11 Apr
2019
11 Apr
'19
07:20
On 10. 04. 19, 17:56, Dario Faggioli wrote: > On Wed, 2019-04-10 at 13:31 +0200, Jiri Slaby wrote: >> On 10. 04. 19, 12:31, Michael Pujos wrote: >>> >>> spectre_v2=retpoline,generic should be the default in my opinion. >>> If >>> good guys at Fedora (and other distros) are using it, so can >>> openSUSE. >> >> They don't even have IBRS support in their kernels AFAIR. >> > FWIW, they seem to have that now, at least, according to this: > >> Fedora default: http://termbin.com/0u7o > * Kernel is compiled with IBRS support: YES > * IBRS enabled and active: YES (for kernel and firmware code) The check script contains a bug: https://github.com/speed47/spectre-meltdown-checker/issues/275 It considers every occurence of "IBRS" as "IBRS is engaged". Even if it is only "IBRS_FW". >> STATUS: NOT VULNERABLE (Full retpoline + IBPB are mitigating the vulnerability) > > Which confirms (if there were any need for that) that it's our own > doing, e.g., in kernel-default... Of course, it's my patches "to blame": patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch thanks, -- js suse labs