Comment # 8 on bug 1163120 from
> If you want an answer to something, please formulate it as an
> exact question.

- Why are L1TF and Meltdown not mitigated in kernel-default but only in
  kernel-pae?

- Is it possible to mitigate MDS and 'Spec store bypass' through kernel
  or only through microcode?

- Can L1TF, MDS or 'Spec store bypass' be exploited through web
  JavaScript, like shown in the video/papers?

> AFAIU, you're asking whether you can do something additional as a user
> in case Spectre and Meltdown are not mitigated on your CPU. But they
> *are* mitigated, on *your* machine:

The 2-part general question asked on LKML is about any system with a
vulnerable CPU hradware. It arises from the following:

A. Mitigations for some systems may not exist
B. Mitigations may exist but they are not complete fixes, as papers say
C. Browser-level mitigations are like B.

Therefore:

D. Web JavaScript (and WebAssemby) can be dangerous and one cannot
possibly verify manually each and every script while browsing the web

E. Unfortunately there are websites which don't work with JS disabled

Based on that I have formulated the 2 questions on LKML:

https://lkml.org/lkml/2019/12/8/205


You are receiving this mail because: