On 30 January 2018 at 16:02, Michael Fothergill < michael.fotherg...@gmail.com> wrote:
> > > On 30 January 2018 at 15:23, Elimar Riesebieter <riese...@lxtec.de> wrote: > >> * rhkra...@gmail.com <rhkra...@gmail.com> [2018-01-29 10:47 -0500]: >> >> [...] >> > On the other hand, if I download kernel source, I would need GCC, and a >> > version that is sufficient for the code. >> >> One can check the compiler version the running kernel is built with >> by: >> >> $ cat /proc/version >> Linux version 4.14.15-toy-lxtec-amd64 (riesebie@toy) (gcc version 7.3.0 >> (Debian 7.3.0-1)) #1 SMP Tue Jan 30 14:20:49 CET 2018 >> > > That is a very useful command. > > I ran it myself. > > djt /home/mikef/spectre-meltdown-checker # cat /proc/version > Linux version 4.14.14-gentoo (root@djt) (gcc version 7.2.0 (Gentoo > 7.2.0-r1)) #1 SMP Tue Jan 23 13:06:23 GMT 2018 > > Here is a bit of the output from the spectre patch checker: > > > * Mitigation 2 > * Kernel compiled with retpoline option: YES > * Kernel compiled with a retpoline-aware compiler: NO (kernel reports > minimal retpoline compilation) > * Retpoline enabled: YES > > STATUS: VULNERABLE (Vulnerable: Minimal AMD ASM retpoline) > > As can be seen here, the compiler I used to create this kernel was not > recent enough to make retpoline work. > > Since I now have gcc 7.3 installed I will do kernel upgrade in a little > while and see if I can change the NO in > > "* Kernel compiled with a retpoline-aware compiler: NO (kernel reports > minimal retpoline compilation)" > > to YES..... > > I think it will work. > > Cheers MF > I just ran the kernel rebuild: djt /home/mikef # cat /proc/version Linux version 4.14.15-gentoo (root@djt) (gcc version 7.3.0 (Gentoo 7.3.0)) #1 SMP Tue Jan 30 16:22:47 GMT 2018 and now the spectre kernel checker says the following: * Mitigation 2 * Kernel compiled with retpoline option: YES * Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation) * Retpoline enabled: YES > STATUS: NOT VULNERABLE (Mitigation: Full AMD retpoline) New kernels are going to appear soon with fancier fixes for spectre vulnerabilities if I understand it correctly. I can now install them right away; and if I want I can downgrade gentoo testing to gentoo stable and do the very same thing. Cheers MF > > > > > > > > > > > >> >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >> Elimar >> -- >> You cannot propel yourself forward by >> patting yourself on the back. >> >> >
