1 |
On Saturday, 13 July 2019 22:01:02 BST Rich Freeman wrote: |
2 |
> On Sat, Jul 13, 2019 at 4:16 PM Wols Lists <antlists@××××××××××××.uk> wrote: |
3 |
> > On 13/07/19 20:23, Mick wrote: |
4 |
> > > Thanks Corbin, I wonder if despite articles about microcode patch |
5 |
> > > releases to deal with spectre and what not, there are just no patches |
6 |
> > > made available for my aging AMD CPUs. |
7 |
> > |
8 |
> > Or Spectre and what not are Intel specific ... |
9 |
> > |
10 |
> > I know a lot of the reports said many of the exploits don't work on AMD. |
11 |
> > It's something to do with the way Intel has implemented speculative |
12 |
> > execution, and AMD doesn't use that technique. |
13 |
> |
14 |
> Some spectre-related vulnerabilities apply to AMD, and some do not. |
15 |
> Most of the REALLY bad ones do not, but I believe that some of the AMD |
16 |
> ones still require microcode updates to be mitigated in the most |
17 |
> efficient way. |
18 |
|
19 |
Yes, the A10 is vulnerable to: |
20 |
|
21 |
CVE-2017-5753 (Spectre Variant 1, bounds check bypass) |
22 |
CVE-2017-5715 (Spectre Variant 2, branch target injection) |
23 |
|
24 |
|
25 |
> Take a look in /sys/devices/system/cpu/vulnerabilities on your system |
26 |
> for the kernel's assessment of what vulnerabilities apply, and how |
27 |
> they are being mitigated. What you want to see is every single one |
28 |
> either saying "Not affected" or they start with "Mitigation:" If you |
29 |
> see one starting with something like Partial Mitigation or Vulnerable |
30 |
> you should Google if there is something you can do to improve this. |
31 |
> |
32 |
> Note that this assumes you have a current kernel. The kernel can only |
33 |
> report the vulnerabilities it knows about, so if you're running some |
34 |
> kernel from 9 months ago it won't know about everything. |
35 |
> |
36 |
> For reference, on my Ryzen 5 1600 I get: |
37 |
> for x in * ; do echo -n "$x: " ; cat $x ; done |
38 |
> |
39 |
> l1tf: Not affected |
40 |
> mds: Not affected |
41 |
> meltdown: Not affected |
42 |
> spec_store_bypass: Mitigation: Speculative Store Bypass disabled via |
43 |
> prctl and seccomp |
44 |
> spectre_v1: Mitigation: __user pointer sanitization |
45 |
> spectre_v2: Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling |
46 |
|
47 |
I get the same output on both AMD systems running gentoo-sources-4.19.57. |
48 |
|
49 |
I've also used this script for some more detailed checking and testing: |
50 |
|
51 |
https://github.com/speed47/spectre-meltdown-checker |
52 |
|
53 |
Unlike my old Intel which lights up like a christmas tree with "Vulnerable, no |
54 |
microcode found" because Intel has thrown its users to the kerb, both AMDs |
55 |
show "Not Vulnerable" and for some of the vulnerabilities it reports: |
56 |
|
57 |
(your CPU vendor reported your CPU model as not vulnerable) |
58 |
|
59 |
-- |
60 |
Regards, |
61 |
|
62 |
Mick |