lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 2 Feb 2018 23:52:30 -0500
From:   tedheadster <tedheadster@...il.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>, hughd@...gle.com,
        dave.hansen@...ux.intel.com, jikos@...nel.org, bp@...en8.de,
        linux@...ck-us.net, Kees Cook <keescook@...omium.org>,
        jamie@...ieiles.com, dwmw2@...radead.org, eduval@...zon.com,
        labbott@...hat.com, riel@...riel.com,
        Thomas Gleixner <tglx@...utronix.de>,
        linux-kernel@...r.kernel.org
Subject: [BUG] x86 : i486 reporting to be vulnerable to Meltdown/Spectre_V1/Spectre_V2

I just tested the 4.15 kernel and it is reporting that my old i486
(non-cpuid capable) cpu is vulnerable to all three issues: Meltdown,
Spectre V1, and Spectre V2.

I find this to be _unlikely_.

/sys/devices/system/cpu/vulnerabilities/* reports the following:

meltdown: "Vulnerable"
spectre_v1: "Vulnerable"
spectre_v2: "Vulnerable: Minimal generic ASM retpoline"

The output of dmesg includes:

"Spectre V2 mitigation: Vulnerable: Minimal generic ASM retpoline"
"Spectre V2 mitigation: Filling RSB on context switch"

Also, /proc/cpuinfo reports the following:

cpuid level: -1
flags: fpu retpoline rsb_ctxsw
bugs: cpu_meltdown spectre_v1 spectre_v2

I have the hardware to test on. Send me your patches.

- Matthew Whitehead

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ