| 1 |
On Saturday, 13 July 2019 22:01:02 BST Rich Freeman wrote: |
| 2 |
> On Sat, Jul 13, 2019 at 4:16 PM Wols Lists <antlists@××××××××××××.uk> wrote: |
| 3 |
> > On 13/07/19 20:23, Mick wrote: |
| 4 |
> > > Thanks Corbin, I wonder if despite articles about microcode patch |
| 5 |
> > > releases to deal with spectre and what not, there are just no patches |
| 6 |
> > > made available for my aging AMD CPUs. |
| 7 |
> > |
| 8 |
> > Or Spectre and what not are Intel specific ... |
| 9 |
> > |
| 10 |
> > I know a lot of the reports said many of the exploits don't work on AMD. |
| 11 |
> > It's something to do with the way Intel has implemented speculative |
| 12 |
> > execution, and AMD doesn't use that technique. |
| 13 |
> |
| 14 |
> Some spectre-related vulnerabilities apply to AMD, and some do not. |
| 15 |
> Most of the REALLY bad ones do not, but I believe that some of the AMD |
| 16 |
> ones still require microcode updates to be mitigated in the most |
| 17 |
> efficient way. |
| 18 |
|
| 19 |
Yes, the A10 is vulnerable to: |
| 20 |
|
| 21 |
CVE-2017-5753 (Spectre Variant 1, bounds check bypass) |
| 22 |
CVE-2017-5715 (Spectre Variant 2, branch target injection) |
| 23 |
|
| 24 |
|
| 25 |
> Take a look in /sys/devices/system/cpu/vulnerabilities on your system |
| 26 |
> for the kernel's assessment of what vulnerabilities apply, and how |
| 27 |
> they are being mitigated. What you want to see is every single one |
| 28 |
> either saying "Not affected" or they start with "Mitigation:" If you |
| 29 |
> see one starting with something like Partial Mitigation or Vulnerable |
| 30 |
> you should Google if there is something you can do to improve this. |
| 31 |
> |
| 32 |
> Note that this assumes you have a current kernel. The kernel can only |
| 33 |
> report the vulnerabilities it knows about, so if you're running some |
| 34 |
> kernel from 9 months ago it won't know about everything. |
| 35 |
> |
| 36 |
> For reference, on my Ryzen 5 1600 I get: |
| 37 |
> for x in * ; do echo -n "$x: " ; cat $x ; done |
| 38 |
> |
| 39 |
> l1tf: Not affected |
| 40 |
> mds: Not affected |
| 41 |
> meltdown: Not affected |
| 42 |
> spec_store_bypass: Mitigation: Speculative Store Bypass disabled via |
| 43 |
> prctl and seccomp |
| 44 |
> spectre_v1: Mitigation: __user pointer sanitization |
| 45 |
> spectre_v2: Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling |
| 46 |
|
| 47 |
I get the same output on both AMD systems running gentoo-sources-4.19.57. |
| 48 |
|
| 49 |
I've also used this script for some more detailed checking and testing: |
| 50 |
|
| 51 |
https://github.com/speed47/spectre-meltdown-checker |
| 52 |
|
| 53 |
Unlike my old Intel which lights up like a christmas tree with "Vulnerable, no |
| 54 |
microcode found" because Intel has thrown its users to the kerb, both AMDs |
| 55 |
show "Not Vulnerable" and for some of the vulnerabilities it reports: |
| 56 |
|
| 57 |
(your CPU vendor reported your CPU model as not vulnerable) |
| 58 |
|
| 59 |
-- |
| 60 |
Regards, |
| 61 |
|
| 62 |
Mick |
Archives