On 18/01/18 20:31, Nikos Chantziaras wrote:
On 18/01/18 10:28, Adam Carter wrote:
Nice;
$ ls /sys/devices/system/cpu/vulnerabilities/
meltdown spectre_v1 spectre_v2
$ cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Vulnerable
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Vulnerable: Minimal generic ASM retpoline
Good to know! Thanks.
For Spectre, GCC 7.3 is needed, which isn't released yet, but AFAIK is
being fast-tracked for release by upstream. There's plans to backport to
GCC 6 as well.
GCC 7.3.0 is now in the tree (~arch). If you want full mitigation
against Spectre v2, you need to build the kernel with that version.
For this to work, you need to enable CONFIG_RETPOLINE in the kernel:
Processor type and features
[*] Avoid speculative indirect branches in kernel
Rebuild kernel and modules and you should see something like this:
$ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline
