1 |
On 18/01/18 20:31, Nikos Chantziaras wrote: |
2 |
> On 18/01/18 10:28, Adam Carter wrote: |
3 |
>> Nice; |
4 |
>> |
5 |
>> $ ls /sys/devices/system/cpu/vulnerabilities/ |
6 |
>> meltdown spectre_v1 spectre_v2 |
7 |
>> $ cat /sys/devices/system/cpu/vulnerabilities/meltdown |
8 |
>> Mitigation: PTI |
9 |
>> $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 |
10 |
>> Vulnerable |
11 |
>> $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
12 |
>> Vulnerable: Minimal generic ASM retpoline |
13 |
> |
14 |
> Good to know! Thanks. |
15 |
> |
16 |
> For Spectre, GCC 7.3 is needed, which isn't released yet, but AFAIK is |
17 |
> being fast-tracked for release by upstream. There's plans to backport to |
18 |
> GCC 6 as well. |
19 |
|
20 |
GCC 7.3.0 is now in the tree (~arch). If you want full mitigation |
21 |
against Spectre v2, you need to build the kernel with that version. |
22 |
|
23 |
For this to work, you need to enable CONFIG_RETPOLINE in the kernel: |
24 |
|
25 |
Processor type and features |
26 |
[*] Avoid speculative indirect branches in kernel |
27 |
|
28 |
Rebuild kernel and modules and you should see something like this: |
29 |
|
30 |
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
31 |
Mitigation: Full generic retpoline |