8.0, or maybe 7.3 if a backport succeeds. That was >> 9 days ago, of course ... Stretch only has 6.3, and even sid only has >> 7.2, so I don't see it hitting debian soon. >> >> Richard >> >> [1] >> https://www.phoronix.com/scan.php?page=news_item&px=Linux-4. >> 9-4.14-Retpoline > > > Some new patches are coming soon: > > https://www.phoronix.com/scan.php?page=news_item&px=Spectre- > Variant-One-Linux-4.16 > > https://www.phoronix.com/scan.php?page=news_item&px=LLVM-Retpoline-Added > > I have posted a query on the gentoo forum asking if I have a recent enough > version of gcc etc for the retpoline. > > There is a test program you can install and run and it will tell you if > both the meltdown and spectre patched are installed which I will try out. > > Looks like your all going to have to run the latest kernels....(J) > > Regards > > MF > PS I installed the spectre meltdown checker and ran it:djt /home/mikef/spectre-meltdown-checker # ./spectre-meltdown-checker.sh Spectre and Meltdown mitigation detection tool v0.32 Checking for vulnerabilities on current system Kernel is Linux 4.14.14-gentoo #1 SMP Tue Jan 23 13:06:23 GMT 2018 x86_64 CPU is AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable) > STATUS: VULNERABLE (Vulnerable) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable) * Mitigation 1 * Hardware support (CPU microcode) * Indirect Branch Restricted Speculation (IBRS) * SPEC_CTRL MSR is available: NO * CPU indicates IBRS capability: NO * Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: NO * CPU indicates IBPB capability: NO * Kernel is compiled with IBRS/IBPB support: NO * Currently enabled features * IBRS enabled for Kernel space: NO * IBRS enabled for User space: NO * IBPB enabled: NO * Mitigation 2 * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: NO (kernel reports minimal retpoline compilation) * Retpoline enabled: YES > STATUS: VULNERABLE (Vulnerable: Minimal AMD ASM retpoline) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Mitigated according to the /sys interface: YES (kernel confirms that your CPU is unaffected) * Kernel supports Page Table Isolation (PTI): YES * PTI enabled and active: NO * Running under Xen PV (64 bits): NO > STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not vulnerable) A false sense of security is worse than no security at all, see --disclaimer djt /home/mikef/spectre-meltdown-checker # ie it's there but GCC 7.2 can't install it. If you look at the discussion here: https://forums.gentoo.org/viewtopic-p-8174746.html#8174746 you will see that I need to install gcc 7.3.0rc1 time to compile your own kernels... Cheers MF > > > > > > > > >