Hi, I have been tracking Spectre related fixes at Linux kernel 4.4.x LTS branch, for some of our products on this kernel version.
One thing I noted is, some kernel fixes are added at upstream kernels 4.16 and 4.17, related to IBRS/IBPB capabilities and SSB fix. Few of the related commits listed below: x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.16.y&id=df35c3e66e6da210fed4a011722644cf1de590dd x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support Expose indirect_branch_prediction_barrier() for use in subsequent patches. https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=20ffa1caecca4db8f79fe665acdeaa5af815a24d x86/speculation: Use IBRS if available before calling into firmware https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dd84441a797150dcc49298ec95c459a8891d8bb1 These changes are not seen backported to 4.4.* LTS. Have few related queries: 1. Is a microcode update of IBRS/IBPB/SSB fixes alone good enough for cover from the vulnerabilities. 2. Are the kernel changes as above a must to utilize IBRS/IBPB against Spectre vulnerabilities.? 3. Is there a plan to back port above fixes to 4.4.* LTS branch?. Thanks, Paulose.
