| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAP8WD_YnJnQW9o+t2jn6HRrY3kKQMRD44joP=thPYO5vS4ev7Q@mail.gmail.com>
Date: Fri, 2 Feb 2018 23:52:30 -0500
From: tedheadster <tedheadster@...il.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, hughd@...gle.com,
dave.hansen@...ux.intel.com, jikos@...nel.org, bp@...en8.de,
linux@...ck-us.net, Kees Cook <keescook@...omium.org>,
jamie@...ieiles.com, dwmw2@...radead.org, eduval@...zon.com,
labbott@...hat.com, riel@...riel.com,
Thomas Gleixner <tglx@...utronix.de>,
linux-kernel@...r.kernel.org
Subject: [BUG] x86 : i486 reporting to be vulnerable to Meltdown/Spectre_V1/Spectre_V2
I just tested the 4.15 kernel and it is reporting that my old i486
(non-cpuid capable) cpu is vulnerable to all three issues: Meltdown,
Spectre V1, and Spectre V2.
I find this to be _unlikely_.
/sys/devices/system/cpu/vulnerabilities/* reports the following:
meltdown: "Vulnerable"
spectre_v1: "Vulnerable"
spectre_v2: "Vulnerable: Minimal generic ASM retpoline"
The output of dmesg includes:
"Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline"
"Spectre V2 mitigation: Filling RSB on context switch"
Also, /proc/cpuinfo reports the following:
cpuid level: -1
flags: fpu retpoline rsb_ctxsw
bugs: cpu_meltdown spectre_v1 spectre_v2
I have the hardware to test on. Send me your patches.
- Matthew Whitehead
Powered by blists - more mailing lists