unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* Intel i7-1165G7 vulnerable to Spectre v2
@ 2023-02-01 10:21 Christian Gelinek
  2023-02-01 14:20 ` Felix Lechner via
  2023-02-01 15:58 ` Tobias Geerinckx-Rice
  0 siblings, 2 replies; 10+ messages in thread
From: Christian Gelinek @ 2023-02-01 10:21 UTC (permalink / raw)
  To: help-guix

Hi Guix,

My CPU, an 11th Gen Intel(R) Core(TM) i7-1165G7, is reported to be 
vulnerable by `lscpu`:

--8<---------------cut here---------------start------------->8---
Vulnerabilities:
   Itlb multihit:         Not affected
   L1tf:                  Not affected
   Mds:                   Not affected
   Meltdown:              Not affected
   Mmio stale data:       Not affected
   Retbleed:              Not affected
   Spec store bypass:     Mitigation; Speculative Store Bypass disabled 
via prctl
   Spectre v1:            Mitigation; usercopy/swapgs barriers and 
__user pointer sanitization
   Spectre v2:            Vulnerable: eIBRS with unprivileged eBPF
   Srbds:                 Not affected
   Tsx async abort:       Not affected
--8<---------------cut here---------------end--------------->8---

with `uname -a` output being

--8<---------------cut here---------------start------------->8---
Linux gelil14 6.1.8-gnu #1 SMP PREEMPT_DYNAMIC 1 x86_64 GNU/Linux
--8<---------------cut here---------------end--------------->8---

On the same machine, I have run Debian 11 Live from a USB drive:

--8<---------------cut here---------------start------------->8---
Linux debian 5.10.0-20-amd64 #1 SMP Debian 5.10.158-2 (2022-12-13) 
x86_64 GNU/Linux
--8<---------------cut here---------------end--------------->8---

and the equivalent `lscpu` section is

--8<---------------cut here---------------start------------->8---
Vulnerability Itlb multihit:     Not affected
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Not affected
Vulnerability Meltdown:          Not affected
Vulnerability Mmio stale data:   Not affected
Vulnerability Retbleed:          Not affected
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass 
disabled via prctl and seccomp
Vulnerability Spectre v1:        Mitigation; usercopy/swapgs barriers 
and __user pointer sanitization
Vulnerability Spectre v2:        Mitigation; Enhanced IBRS, IBPB 
conditional, RSB filling, PBRSB-eIBRS SW sequence
Vulnerability Srbds:             Not affected
Vulnerability Tsx async abort:   Not affected
--8<---------------cut here---------------end--------------->8---

Does anyone know how to enable some sort of mitigation for Guix?

Thanks,
Christian


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2023-02-03 10:14 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-01 10:21 Intel i7-1165G7 vulnerable to Spectre v2 Christian Gelinek
2023-02-01 14:20 ` Felix Lechner via
2023-02-03  9:59   ` Christian Gelinek
2023-02-01 15:58 ` Tobias Geerinckx-Rice
2023-02-01 18:29   ` Ekaitz Zarraga
2023-02-01 19:43     ` Disabling unprivileged BPF by default in our kernels Tobias Geerinckx-Rice
2023-02-02 11:40       ` Leo Famulari
2023-02-02 17:13       ` Remco van 't Veer
2023-02-02 17:19         ` Tobias Geerinckx-Rice
2023-02-03 10:13   ` Intel i7-1165G7 vulnerable to Spectre v2 Christian Gelinek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).