Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Spectre checker with kernel 6.12
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 207
PostPosted: Thu Mar 06, 2025 9:52 am    Post subject: Spectre checker with kernel 6.12 Reply with quote
Hi,
after upgrading to kernel 6.12, I ran app-admin/spectre-meltdown-checker who shows the following fail
Quote:
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Retpolines; IBPB: conditional; IBRS_FW; STIBP: always-on; RSB filling; PBRSB-eIBRS: Not affected; BHI: Not affected)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: UNKNOWN
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: NO
> STATUS: VULNERABLE (IBRS+IBPB or retpoline+IBPB is needed to mitigate the vulnerability)

According to logs I kept, it was ok with kernels 6.4 & 6.6, the "* Kernel compiled with retpoline option: " was showing YES
All CPU mitigations are activated in kernel config, it's compiled with CONFIG_MITIGATION_RETPOLINE=y so I'm wondering did I miss (or screw up) something in menuconfig ?
_________________
Dragon Princess Music Games Heroes and villains
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 207
PostPosted: Thu Mar 06, 2025 3:26 pm    Post subject: Reply with quote
I think I found out the cause.
As I understand it, the retpoline option name has changed in the kernel CONFIG_RETPOLINE (old kernels) is now CONFIG_MITIGATION_RETPOLINE, but it seems the spectre-meltdown-checker script hasn't been updated.

Edit : Issue is known https://github.com/speed47/spectre-meltdown-checker/pull/498 and apparently fixed, but no new version has been published
_________________
Dragon Princess Music Games Heroes and villains
Back to top
View user's profile Send private message
grknight
Retired Dev
Retired Dev


Joined: 20 Feb 2015
Posts: 2041
PostPosted: Thu Mar 06, 2025 4:28 pm    Post subject: Reply with quote
You do know that lscpu can be used to display all known vulnerabilities that the booted kernel is aware of.
Back to top
View user's profile Send private message
krumpf
Apprentice
Apprentice


Joined: 15 Jul 2018
Posts: 207
PostPosted: Thu Mar 06, 2025 6:24 pm    Post subject: Reply with quote
grknight wrote:
You do know that lscpu can be used to display all known vulnerabilities that the booted kernel is aware of.

Nope, I didn't know, thanks for telling
_________________
Dragon Princess Music Games Heroes and villains
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy