[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180604081502.GE12258@hirez.programming.kicks-ass.net>
Date: Mon, 4 Jun 2018 10:15:02 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Andreas Hartmann <andihartmann@...19freenet.de>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: Re: Spectre mitigation doesn't seem to work at all?!
On Fri, Jun 01, 2018 at 02:19:38PM +0200, Andreas Hartmann wrote:
> I tested the spectre mitigation of different machines and kernels with
> https://github.com/crozone/SpectrePoC
>
> You can see the results below.
> My question: Did I miss something?
Yes.
> Build: ... INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED
> Build: ... INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED
> Build: ... INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED
^^^^^^^^ ^^^^^^^^
The POC is a v1 on itself. V1 needs to be fixed for every individual
executable (worse, for every individual location in the code, and we're
still finding them). The kernel mitigation status for v1 only indicates
the kernel itself has mitigations (for some locations).
The POC is meant to test effectiveness of these mitigations, either the
original LFENCE or the dependent instruction thing, but you have to
enable one or the other.
Powered by blists - more mailing lists