210473 – No mitigations for some CPU vulnerabilities on Intel(R) Celeron(R) M processor

Bug 210473 - No mitigations for some CPU vulnerabilities on Intel(R) Celeron(R) M processor

Summary: No mitigations for some CPU vulnerabilities on Intel(R) Celeron(R) M processor

Status:	NEW

Alias:	None

Product:	Platform Specific/Hardware
Classification:	Unclassified
Component:	Other (show other bugs)
Hardware:	Intel Linux

Importance:	P1 high
Assignee:	platform_other

URL:	https://bugzilla.opensuse.org/show_bu...
Keywords:

Depends on:
Blocks:

Reported:	2020-12-03 12:45 UTC by Kernel User
Modified:	2020-12-03 12:45 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	5.9.8-2-default #1 SMP Thu Nov 12 07:43:32 UTC 2020 (ea93937) i686 i386
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Kernel User 2020-12-03 12:45:46 UTC

The CPU 'Intel(R) Celeron(R) M processor' remains not fully mitigated and vulnerable to:

itlb_multihit
mds
spec_store_bypass

In the linked bug report (on openSUSE's bugzilla) it was discussed that the proper way to do this is through microcode. I understand that as well as that Intel is not going to do it for some CPUs. However as it seems per Intel's documentation software mitigation is possible (https://bugzilla.opensuse.org/show_bug.cgi?id=1163120#c15). 

Performance hit or not - if it is possible, it is correct to have it and let the user decide whether to enable it or not (e.g. through a boot flag)? There are use cases where security is more important than speed and vice versa.

*Full CPU info and details available on the link.

Note You need to log in before you can comment on or make changes to this bug.