similar to: Meltdown and Spectre

Hi folks, Firstly; apologies in advance for what is a head wrecker of keeping on top of the speculative mitigations and also if this is a duplicate email; my first copy didn't seem to make it into the archive. Also a disclaimer that I may have misunderstood elements of the below but please bear with me. I write this hoping to find out a bit more about the state of the relevant kernel

Hi, According to virsh capabilities I only have the following cpu features: <cpu> <arch>x86_64</arch> <model>IvyBridge-IBRS</model> <vendor>Intel</vendor> <microcode version='32'/> <topology sockets='1' cores='4' threads='1'/> <feature name='ds'/>

Hi all! I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. I note that when I run the redhat script to test for spectre & meltdown I get this result for variant 2: Variant #2 (Spectre): Vulnerable CVE-2017-5715 - speculative execution branch target injection - Kernel with mitigation patches: OK - HW support / updated microcode: NO - IBRS: Not disabled on

Il 07/08/19 01:02, Phil Perry ha scritto: > On 06/08/2019 14:45, Alessandro Baggi wrote: >> Il 05/08/19 20:07, Akemi Yagi ha scritto: >>> On Mon, Aug 5, 2019 at 9:21 AM Alessandro Baggi >>> <alessandro.baggi at gmail.com> wrote: >>>> >>>> Il 05/08/19 18:07, Akemi Yagi ha scritto: >>>>> On Mon, Aug 5, 2019 at 9:01 AM Alessandro

Il 07/08/19 20:15, Akemi Yagi ha scritto: > On Wed, Aug 7, 2019 at 9:00 AM Alessandro Baggi > <alessandro.baggi at gmail.com> wrote: >> >> Il 07/08/19 01:02, Phil Perry ha scritto: >>> On 06/08/2019 14:45, Alessandro Baggi wrote: > >>> Please post the actual error message in dmesg or /var/log/messages. >>> >>> It's likely that the

Il 05/08/19 20:07, Akemi Yagi ha scritto: > On Mon, Aug 5, 2019 at 9:21 AM Alessandro Baggi > <alessandro.baggi at gmail.com> wrote: >> >> Il 05/08/19 18:07, Akemi Yagi ha scritto: >>> On Mon, Aug 5, 2019 at 9:01 AM Alessandro Baggi >>> <alessandro.baggi at gmail.com> wrote: > >>> Do you have secureboot enabled? Then yes, that requires a

On 16/03/18 18:24, Fred Smith wrote: > Hi all! > > I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. > What kernel are you running (uname -r)? > I note that when I run the redhat script to test for spectre & meltdown > I get this result for variant 2: > > Variant #2 (Spectre): Vulnerable > CVE-2017-5715 - speculative execution branch

By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late December and received a

By now, we're sure most everyone have heard of the Meltdown and Spectre attacks. If not, head over to https://meltdownattack.com/ and get an overview. Additional technical details are available from Google Project Zero. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html The FreeBSD Security Team was notified of the issue in late December and received a

On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote: > > > > That would be __x86_indirect_thunk but the kernel doesn't use it. > > We use -mindirect-branch-register and only ever expect the compiler > > to use the register versions which are CET-compatible. > > > > However, in at least one case in the 32-bit kernel we do emit the > > old

On Tue, Feb 6, 2018 at 4:46 PM David Woodhouse <dwmw2 at infradead.org> wrote: > On Wed, 2018-02-07 at 00:36 +0000, Chandler Carruth wrote: > > > > > > > That would be __x86_indirect_thunk but the kernel doesn't use it. > > > We use -mindirect-branch-register and only ever expect the compiler > > > to use the register versions which are

What's amazing to me is, after "Intel Inside - don't divide" (their 486 debacle), they didn't learn and have a better plan for addressing these kinds of things. ----- Original Message ----- From: "Chris Murphy" <lists at colorremedies.com> To: "centos" <centos at centos.org> Sent: Wednesday, January 24, 2018 12:06:01 PM Subject: Re: [CentOS]

Also, could you patch and test Clang with the Linux kernel after I make this change? I'd like to know that we actually successfully call the correct thunks and that they behave correctly. I'm not super worried, but good to actually get this right. I'm am slightly more worried about the stack-based retpoline than the register ones just due to the overall lower amount of testing

On Wed, Aug 7, 2019 at 9:00 AM Alessandro Baggi <alessandro.baggi at gmail.com> wrote: > > Il 07/08/19 01:02, Phil Perry ha scritto: > > On 06/08/2019 14:45, Alessandro Baggi wrote: > > Please post the actual error message in dmesg or /var/log/messages. > > > > It's likely that the kernel is just grumbling that the module is not > > signed (missing

On Wed, Aug 7, 2019 at 11:00 PM Alessandro Baggi <alessandro.baggi at gmail.com> wrote: > > Il 07/08/19 20:15, Akemi Yagi ha scritto: > > On Wed, Aug 7, 2019 at 9:00 AM Alessandro Baggi > > <alessandro.baggi at gmail.com> wrote: > >> > >> Il 07/08/19 01:02, Phil Perry ha scritto: > >>> On 06/08/2019 14:45, Alessandro Baggi wrote: >

On 01/22/2018 10:06 AM, Valeri Galtsev wrote: > > > On 01/22/18 09:08, Johnny Hughes wrote: >> On 01/18/2018 09:42 AM, Valeri Galtsev wrote: >>> >>> >>> On 01/18/18 03:41, Pete Biggs wrote: >>>> >>>>> Look at: >>>>> >>>>> https://t.co/6fT61xgtGH >>>>> >>>>> Get the

The patch is up for review here: https://reviews.llvm.org/D42998 On Tue, Feb 6, 2018 at 4:58 PM Chandler Carruth <chandlerc at google.com> wrote: > Also, could you patch and test Clang with the Linux kernel after I make > this change? I'd like to know that we actually successfully call the > correct thunks and that they behave correctly. I'm not super worried, but >

What are the patches that I can download and install to be protected against the Meltdown and Spectre security vulnerabilities? ===BEGIN SIGNATURE=== Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 [1] https://tdtemcerts.wordpress.com/ [2] http://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming ===END SIGNATURE===

I have built all the source code releases from upstream for RHEL-6 regarding meltdown /spectre and released those into packages into the CentOS Linux 6.9 updates repository. As to whether or not either Arch (x86_64 or i386) is or is not vulnerable, the CentOS team does not test for or make claims concerning security fitness. What we do build the source code that is released upstream. Users must

On Fri, Mar 9, 2018 at 10:46 AM, Peter Wood <peterwood.sd at gmail.com> wrote: > Anyway, I'm stuck with a few 32bit systems exposed to customers and I have > to come up with an answer to their question about meltdown/spectre. At this > point all I can say is that Red Hat hasn't patched 32bit systems but that > is hard to believe so I assumed that I'm wrong and