On 02/27/2018 02:37 AM, Rafał Miłecki wrote: > There has been some talk on upcoming 17.01 fix release and Meltdown/Spectre. > > Quick summary: > 1) Most of LEDE supported devices aren't affected > 2) For most LEDE use cases these vulnerabilities don't matter > 3) 17.01 uses 4.4.116 which includes Meltdown fixes > 4) Spectre mitigation requires newer GCC and CPU microcode update > 5) Zoltan did some progress on x86 microcode update support > > So right now in some specific cases (mostly when running an unverified > software) Spectre may be a problem. > > There are two problems solving it: > > 1) Microcode updates are not (fully) available yet > It's unclear how long it will take Intel to release updates microcodes. > > 2) GCC officially supports Spectre mitigation in 7.2 and 8.0 > LEDE 17.01 uses GCC 5.4. It seems fixes are unofficially backported to the > 5.5: > https://github.com/hjl-tools/gcc/commits/hjl/indirect/gcc-5-branch/master > So the only solution for LEDE is to switch from 5.4 to 5.5 and apply > backported fixes. I'm not sure how safe it's going to be (possible > regressions caused by 5.5 update). > > If I'm wrong about anything, please let me know. > > In this situation my suggestion it to release 17.01.5 now and take > care of Spectre in another release in few months from now. What do you > think? Any objections?
Your focus appears to be on x86 which is fine, but we also have Cortex-A9 and Cortex-A15 based platforms that need to get appropriate spectre v1 and v2 fixes. Patches were posted by ARM but have not been included yet and I am being told there is another set in the works: https://patchwork.kernel.org/patch/10195309/ https://patchwork.kernel.org/patch/10195307/ https://patchwork.kernel.org/patch/10195305/ https://patchwork.kernel.org/patch/10195303/ https://patchwork.kernel.org/patch/10195311/ https://patchwork.kernel.org/patch/10195313/ I have not looked at the state of the arm64 targets in 17.01 but those could also need some fixes, -- Florian _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
