On Sat, 17 Feb 2018 13:25:06 +0100 François Patte francois.patte@mi.parisdescartes.fr wrote:
Le 17/02/2018 à 12:59, Ed Greshko a écrit :
On 02/17/18 18:12, François Patte wrote:
I just updated f27 and the new installed kernel (4.15.3-300.fc27.x86_64), sends these messages at boot time:
kernel: Spectre V2 : Mitigation: Full generic retpoline kernel: Spectre V2 : System may be vulnerable to spectre v2
What do they mean and what to do? Waiting for next kernel update?
It may mean that your particular CPU is not fully protected by the recent kernel patches.
Cat the files in /sys/devices/system/cpu/vulnerabilities
FWIW, my systems have ....
[egreshko@acer vulnerabilities]$ cat meltdown Mitigation: PTI
[egreshko@acer vulnerabilities]$ cat spectre_v1 Mitigation: __user pointer sanitization
Same as you.
[egreshko@acer vulnerabilities]$ cat spectre_v2 Mitigation: Full generic retpoline
this one gives:
Mitigation: Full generic retpoline - vulnerable module loaded
But does not give the module name!!
You might want to try and see your last boot messages (or any logs for might matter ...)
journalctl -b
Then search for Spectre and retpoline (maybe changing upper/lower case) and the messages before and after these found instances .. look hard ...
If that does not help, you might try that: Just reboot, and see whether that changes anything.
Still no joy? try this:
dnf list kernel* --enablerepo=updates-testing (this should nothing install, just check for updates in testing). See: https://fedoraproject.org/wiki/QA:Updates_Testing#Enabling_the_repository_te... and see whether there are updates in the pipeline to install (careful!) ..
or - next option, and again:careful! - install a vanilla kernel from a non-official repo for Fedora - more on it here: https://fedoraproject.org/wiki/Kernel_Vanilla_Repositories
On a F26 I have a 4.15 kernel installed recently from that repo, running so far smoothly (didn't test it too hard, so far). But read the FAQ beforehand mentioned on that page: These kernels don't have - IIRC - the kernels patched specifically for Fedora. Just vanilla ...
Here: % uname -srvm Linux 4.15.3-300.vanilla.knurd.1.fc26.x86_64 #1 SMP Mon Feb 12 06:36:22 UTC 2018 x86_64
% grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
HTH, and Good Luck! Regards