Aw: Re: Stretch kernel vulnerable to meltdown
> 15. März 2018, 18:05 Uhr, "Henrique de Moraes Holschuh":
>
> On Thu, 15 Mar 2018, Peter Steinmetz wrote:
> > should be fixed wrt meltdown. But I see this
> > # grep -R . /sys/devices/system/cpu/vulnerabilities/
> > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline
> > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
> > /sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
> >
> > Why / what am I missing?
>
> Check the kernel boot log using either dmesg or "journalctl -k -b".
> Look for "Kernel/User page tables isolation".
Doesn't seem to be there.
> Here, that same kernel reports "Mitigation: PTI" in
> /sys/devices/system/cpu/vulnerabilities/meltdown
>
> and:
>
> # uname -rv ; journalctl -k -b | grep isolation
> 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02)
> [redacted] kernel: Kernel/User page tables isolation: enabled
# journalctl -k -b | grep isolation; echo $?
1
#
This kernel is running as a Dom0-kernel on Xen. Might that be the reason?
Peter
Reply to: