Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751017AbeAOVOz convert rfc822-to-8bit (ORCPT + 1 other); Mon, 15 Jan 2018 16:14:55 -0500 Received: from mail-oln040092253081.outbound.protection.outlook.com ([40.92.253.81]:12436 "EHLO APC01-SG2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750716AbeAOVOy (ORCPT ); Mon, 15 Jan 2018 16:14:54 -0500 From: Mohammed Azfar To: "kernelnewbies@nl.linux.org" , "linux-kernel@vger.kernel.org" Subject: Reg : Spectre & Meltdown Thread-Topic: Reg : Spectre & Meltdown Thread-Index: AQHTim4qNvzuNxTZ20qDTz43sKfWwaN1b8rLgABjHL0= Date: Mon, 15 Jan 2018 21:14:51 +0000 Message-ID: References: , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-incomingtopheadermarker: OriginalChecksum:99796CDA4AF2FCA9AB3CDE47014EE4E52DD7C30CE652E67D66530BA65A9E6096;UpperCasedChecksum:AF18DDF561F6EAF8127EAF9F6498FF69C5DB56DA4A954CF2D9DF70CD0244A847;SizeAsReceived:7166;Count:45 x-tmn: [6BgdFqfhVDWOQwQ12qgRdTs6CwzlUKjq] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;HK2APC01HT168;6:UDJTZVTK6wH+Yfgbxhl5vTXsF5GHpAyotzZ8IiOc1hP6yfDI4PXhO7c5WsFhOWUZZhKTEpPdB3wdL+JEIaID9p0s/CRvZt3EgAufb8gAh6G7P2CCBEvVJZ7Cl25JhuCbx5v9ZJwBF/Fxj9LTaTjpYIN9PhE6DvCUUkdmZ3nMZEEvEMpa39iLHdbkqW86POyTOWERdJ8DJMc5diSPPktt6Ff85NrfT9Vx0IJOQmuNLDLnzHjNlywbTm2I9NG+wr53Wbc+aCdBoFq7r/6kWWWJvAqtWO/rEqnzRlzmK5ADog/B8K8dBp6gRQQXNvLwiel15L8nJVtigXOrN6RtvsVXrrBRWzCt/OEx90n4OZEBomk=;5:MawCXIQ5WiyUKu4HY8KO6E8Uo9PQOQ0S1S/qRLc5V2lQZofY/yYMa89aSyAZcpcRLEOAlEtTKPaBESx+I1FCKnZWRFyAJZofbKPE6WD+dQ2fAvuA9RHzeHot/S9LohIme8EQuhsxP8jYolrDLg8LKQLGueeQpPmZnF+qzS+7N5I=;24:AR11REa0bC7KHAfhtxxdWrJiu0yVxLvv899t1QuyWpepDFvs5/nmAj+P/GF8cPcFt8qr9+9xusB6dhJB/fdN5djZNxPhxscy1y9YvpeWfqU=;7:KdOilXiBj0lUYSzccWHaa0ouY7XKA/M7SIEnQn3ZnU6eAO21ZphaX7cBV4k1mgVMLtrtZfJlbkdOycwBe/QiMfkbI0RCEhVEhUFDIOyAM3Mz6qn8q0jSBhjuMOU2Ie2n6rzTcRP3RIgJbBkczqrm3pModv+ZEo+6JkS5AsVoDGCC0IZDF+I07YuUyT1YY/J/vnBozr1Og9CzoizalWDwoH8aPva7zZAfyv6Sz4NR7KBHjqxuskg3p0yho5dDUrSS x-incomingheadercount: 45 x-eopattributedmessage: 0 x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045);SRVR:HK2APC01HT168; x-ms-traffictypediagnostic: HK2APC01HT168: x-ms-office365-filtering-correlation-id: f91a7e57-2e73-48d8-4de6-08d55c5d0430 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(444000031);SRVR:HK2APC01HT168;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:HK2APC01HT168; x-forefront-prvs: 0553CBB77A x-forefront-antispam-report: SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:HK2APC01HT168;H:MA1PR0101MB1189.INDPRD01.PROD.OUTLOOK.COM;FPR:;SPF:None;LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f91a7e57-2e73-48d8-4de6-08d55c5d0430 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2018 21:14:51.4156 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT168 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: Hi Team please share your suggestions about this. I tired an online tool to check the vulnerability of spectre and meltdown, this is after upgrading 4.4.111-1 kernel version in centos 7. But its still showing in vulnerable state, im running this script in AWS instance. Please advice me. Script :?https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh Output :? Spectre and Meltdown mitigation detection tool v0.24 Checking for vulnerabilities against live running kernel Linux 4.4.111-1.el7.elrepo.x86_64 #1 SMP Wed Jan 10 13:12:02 EST 2018 x86_64 CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1' * Checking count of LFENCE opcodes in kernel:? NO? (only 35 opcodes found, should be >= 70) > STATUS:? VULNERABLE? (heuristic to be improved when official patches become available) CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' * Mitigation 1 *? ?Hardware (CPU microcode) support for mitigation:? YES *? ?Kernel support for IBRS:? NO *? ?IBRS enabled for Kernel space:? NO *? ?IBRS enabled for User space:? NO * Mitigation 2 *? ?Kernel compiled with retpoline option:? NO *? ?Kernel compiled with a retpoline-aware compiler:? NO > STATUS:? VULNERABLE? (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability) CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3' * Kernel supports Page Table Isolation (PTI):? YES * PTI enabled and active:? YES > STATUS:? NOT VULNERABLE? (PTI mitigates the vulnerability) A false sense of security is worse than no security at all, see --disclaimer -- Thanks Mohammed Azfar