>>yes, it has KPTI for v3/Meltdown, full RETPOLINE for v2, and masking of >>pointers passed from user space via array_index_mask_nospec for v1.
>>it does not include the originally embargoed IBRS/IBPB patch set used by >>RH/Suse/Canonical in the first waves of mitigation. some parts of that >>might still get included if/when they get applied upstream. passing >>SPEC_CTRL/IBRS/IBPB through to VM guests should work as before (if >>supported by the CPU/µcode). Great ! Congrat to all proxmox team ! ----- Mail original ----- De: "Fabian Grünbichler" <[email protected]> À: "proxmoxve" <[email protected]> Envoyé: Lundi 12 Mars 2018 20:08:57 Objet: Re: [PVE-User] 4.15 based test kernel for PVE 5.x available On Mon, Mar 12, 2018 at 07:43:09PM +0100, Alexandre DERUMIER wrote: > Hi, > > Is retpoline support enabled like ubuntu build ? (builded with recent gcc ?) yes, it has KPTI for v3/Meltdown, full RETPOLINE for v2, and masking of pointers passed from user space via array_index_mask_nospec for v1. it does not include the originally embargoed IBRS/IBPB patch set used by RH/Suse/Canonical in the first waves of mitigation. some parts of that might still get included if/when they get applied upstream. passing SPEC_CTRL/IBRS/IBPB through to VM guests should work as before (if supported by the CPU/µcode). _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user _______________________________________________ pve-user mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
