On Saturday, 13 July 2019 22:01:02 BST Rich Freeman wrote: > On Sat, Jul 13, 2019 at 4:16 PM Wols Lists wrote: > > On 13/07/19 20:23, Mick wrote: > > > Thanks Corbin, I wonder if despite articles about microcode patch > > > releases to deal with spectre and what not, there are just no patches > > > made available for my aging AMD CPUs. > > > > Or Spectre and what not are Intel specific ... > > > > I know a lot of the reports said many of the exploits don't work on AMD. > > It's something to do with the way Intel has implemented speculative > > execution, and AMD doesn't use that technique. > > Some spectre-related vulnerabilities apply to AMD, and some do not. > Most of the REALLY bad ones do not, but I believe that some of the AMD > ones still require microcode updates to be mitigated in the most > efficient way. Yes, the A10 is vulnerable to: CVE-2017-5753 (Spectre Variant 1, bounds check bypass) CVE-2017-5715 (Spectre Variant 2, branch target injection) > Take a look in /sys/devices/system/cpu/vulnerabilities on your system > for the kernel's assessment of what vulnerabilities apply, and how > they are being mitigated. What you want to see is every single one > either saying "Not affected" or they start with "Mitigation:" If you > see one starting with something like Partial Mitigation or Vulnerable > you should Google if there is something you can do to improve this. > > Note that this assumes you have a current kernel. The kernel can only > report the vulnerabilities it knows about, so if you're running some > kernel from 9 months ago it won't know about everything. > > For reference, on my Ryzen 5 1600 I get: > for x in * ; do echo -n "$x: " ; cat $x ; done > > l1tf: Not affected > mds: Not affected > meltdown: Not affected > spec_store_bypass: Mitigation: Speculative Store Bypass disabled via > prctl and seccomp > spectre_v1: Mitigation: __user pointer sanitization > spectre_v2: Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling I get the same output on both AMD systems running gentoo-sources-4.19.57. I've also used this script for some more detailed checking and testing: https://github.com/speed47/spectre-meltdown-checker Unlike my old Intel which lights up like a christmas tree with "Vulnerable, no microcode found" because Intel has thrown its users to the kerb, both AMDs show "Not Vulnerable" and for some of the vulnerabilities it reports: (your CPU vendor reported your CPU model as not vulnerable) -- Regards, Mick