Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751017AbeAOVOz convert rfc822-to-8bit (ORCPT
        <rfc822;ralf@linux-mips.org> + 1 other);
        Mon, 15 Jan 2018 16:14:55 -0500
Received: from mail-oln040092253081.outbound.protection.outlook.com ([40.92.253.81]:12436
        "EHLO APC01-SG2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1750716AbeAOVOy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Jan 2018 16:14:54 -0500
From: Mohammed Azfar <m_az@LIVE.IN>
To: "kernelnewbies@nl.linux.org" <kernelnewbies@nl.linux.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Reg : Spectre & Meltdown 
Thread-Topic: Reg : Spectre & Meltdown 
Thread-Index: AQHTim4qNvzuNxTZ20qDTz43sKfWwaN1b8rLgABjHL0=
Date: Mon, 15 Jan 2018 21:14:51 +0000
Message-ID: <MA1PR0101MB11890D4628800E42A63213F6ECEB0@MA1PR0101MB1189.INDPRD01.PROD.OUTLOOK.COM>
References: <MA1PR0101MB118900C3BC708AE48A0F305FEC110@MA1PR0101MB1189.INDPRD01.PROD.OUTLOOK.COM>,<MA1PR0101MB1189DC9B8899A77FBAED00FEECEB0@MA1PR0101MB1189.INDPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <MA1PR0101MB1189DC9B8899A77FBAED00FEECEB0@MA1PR0101MB1189.INDPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-incomingtopheadermarker: OriginalChecksum:99796CDA4AF2FCA9AB3CDE47014EE4E52DD7C30CE652E67D66530BA65A9E6096;UpperCasedChecksum:AF18DDF561F6EAF8127EAF9F6498FF69C5DB56DA4A954CF2D9DF70CD0244A847;SizeAsReceived:7166;Count:45
x-tmn: [6BgdFqfhVDWOQwQ12qgRdTs6CwzlUKjq]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;HK2APC01HT168;6:UDJTZVTK6wH+Yfgbxhl5vTXsF5GHpAyotzZ8IiOc1hP6yfDI4PXhO7c5WsFhOWUZZhKTEpPdB3wdL+JEIaID9p0s/CRvZt3EgAufb8gAh6G7P2CCBEvVJZ7Cl25JhuCbx5v9ZJwBF/Fxj9LTaTjpYIN9PhE6DvCUUkdmZ3nMZEEvEMpa39iLHdbkqW86POyTOWERdJ8DJMc5diSPPktt6Ff85NrfT9Vx0IJOQmuNLDLnzHjNlywbTm2I9NG+wr53Wbc+aCdBoFq7r/6kWWWJvAqtWO/rEqnzRlzmK5ADog/B8K8dBp6gRQQXNvLwiel15L8nJVtigXOrN6RtvsVXrrBRWzCt/OEx90n4OZEBomk=;5:MawCXIQ5WiyUKu4HY8KO6E8Uo9PQOQ0S1S/qRLc5V2lQZofY/yYMa89aSyAZcpcRLEOAlEtTKPaBESx+I1FCKnZWRFyAJZofbKPE6WD+dQ2fAvuA9RHzeHot/S9LohIme8EQuhsxP8jYolrDLg8LKQLGueeQpPmZnF+qzS+7N5I=;24:AR11REa0bC7KHAfhtxxdWrJiu0yVxLvv899t1QuyWpepDFvs5/nmAj+P/GF8cPcFt8qr9+9xusB6dhJB/fdN5djZNxPhxscy1y9YvpeWfqU=;7:KdOilXiBj0lUYSzccWHaa0ouY7XKA/M7SIEnQn3ZnU6eAO21ZphaX7cBV4k1mgVMLtrtZfJlbkdOycwBe/QiMfkbI0RCEhVEhUFDIOyAM3Mz6qn8q0jSBhjuMOU2Ie2n6rzTcRP3RIgJbBkczqrm3pModv+ZEo+6JkS5AsVoDGCC0IZDF+I07YuUyT1YY/J/vnBozr1Og9CzoizalWDwoH8aPva7zZAfyv6Sz4NR7KBHjqxuskg3p0yho5dDUrSS
x-incomingheadercount: 45
x-eopattributedmessage: 0
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045);SRVR:HK2APC01HT168;
x-ms-traffictypediagnostic: HK2APC01HT168:
x-ms-office365-filtering-correlation-id: f91a7e57-2e73-48d8-4de6-08d55c5d0430
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(444000031);SRVR:HK2APC01HT168;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:HK2APC01HT168;
x-forefront-prvs: 0553CBB77A
x-forefront-antispam-report: SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:HK2APC01HT168;H:MA1PR0101MB1189.INDPRD01.PROD.OUTLOOK.COM;FPR:;SPF:None;LANG:;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8BIT
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f91a7e57-2e73-48d8-4de6-08d55c5d0430
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jan 2018 21:14:51.4156
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT168
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

Hi Team

please share your suggestions about this.

I tired an online tool to check the vulnerability of spectre and meltdown, this is after upgrading 4.4.111-1 kernel version in centos 7. But its still showing in vulnerable state, im running this script in AWS instance.  Please advice me.

Script :?https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh

Output :?

Spectre and Meltdown mitigation detection tool v0.24


Checking for vulnerabilities against live running kernel Linux 4.4.111-1.el7.elrepo.x86_64 #1 SMP Wed Jan 10 13:12:02 EST 2018 x86_64


CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Checking count of LFENCE opcodes in kernel:? NO? (only 35 opcodes found, should be >= 70)
> STATUS:? VULNERABLE? (heuristic to be improved when official patches become available)


CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigation 1
*? ?Hardware (CPU microcode) support for mitigation:? YES
*? ?Kernel support for IBRS:? NO
*? ?IBRS enabled for Kernel space:? NO
*? ?IBRS enabled for User space:? NO
* Mitigation 2
*? ?Kernel compiled with retpoline option:? NO
*? ?Kernel compiled with a retpoline-aware compiler:? NO
> STATUS:? VULNERABLE? (IBRS hardware + kernel support OR kernel with retpoline are needed to mitigate the vulnerability)


CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Kernel supports Page Table Isolation (PTI):? YES
* PTI enabled and active:? YES
> STATUS:? NOT VULNERABLE? (PTI mitigates the vulnerability)


A false sense of security is worse than no security at all, see --disclaimer


--
Thanks


Mohammed Azfar