Intel i7-1165G7 vulnerable to Spectre v2

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Intel i7-1165G7 vulnerable to Spectre v2

From:	Christian Gelinek
Subject:	Intel i7-1165G7 vulnerable to Spectre v2
Date:	Wed, 1 Feb 2023 10:21:29 +0000

Hi Guix,

My CPU, an 11th Gen Intel(R) Core(TM) i7-1165G7, is reported to bevulnerable by `lscpu`:


--8<---------------cut here---------------start------------->8---
Vulnerabilities:
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Not affected
  Retbleed:              Not affected

Spec store bypass: Mitigation; Speculative Store Bypass disabledvia prctlSpectre v1: Mitigation; usercopy/swapgs barriers and__user pointer sanitization

  Spectre v2:            Vulnerable: eIBRS with unprivileged eBPF
  Srbds:                 Not affected
  Tsx async abort:       Not affected
--8<---------------cut here---------------end--------------->8---

with `uname -a` output being

--8<---------------cut here---------------start------------->8---
Linux gelil14 6.1.8-gnu #1 SMP PREEMPT_DYNAMIC 1 x86_64 GNU/Linux
--8<---------------cut here---------------end--------------->8---

On the same machine, I have run Debian 11 Live from a USB drive:

--8<---------------cut here---------------start------------->8---

Linux debian 5.10.0-20-amd64 #1 SMP Debian 5.10.158-2 (2022-12-13)x86_64 GNU/Linux

--8<---------------cut here---------------end--------------->8---

and the equivalent `lscpu` section is

--8<---------------cut here---------------start------------->8---
Vulnerability Itlb multihit:     Not affected
Vulnerability L1tf:              Not affected
Vulnerability Mds:               Not affected
Vulnerability Meltdown:          Not affected
Vulnerability Mmio stale data:   Not affected
Vulnerability Retbleed:          Not affected

Vulnerability Spec store bypass: Mitigation; Speculative Store Bypassdisabled via prctl and seccompVulnerability Spectre v1: Mitigation; usercopy/swapgs barriersand __user pointer sanitizationVulnerability Spectre v2: Mitigation; Enhanced IBRS, IBPBconditional, RSB filling, PBRSB-eIBRS SW sequence

Vulnerability Srbds:             Not affected
Vulnerability Tsx async abort:   Not affected
--8<---------------cut here---------------end--------------->8---

Does anyone know how to enable some sort of mitigation for Guix?

Thanks,
Christian

[Prev in Thread]

Current Thread

[Next in Thread]

Intel i7-1165G7 vulnerable to Spectre v2, Christian Gelinek <=
- Re: Intel i7-1165G7 vulnerable to Spectre v2, Felix Lechner, 2023/02/01
  - Re: Intel i7-1165G7 vulnerable to Spectre v2, Christian Gelinek, 2023/02/03
- Re: Intel i7-1165G7 vulnerable to Spectre v2, Tobias Geerinckx-Rice, 2023/02/01
  - Re: Intel i7-1165G7 vulnerable to Spectre v2, Ekaitz Zarraga, 2023/02/01
    - Disabling unprivileged BPF by default in our kernels, Tobias Geerinckx-Rice, 2023/02/01
    - Re: Disabling unprivileged BPF by default in our kernels, Leo Famulari, 2023/02/02
    - Re: Disabling unprivileged BPF by default in our kernels, Remco van 't Veer, 2023/02/02
    - Re: Disabling unprivileged BPF by default in our kernels, Tobias Geerinckx-Rice, 2023/02/02
  - Re: Intel i7-1165G7 vulnerable to Spectre v2, Christian Gelinek, 2023/02/03

Next by Date: Re: Intel i7-1165G7 vulnerable to Spectre v2
Next by thread: Re: Intel i7-1165G7 vulnerable to Spectre v2
Index(es):
- Date
- Thread