On 17/01/18 23:00, jacksprat wrote:
Thanks for the replies. When I run the "spectre-meltdown-checker.sh"
script [github.com/speed47 <http://github.com/speed47>] I see that even
using a recent kernel [4.15-rc8] only Meltdown is covered.
The two mitigations for Spectre [IBRS or kernel compiled with
"retpoline" option with a retpoline-aware compiler] are harder for me to
achieve. The latter requires a retpoline-aware version of gcc - did
anyone try to make one? Even then, it seems I need "reptoline-aware"
versions of things like Firefox.
If my understanding is correct, IBRS is just effectively a microcode
implementation providing the same outcome as a retpoline (but
theoretically slightly faster). In both cases you still need the
compiler and resulting compiled binaries to support the feature. Just
applying the microcode to enable the IBRS instructions isn't going to do
anything without the supporting code.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng