[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 18/02/18 23:20, Julian Hall wrote: > Thanks for that! This is my result: > > Spectre and Meltdown mitigation detection tool v0.35 > > Checking for vulnerabilities on current system > Kernel is Linux 4.13.0-32-generic #35~16.04.1-Ubuntu SMP Thu Jan 25 > 10:13:43 UTC 2018 x86_64 > CPU is AMD Athlon(tm) II X4 620 Processor Well two out of three isn't bad - it's what most people not using very recent hardware and/or a rolling release distribution can reasonably expect. Your AMD fortunately isn't vulnerable to Meltdown at all and Spectre v1 is relatively trivially patched upstream by pretty much everyone at this point. The bad news is of course Spectre v2 which is the one that'll be haunting us for years - your CPU+chipset are realistically never going to get patched firmware so you're dependent on the performance impacting software fixes, namely a kernel+compiler with retpoline. Which you haven't got. It's this bit of your output: > * Mitigation 2 > * Kernel compiled with retpoline option: NO > * Kernel compiled with a retpoline-aware compiler: NO >> STATUS: VULNERABLE (Your kernel is compiled with IBRS but your CPU > microcode is lacking support to successfully mitigate the vulnerability) Specifically you don't need a retpoline-enabled compiler, you just need your distro-provider (Mint?) to ship a 'retpolined' kernel which they built with a retpoline-enabled version of GCC - I'm a bit surprised you haven't got this yet if you're fully up to date. Mint have a very disagreeable manner of handling new kernels so you might want to manually check to see if there isn't something much newer available, preferably 4.14 or even 4.15. My veteran i5 2500k is of a similar vintage to your AMD 620 so I'm in a similar situation on this box - hardware doesn't have IBRS/IBPB support and because it's Intel it's even vulnerable to Meltdown as well. However I've built a custom kernel on a boostrapped GCC-7.3.0 to get full retpoline protection so I get this: ghost@failbot:~/SRC$ sudo ./spectre-meltdown-checker.sh | grep VULNERABLE > STATUS: NOT VULNERABLE (Mitigation: __user pointer sanitization) > STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline - vulnerable module loaded) > STATUS: NOT VULNERABLE (Mitigation: PTI) ghost@failbot:~/SRC$ cat /proc/version Linux version 4.15.0-pf3-meowski+ (ghost@failbot) (gcc version 7.3.0 (GCC)) #1 SMP Sun Feb 18 21:25:49 GMT 2018 Cheers -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq