SERVER:~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline, IBPB, STIBP, RSB filling - vulnerable module loaded
SERVER:~ #
问题:但是如何检测 lsmod (?) 中的哪个模块容易受到 spectre_v2 的攻击? SLES 12.3。
答案1
SERVER:~ # awk '{module=$1; retpcheck="modinfo "module" | grep -c retpoline"; retpcheck | getline found; close(retpcheck); if (!found) {print "VULNERABLE - No Retpoline found - "module}}' /proc/modules
VULNERABLE - No Retpoline found - mlx4_ib
VULNERABLE - No Retpoline found - mlx4_en
VULNERABLE - No Retpoline found - mlx4_core
VULNERABLE - No Retpoline found - mlx5_ib
VULNERABLE - No Retpoline found - mlx5_core
VULNERABLE - No Retpoline found - mlxfw
VULNERABLE - No Retpoline found - mlx_compat
SERVER:~ #