On Wed, Feb 7, 2018 at 6:41 AM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > how can it be that now after GCC with retpoline support is even available > for users the kernel builds suddenly using an old one? > Sorry, I had been using overrides to make sure we were using the new compiler before it was pushed as an update. I assumed it was there now. I will not push this kernel to stable, 4.14.18 should build today. Justin > ______________________________________ > > 4.14.16-300.fc27.x86_64 > Kernel compiled with a retpoline-aware compiler: YES (kernel reports > full retpoline compilation) > STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline) > > 4.14.17-300.fc27.x86_64 > Kernel compiled with a retpoline-aware compiler: NO (kernel reports > minimal retpoline compilation) > STATUS: VULNERABLE (Vulnerable: Minimal generic ASM retpoline) > ______________________________________ > > Spectre and Meltdown mitigation detection tool v0.33 > > Checking for vulnerabilities on current system > Kernel is Linux 4.14.17-300.fc27.x86_64 #1 SMP Mon Feb 5 14:12:30 UTC 2018 > x86_64 > CPU is Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz > > Hardware check > * Hardware support (CPU microcode) for mitigation techniques > * Indirect Branch Restricted Speculation (IBRS) > * SPEC_CTRL MSR is available: NO > * CPU indicates IBRS capability: NO > * Indirect Branch Prediction Barrier (IBPB) > * PRED_CMD MSR is available: NO > * CPU indicates IBPB capability: NO > * Single Thread Indirect Branch Predictors (STIBP) > * SPEC_CTRL MSR is available: NO > * CPU indicates STIBP capability: NO > * Enhanced IBRS (IBRS_ALL) > * CPU indicates ARCH_CAPABILITIES MSR availability: NO > * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO > * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): > UNKNOWN > * CPU microcode is known to cause stability problems: NO > * CPU vulnerability to the three speculative execution attacks variants > * Vulnerable to Variant 1: YES > * Vulnerable to Variant 2: YES > * Vulnerable to Variant 3: YES > > CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' > * Mitigated according to the /sys interface: NO (kernel confirms your > system is vulnerable) > > STATUS: VULNERABLE (Vulnerable) > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > * Mitigated according to the /sys interface: NO (kernel confirms your > system is vulnerable) > * Mitigation 1 > * Kernel is compiled with IBRS/IBPB support: NO > * Currently enabled features > * IBRS enabled for Kernel space: NO > * IBRS enabled for User space: NO > * IBPB enabled: NO > * Mitigation 2 > * Kernel compiled with retpoline option: YES > * Kernel compiled with a retpoline-aware compiler: NO (kernel reports > minimal retpoline compilation) > * Retpoline enabled: YES > > STATUS: VULNERABLE (Vulnerable: Minimal generic ASM retpoline) > > CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' > * Mitigated according to the /sys interface: YES (kernel confirms that > the mitigation is active) > * Kernel supports Page Table Isolation (PTI): YES > * PTI enabled and active: YES > * Running as a Xen PV DomU: NO > > STATUS: NOT VULNERABLE (Mitigation: PTI) > _______________________________________________ > kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
