Re: warning about spectre with last kernel update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le 17/02/2018 à 18:11, Wolfgang Pfeiffer a écrit :
> On Sat, 17 Feb 2018 13:25:06 +0100
> François Patte <francois.patte@xxxxxxxxxxxxxxxxxxxx> wrote:
> 
>> Le 17/02/2018 à 12:59, Ed Greshko a écrit :
>>> On 02/17/18 18:12, François Patte wrote:  
>>>> I just updated f27 and the new installed kernel
>>>> (4.15.3-300.fc27.x86_64), sends these messages at boot time:
>>>>
>>>> kernel: Spectre V2 : Mitigation: Full generic retpoline
>>>> kernel: Spectre V2 : System may be vulnerable to spectre v2
>>>>
>>>> What do they mean and what to do? Waiting for next kernel update?  
>>>
>>>
>>> It may mean that your particular CPU is not fully protected by the recent kernel patches.
>>>
>>> Cat the files in /sys/devices/system/cpu/vulnerabilities
>>>
>>> FWIW, my systems have ....
>>>
>>> [egreshko@acer vulnerabilities]$ cat meltdown
>>> Mitigation: PTI
>>>
>>> [egreshko@acer vulnerabilities]$ cat spectre_v1
>>> Mitigation: __user pointer sanitization  
>>
>> Same as you.
>>
>>>
>>> [egreshko@acer vulnerabilities]$ cat spectre_v2
>>> Mitigation: Full generic retpoline  
>>
>> this one gives:
>>
>> Mitigation: Full generic retpoline - vulnerable module loaded
>>
>> But does not give the module name!!
> 
> You might want to try and see your last boot messages (or any logs for
> might matter ...)
> 
> journalctl -b
> 
> Then search for Spectre and retpoline (maybe changing upper/lower case)
> and the messages before and after these found instances .. look hard ...

journalctl -b | grep -i retpoline

returns that virtualbox drivers (vboxdrv, vboxnetflt, vboxnetadp,
vboxpci) and nvidia driver were not compiled with a retpoline compiler....

As these modules are compiled on board with gcc using akmod, I suppose
that gcc is not a retpoline compiler.

What can I do?


-- 
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux