You are not logged in.
Pages: 1
# uname -a
Linux arch 4.17.11-arch1 #1 SMP PREEMPT Sun Jul 29 10:11:16 UTC 2018 x86_64 GNU/Linux
# dmesg | grep CPU
[ 0.000000] smpboot: Allowing 8 CPUs, 4 hotplug CPUs
[ 0.000000] setup_percpu: NR_CPUS:320 nr_cpumask_bits:320 nr_cpu_ids:8 nr_node_ids:1
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=1
[ 0.000000] RCU restricting CPUs from NR_CPUS=320 to nr_cpu_ids=8.
[ 0.000000] Offload RCU callbacks from CPUs: (none).
[ 0.025079] CPU: Physical Processor ID: 0
[ 0.025079] CPU: Processor Core ID: 0
[ 0.025080] mce: CPU supports 7 MCE banks
[ 0.029999] smpboot: CPU0: AMD FX(tm)-4100 Quad-Core Processor (family: 0x15, model: 0x1, stepping: 0x2)
[ 0.060014] smp: Bringing up secondary CPUs ...
[ 0.083354] .... node #0, CPUs: #1 #2 #3
[ 0.132832] smp: Brought up 1 node, 4 CPUs
[ 1.644353] ledtrig-cpu: registered to indicate activity on CPUs
[ 1.648525] microcode: CPU0: patch_level=0x06000623
[ 1.648529] microcode: CPU1: patch_level=0x06000623
[ 1.648536] microcode: CPU2: patch_level=0x06000623
[ 1.648543] microcode: CPU3: patch_level=0x06000623
[ 12.002853] microcode: CPU0: new patch_level=0x0600063e
[ 12.020313] microcode: CPU2: new patch_level=0x0600063e
[ 12.020400] x86/CPU: CPU features have changed after loading microcode, but might not take effect.
[ 12.020402] x86/CPU: Please consider either early loading through initrd/built-in or a potential BIOS update.
So uncanny that only 2 cores got new patch. I also modified /boot/grub/grub.cfg to load the microcode as dmesg reported at the 12th second, but initrd cannot load microcode(kernel panic). What does 0x15 mean?
Later, I used spectre-meltdown-checker
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: NO
* CPU indicates IBRS capability: NO
* CPU indicates preferring IBRS always-on: NO
* CPU indicates preferring IBRS over retpoline: NO
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (IBPB_SUPPORT feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: NO
* CPU indicates STIBP capability: NO
* CPU indicates preferring STIBP always-on: NO
* CPU microcode is known to cause stability problems: NO (model 1 stepping 2 ucode 0x600063e cpuid 0x600f12)
* CPU vulnerability to the three speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: NO
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (Mitigation: Full AMD retpoline)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: UNKNOWN
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: NO
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Full retpoline is mitigating the vulnerability)
You should enable IBPB to complete retpoline as a Variant 2 mitigation
Last edited by gaofei (2018-08-08 00:32:50)
Offline
Offline
Pages: 1