On 16/03/18 18:24, Fred Smith wrote: > Hi all! > > I'm running an up-to-date Centos-7 on an AMD Vishera 6300, 6 core CPU. > What kernel are you running (uname -r)? > I note that when I run the redhat script to test for spectre & meltdown > I get this result for variant 2: > > Variant #2 (Spectre): Vulnerable > CVE-2017-5715 - speculative execution branch target injection > - Kernel with mitigation patches: OK > - HW support / updated microcode: NO > - IBRS: Not disabled on kernel commandline > - IBPB: Not disabled on kernel commandline > > > and when I run the one from github I get this: > > CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2' > * Mitigated according to the /sys interface: NO (kernel confirms your system is vulnerable) > * Mitigation 1 > * Kernel is compiled with IBRS/IBPB support: YES > * Currently enabled features > * IBRS enabled for Kernel space: NO > * IBRS enabled for User space: NO > * IBPB enabled: NO > * Mitigation 2 > * Kernel compiled with retpoline option: YES > * Kernel compiled with a retpoline-aware compiler: UNKNOWN >> STATUS: VULNERABLE (Vulnerable: Retpoline without IBPB) > > > So, I"m wondering: > 1. has RH in fact released mitigations for this issue for AMD processors, and > 2. has AMD released microcode updates for this? > > I have no idea how to query AMD with such a question, anybody here know? > > Thanks in advance! >