On Mon, Mar 12, 2018 at 07:43:09PM +0100, Alexandre DERUMIER wrote: > Hi, > > Is retpoline support enabled like ubuntu build ? (builded with recent gcc ?)
yes, it has KPTI for v3/Meltdown, full RETPOLINE for v2, and masking of pointers passed from user space via array_index_mask_nospec for v1. it does not include the originally embargoed IBRS/IBPB patch set used by RH/Suse/Canonical in the first waves of mitigation. some parts of that might still get included if/when they get applied upstream. passing SPEC_CTRL/IBRS/IBPB through to VM guests should work as before (if supported by the CPU/µcode). _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
