On Sat, 17 Feb 2018 13:25:06 +0100
François Patte <francois.patte(a)mi.parisdescartes.fr> wrote:
Le 17/02/2018 à 12:59, Ed Greshko a écrit :
> On 02/17/18 18:12, François Patte wrote:
>> I just updated f27 and the new installed kernel
>> (4.15.3-300.fc27.x86_64), sends these messages at boot time:
>>
>> kernel: Spectre V2 : Mitigation: Full generic retpoline
>> kernel: Spectre V2 : System may be vulnerable to spectre v2
>>
>> What do they mean and what to do? Waiting for next kernel update?
>
>
> It may mean that your particular CPU is not fully protected by the recent kernel
patches.
>
> Cat the files in /sys/devices/system/cpu/vulnerabilities
>
> FWIW, my systems have ....
>
> [egreshko@acer vulnerabilities]$ cat meltdown
> Mitigation: PTI
>
> [egreshko@acer vulnerabilities]$ cat spectre_v1
> Mitigation: __user pointer sanitization
Same as you.
>
> [egreshko@acer vulnerabilities]$ cat spectre_v2
> Mitigation: Full generic retpoline
this one gives:
Mitigation: Full generic retpoline - vulnerable module loaded
But does not give the module name!!
You might want to try and see your last boot messages (or any logs for
might matter ...)
journalctl -b
Then search for Spectre and retpoline (maybe changing upper/lower case)
and the messages before and after these found instances .. look hard ...
If that does not help, you might try that: Just reboot, and see
whether that changes anything.
Still no joy? try this:
dnf list kernel\* --enablerepo=updates-testing
(this should nothing install, just check for updates in testing). See:
https://fedoraproject.org/wiki/QA:Updates_Testing#Enabling_the_repository...
and see whether there are updates in the pipeline to install (careful!) ..
or - next option, and again:careful! - install a vanilla kernel from a non-official
repo for Fedora - more on it here:
https://fedoraproject.org/wiki/Kernel_Vanilla_Repositories
On a F26 I have a 4.15 kernel installed recently from that repo, running
so far smoothly (didn't test it too hard, so far). But read the FAQ beforehand
mentioned on that page: These kernels don't have - IIRC - the kernels patched
specifically for Fedora. Just vanilla ...
Here:
% uname -srvm
Linux 4.15.3-300.vanilla.knurd.1.fc26.x86_64 #1 SMP Mon Feb 12 06:36:22 UTC 2018 x86_64
% grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
HTH, and Good Luck!
Regards
--
Wolfgang Pfeiffer