lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1620541.3EV38X6Ctd@merkaba>
Date:   Mon, 29 Jan 2018 10:41:15 +0100
From:   Martin Steigerwald <martin@...htvoll.de>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Requirements for retpoline in Linux 4.15 (was: Re: Linux 4.15)

Hi Linus, hi everyone,

Linus Torvalds - 28.01.18, 22:52:
> details), and perhaps equally importantly, to actually get the biggest
> fix for the indirect branch mitigations, you need not just the kernel
> updates, you need to have a compiler with support for the "retpoline"
> indirect branch model.
> 
> You can do
> 
>     cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
> 
> and if you don't have a compiler that supports the retpoline
> mitigations, you'll get:
> 
>     Vulnerable: Minimal generic ASM retpoline
> 
> because only the assembly code (not the C code) will have the
> retpoline mitigation. So keep that in mind.

I have:

% cat /proc/version
Linux version 4.15.0-tp520-btrfstrim+ ([…]) (gcc version 7.3.0 (Debian 
7.3.0-1)) #38 SMP PREEMPT Mon Jan 29 09:38:44 CET 2018

% grep RETPO /boot/config-4.15.0-tp520-btrfstrim+
CONFIG_RETPOLINE=y

% gcc --version | head -1
gcc (Debian 7.3.0-1) 7.3.0

% apt changelog gcc-7
gcc-7 (7.3.0-1) unstable; urgency=medium

  * GCC 7.3.0 release.
  * Ignore bootstrap comparison failures in gcc/d on alpha. Addresses: 
#888394.

 -- Matthias Klose […]  Thu, 25 Jan 2018 12:07:10 +0100


Yet:

% grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable: Minimal generic 
ASM retpoline


>From what I read gcc 7.3 was supposed to include back ported retpoline 
patches. What am I missing here?

Thanks,
-- 
Martin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ