> > The settings relevant to Spectre are: > CONFIG_BPF_JIT - this being set to y is enough to make Intel > processors vulnerable to variant 1/2. This being set to y is > necessary, but not sufficient, for making AMD vulnerable to variant 1. > net.core.bpf_jit_enable - this being set to 1 along with the config > option being set is sufficient to make AMD vulnerable to variant 1. > This setting has no effect on making Intel vulnerable to variant 1 or > 2. I suspect this sysctl item won't appear unless it is loaded into > the kernel in the first place.
Thanks for the clarification. I checked my three systemd systems and all are; # CONFIG_BPF_JIT is not set systemd ebuild is looking for; $ grep -i bpf /usr/portage/sys-apps/systemd/systemd-2* /usr/portage/sys-apps/systemd/systemd-235-r1.ebuild: kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" /usr/portage/sys-apps/systemd/systemd-236-r4.ebuild: kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF"