Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3320248imm; Mon, 4 Jun 2018 01:16:52 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKpT96+1xpf91omTdQgnnmx42SMXUwhJXGlR7/dyFjv6ALv2ghFpwYmVD2E2fMFbsOYiHbQ X-Received: by 2002:a63:ad08:: with SMTP id g8-v6mr16209254pgf.74.1528100212467; Mon, 04 Jun 2018 01:16:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528100212; cv=none; d=google.com; s=arc-20160816; b=ttB2iUzgxkzZBUG3VJ9Aknh2SXBiP8uvwuXkK+srEZMnewLDKVWHKh7jjkHdrzuBrh djGn1PdJSqJmayp/ywOFIsIrSImO6Vv162VZ36YvKwDqFFXpHjYHijf5fySZRWuec/F7 2xg7i9gUuNC/rX7kqinbPrd734QP6gM4JpqSG3G3w+PxcEzk+Q4+BqglS9XH2aY4MzPE 0UEvDgdDzma5ZLAhCrkWUUuja75VgqAEKVW1Kli6Le/aE5T2oYKZ57BACf1IOqhbZwOB 9th8CedAsbq6EyGcAJFiQ/qfrIhAo6I4cXRROvFV2AafEUyePgiYlLh+oWWZVv0XbJ6R DX1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=5o9Ly6Z43DEXbxw9vYHwdO1xaCimrxR4Yc81kHvTamw=; b=hPL9lqO4uMepPBGKcphtT4E570RvDuiJL5OPiL3l53WVfS7dv9VICD/CHTIQi/EwzU 5seW9HZcwAxPuoF7Zu18hVjcP6OyRBWgzdcfYqCCCqmKZhmFl9eB7cPUH7qR9LOrWjI+ wM8Vw90U+J1fYIYb9y1hVZB4ejFS9FG4PSRlhcTHnMM7ZOrMNe6HN2NH/mnwbh8p4ie/ bD6A6lx7BAYkW2qQazKEeWSrGNfCKPy95UTowfmh3DEQ3R7bETC8+a30goXm3KmMC3KD 3Fcf8rFKRWEQ6fvYL9D91ADPT2X/Z9P4tfrCAoSVb+EXDw2gTWaVBbzmkWaTTHfskDxO PASg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=DA6zTtqR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 85-v6si2483784pfm.264.2018.06.04.01.16.38; Mon, 04 Jun 2018 01:16:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b=DA6zTtqR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752122AbeFDIPG (ORCPT + 99 others); Mon, 4 Jun 2018 04:15:06 -0400 Received: from merlin.infradead.org ([205.233.59.134]:33832 "EHLO merlin.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751649AbeFDIPF (ORCPT ); Mon, 4 Jun 2018 04:15:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=5o9Ly6Z43DEXbxw9vYHwdO1xaCimrxR4Yc81kHvTamw=; b=DA6zTtqRPYKzvfAcaQzOi3nXk YTp32I13P//m6IKGALZe7EFHWxlP+GGBma2/zIbXpdX9spcvJe5DFxVsMLsTUwppa9ybRf3F16+EY Vz5P6tNH7ca+Xwbzcbc6O8EHqjeAV4UbS6Ueoy6W/pt+BMtL5fStLmTs3JjQh8QvAk5KXKA8ZbT9/ 8BDy/f7rXKdvM4oc7A+toJ/QKsELJUb+BrYIl9qJy6OPR3b6WWM+gDDCkWaXeQsiz4ZAbVcuCykwm pkN+C5U9r5JpyykZF4tndE52NkJ4UK3b/MiskI8ParnhAkwcPv0jLJhNixj74NbLe3pH2xzVjejEo FnY/rc7Ww==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux)) id 1fPkdr-0002Kt-Tq; Mon, 04 Jun 2018 08:15:04 +0000 Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 4080D20298BA7; Mon, 4 Jun 2018 10:15:02 +0200 (CEST) Date: Mon, 4 Jun 2018 10:15:02 +0200 From: Peter Zijlstra To: Andreas Hartmann Cc: LKML Subject: Re: Spectre mitigation doesn't seem to work at all?! Message-ID: <20180604081502.GE12258@hirez.programming.kicks-ass.net> References: <141672d1-8dcb-9a84-7f8f-60c7a2c58b07@01019freenet.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <141672d1-8dcb-9a84-7f8f-60c7a2c58b07@01019freenet.de> User-Agent: Mutt/1.9.5 (2018-04-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 01, 2018 at 02:19:38PM +0200, Andreas Hartmann wrote: > I tested the spectre mitigation of different machines and kernels with > https://github.com/crozone/SpectrePoC > > You can see the results below. > My question: Did I miss something? Yes. > Build: ... INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED > Build: ... INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED > Build: ... INTEL_MITIGATION_DISABLED LINUX_KERNEL_MITIGATION_DISABLED ^^^^^^^^ ^^^^^^^^ The POC is a v1 on itself. V1 needs to be fixed for every individual executable (worse, for every individual location in the code, and we're still finding them). The kernel mitigation status for v1 only indicates the kernel itself has mitigations (for some locations). The POC is meant to test effectiveness of these mitigations, either the original LFENCE or the dependent instruction thing, but you have to enable one or the other.