Adam Carter wrote: > > This appears to be OK on my CPU but want to ask to be sure. > Here's some info, sort of taking cues from what you posted above. > > > root@fireball / # uname -a > Linux fireball 4.18.12-gentoo #1 SMP PREEMPT Sun Oct 14 23:45:12 > CDT 2018 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD > GNU/Linux > root@fireball / # cat /sys/devices/system/cpu/vulnerabilities/ > l1tf meltdown spec_store_bypass > spectre_v1 spectre_v2 > root@fireball / # cat > /sys/devices/system/cpu/vulnerabilities/meltdown > Not affected > root@fireball / # cat /sys/devices/system/cpu/vulnerabilities/l1tf > Not affected > root@fireball / # cat > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass > Mitigation: Speculative Store Bypass disabled via prctl and seccomp > root@fireball / # cat > /sys/devices/system/cpu/vulnerabilities/spectre_v1 > Mitigation: __user pointer sanitization > root@fireball / # cat > /sys/devices/system/cpu/vulnerabilities/spectre_v2 > Mitigation: Full AMD retpoline > root@fireball / # > > > You're missing the /sys/devices/system/cpu/vulnerabilities/mds file > because only the latest kernels from 2019-05-14 have that check. The > 4.18 line has gone away so you'd have to go to 4.19.43 to get it. > Since you're an AMD cpu, you don't need to worry about mds, but if I > were you i'd move to 4.19.43 anyway as you want to stay on a supported > version. 4.19 is "longterm" (https://www.kernel.org/) so its a good > option. Then if something serious comes up, an update from 4.19.x to > 4.19.y is much less trouble than 4.18 to 4.19. > > Am I correct to think that "Mitigation" is good enough or does > that mean it could be affected in some other way or is risky? > > > I accept Mitigation as good enough. The kernel devs seem to choose a > good balance between secure and fast. Anything that says 'vulnerable' > is a problem, but you may have to live with it until a new microcode > or kernel update arrives. Or if the CPU vendor is not making a > microcode update for an old CPU, just live with it or upgrade the > hardware. On my skylake box I need to think about disabling > Hyperthreading or not, disabled is secure but halves the core count.. > > > Also, since the problem that this thread is about isn't listed, > mine isn't affected correct? > > > Covered above. > > > I'm guessing "Not affected" means all is good. ;-) > > > Indeed! >
Thanks much for the info. That was my thinking but I have been wrong before, more than I may even know about at times. ;-) I'll work on updating my kernel but I rarely reboot. Most of my reboots occurs when power is lost, usually severe storms or something. They upgraded the main lines several years ago so it takes something pretty bad to take out power long enough that I have to shutdown. We do get the occasional blinks during storms or high winds tho. They just don't last long enough since the UPS catches that. Kernel 4.19. Going to emerge that and see what I can do. At least it will be a option when I reboot next time. Dale :-) :-) root@fireball / # uprecords # Uptime | System Boot up ----------------------------+--------------------------------------------------- 1 303 days, 11:46:23 | Linux 4.5.2-gentoo Sat Jul 29 23:20:27 2017 2 193 days, 09:28:37 | Linux 3.5.3-gentoo Sat Sep 22 07:50:38 2012 3 184 days, 15:47:57 | Linux 3.18.7-gentoo Tue Dec 15 21:53:59 2015 4 143 days, 15:05:26 | Linux 4.5.2-gentoo Sun Oct 23 20:09:26 2016 5 138 days, 11:27:28 | Linux 4.5.2-gentoo Tue May 29 13:27:44 2018 6 135 days, 11:11:44 | Linux 4.5.2-gentoo Thu Mar 16 11:58:17 2017 -> 7 123 days, 00:28:59 | Linux 4.18.12-gentoo Sat Jan 12 03:42:55 2019 8 116 days, 16:24:24 | Linux 3.16.3-gentoo Mon Oct 13 20:27:52 2014 9 111 days, 00:34:49 | Linux 3.18.7-gentoo Tue Mar 31 18:57:19 2015 10 101 days, 18:34:17 | Linux 3.5.3-gentoo Wed Dec 31 18:00:00 1969
