From: Christian Gelinek <christian.gelinek@mailbox.org>
To: help-guix@gnu.org
Subject: Intel i7-1165G7 vulnerable to Spectre v2
Date: Wed, 1 Feb 2023 10:21:29 +0000 [thread overview]
Message-ID: <e7000800-bd5d-8ba4-3f45-888572fd11d8@mailbox.org> (raw)
Hi Guix,
My CPU, an 11th Gen Intel(R) Core(TM) i7-1165G7, is reported to be
vulnerable by `lscpu`:
--8<---------------cut here---------------start------------->8---
Vulnerabilities:
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Retbleed: Not affected
Spec store bypass: Mitigation; Speculative Store Bypass disabled
via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and
__user pointer sanitization
Spectre v2: Vulnerable: eIBRS with unprivileged eBPF
Srbds: Not affected
Tsx async abort: Not affected
--8<---------------cut here---------------end--------------->8---
with `uname -a` output being
--8<---------------cut here---------------start------------->8---
Linux gelil14 6.1.8-gnu #1 SMP PREEMPT_DYNAMIC 1 x86_64 GNU/Linux
--8<---------------cut here---------------end--------------->8---
On the same machine, I have run Debian 11 Live from a USB drive:
--8<---------------cut here---------------start------------->8---
Linux debian 5.10.0-20-amd64 #1 SMP Debian 5.10.158-2 (2022-12-13)
x86_64 GNU/Linux
--8<---------------cut here---------------end--------------->8---
and the equivalent `lscpu` section is
--8<---------------cut here---------------start------------->8---
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Not affected
Vulnerability Mds: Not affected
Vulnerability Meltdown: Not affected
Vulnerability Mmio stale data: Not affected
Vulnerability Retbleed: Not affected
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass
disabled via prctl and seccomp
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers
and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Enhanced IBRS, IBPB
conditional, RSB filling, PBRSB-eIBRS SW sequence
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected
--8<---------------cut here---------------end--------------->8---
Does anyone know how to enable some sort of mitigation for Guix?
Thanks,
Christian
next reply other threads:[~2023-02-01 10:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-01 10:21 Christian Gelinek [this message]
2023-02-01 14:20 ` Intel i7-1165G7 vulnerable to Spectre v2 Felix Lechner via
2023-02-03 9:59 ` Christian Gelinek
2023-02-01 15:58 ` Tobias Geerinckx-Rice
2023-02-01 18:29 ` Ekaitz Zarraga
2023-02-01 19:43 ` Disabling unprivileged BPF by default in our kernels Tobias Geerinckx-Rice
2023-02-02 11:40 ` Leo Famulari
2023-02-02 17:13 ` Remco van 't Veer
2023-02-02 17:19 ` Tobias Geerinckx-Rice
2023-02-03 10:13 ` Intel i7-1165G7 vulnerable to Spectre v2 Christian Gelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7000800-bd5d-8ba4-3f45-888572fd11d8@mailbox.org \
--to=christian.gelinek@mailbox.org \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.