More Meltdown/Spectre Variants

Four months after initial disclosure of Spectre and Meltdown, researchers have found two more variants of Spectre, called Variant 3 and 4 and vendors are working hard to push the fixes to public. Patrick who are very concern about security called the shots and update the kernels both in -stable (14.2) and -current to the latest version that should fix some of the issues.

Here's my machine (Ryzen) running latest -current tested using Spectre script:

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (Mitigation: __user pointer sanitization)
* Kernel has array_index_mask_nospec (x86):  YES  (1 occurrence(s) found of 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO
* Kernel has mask_nospec64 (arm):  NO
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)                                                                       
                                                                                                                                           
CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'                                                                            
* Mitigated according to the /sys interface:  YES  (Mitigation: Full AMD retpoline, IBPB)                                                  
* Mitigation 1                                                                                                                             
  * Kernel is compiled with IBRS support:  YES                                                                                             
    * IBRS enabled and active:  UNKNOWN                                                                                                    
  * Kernel is compiled with IBPB support:  YES                                                                                             
    * IBPB enabled and active:  YES                                                                                                        
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  YES
    * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (Not affected)
* Kernel supports Page Table Isolation (PTI):  YES
  * PTI enabled and active: dmesg: read kernel buffer failed: Operation not permitted
 UNKNOWN  (dmesg truncated, please reboot and relaunch this script)
  * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
  * CPU microcode mitigates the vulnerability:  UNKNOWN  (an up to date microcode is sufficient to mitigate this vulnerability, detection will be implemented soon)
> STATUS:  VULNERABLE  (a new microcode will mitigate this vulnerability)

CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
* Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
  * Kernel supports speculation store bypass:  YES  (found in /proc/self/status)
> STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

It seems that future kernel-firmware should have a complete fix for this issue for AMD users, while for Intel users, please make sure to get the updated intel-microcode as soon as Intel released it for public.