On Sat, 17 Feb 2018 13:25:06 +0100 François Patte <francois.patte@xxxxxxxxxxxxxxxxxxxx> wrote: > Le 17/02/2018 à 12:59, Ed Greshko a écrit : > > On 02/17/18 18:12, François Patte wrote: > >> I just updated f27 and the new installed kernel > >> (4.15.3-300.fc27.x86_64), sends these messages at boot time: > >> > >> kernel: Spectre V2 : Mitigation: Full generic retpoline > >> kernel: Spectre V2 : System may be vulnerable to spectre v2 > >> > >> What do they mean and what to do? Waiting for next kernel update? > > > > > > It may mean that your particular CPU is not fully protected by the recent kernel patches. > > > > Cat the files in /sys/devices/system/cpu/vulnerabilities > > > > FWIW, my systems have .... > > > > [egreshko@acer vulnerabilities]$ cat meltdown > > Mitigation: PTI > > > > [egreshko@acer vulnerabilities]$ cat spectre_v1 > > Mitigation: __user pointer sanitization > > Same as you. > > > > > [egreshko@acer vulnerabilities]$ cat spectre_v2 > > Mitigation: Full generic retpoline > > this one gives: > > Mitigation: Full generic retpoline - vulnerable module loaded > > But does not give the module name!! You might want to try and see your last boot messages (or any logs for might matter ...) journalctl -b Then search for Spectre and retpoline (maybe changing upper/lower case) and the messages before and after these found instances .. look hard ... If that does not help, you might try that: Just reboot, and see whether that changes anything. Still no joy? try this: dnf list kernel\* --enablerepo=updates-testing (this should nothing install, just check for updates in testing). See: https://fedoraproject.org/wiki/QA:Updates_Testing#Enabling_the_repository_temporarily and see whether there are updates in the pipeline to install (careful!) .. or - next option, and again:careful! - install a vanilla kernel from a non-official repo for Fedora - more on it here: https://fedoraproject.org/wiki/Kernel_Vanilla_Repositories On a F26 I have a 4.15 kernel installed recently from that repo, running so far smoothly (didn't test it too hard, so far). But read the FAQ beforehand mentioned on that page: These kernels don't have - IIRC - the kernels patched specifically for Fedora. Just vanilla ... Here: % uname -srvm Linux 4.15.3-300.vanilla.knurd.1.fc26.x86_64 #1 SMP Mon Feb 12 06:36:22 UTC 2018 x86_64 % grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline HTH, and Good Luck! Regards -- Wolfgang Pfeiffer _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
