![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
The Linux kernel has fixes for Meltdown, Spectre v1 and Spectre v2. Check the status with:
$ cat /sys/devices/system/cpu/vulnerabilities/meltdown Mitigation: PTI $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v1 Mitigation: __user pointer sanitization $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 Mitigation: Full generic retpoline
You'd think that would be enough. But Linux has fucked it up. Here's the output from a Raspberry Pi 3 running 4.9.80. That ARM CPU doesn't have instruction speculation and this isn't vulnerable to Meltdown or Spectre-style bugs.
$ ls /sys/devices/system/cpu/vulnerabilities ls: cannot access '/sys/devices/system/cpu/vulnerabilities': No such file or directory
That's right. We can't tell if the CPU is immune to the issue or if the Linux kernel is too old to have a fix for the issue. A program wanting to check this is going to have to carry around a table of CPU architectures and Linux versions. Which is likely going to be wrong, because who's going to know the data a fix for Spectre made it into a MIPS build. Classic. All Linux needed to do was to create /sys/devices/system/cpu/vulnerabilities for all architectures. Sigh.