Le 17/02/2018 à 18:11, Wolfgang Pfeiffer a écrit :
On Sat, 17 Feb 2018 13:25:06 +0100
François Patte <francois.patte(a)mi.parisdescartes.fr> wrote:
> Le 17/02/2018 à 12:59, Ed Greshko a écrit :
>> On 02/17/18 18:12, François Patte wrote:
>>> I just updated f27 and the new installed kernel
>>> (4.15.3-300.fc27.x86_64), sends these messages at boot time:
>>>
>>> kernel: Spectre V2 : Mitigation: Full generic retpoline
>>> kernel: Spectre V2 : System may be vulnerable to spectre v2
>>>
>>> What do they mean and what to do? Waiting for next kernel update?
>>
>>
>> It may mean that your particular CPU is not fully protected by the recent kernel
patches.
>>
>> Cat the files in /sys/devices/system/cpu/vulnerabilities
>>
>> FWIW, my systems have ....
>>
>> [egreshko@acer vulnerabilities]$ cat meltdown
>> Mitigation: PTI
>>
>> [egreshko@acer vulnerabilities]$ cat spectre_v1
>> Mitigation: __user pointer sanitization
>
> Same as you.
>
>>
>> [egreshko@acer vulnerabilities]$ cat spectre_v2
>> Mitigation: Full generic retpoline
>
> this one gives:
>
> Mitigation: Full generic retpoline - vulnerable module loaded
>
> But does not give the module name!!
You might want to try and see your last boot messages (or any logs for
might matter ...)
journalctl -b
Then search for Spectre and retpoline (maybe changing upper/lower case)
and the messages before and after these found instances .. look hard ...
journalctl -b | grep -i retpoline
returns that virtualbox drivers (vboxdrv, vboxnetflt, vboxnetadp,
vboxpci) and nvidia driver were not compiled with a retpoline compiler....
As these modules are compiled on board with gcc using akmod, I suppose
that gcc is not a retpoline compiler.
What can I do?
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte