Gentoo Archives: gentoo-user

From: Nikos Chantziaras <realnc@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] PSA: GCC 7.3 allows to build kernel with full Spectre v2 mitigation
Date: Mon, 29 Jan 2018 09:19:03
Message-Id: p4mop9$3e9$1@blaine.gmane.org
In Reply to: [gentoo-user] Re: Kernel 4.14.14 has meltdown / spectre info in /sys by Nikos Chantziaras
1 On 18/01/18 20:31, Nikos Chantziaras wrote:
2 > On 18/01/18 10:28, Adam Carter wrote:
3 >> Nice;
4 >>
5 >> $ ls /sys/devices/system/cpu/vulnerabilities/
6 >> meltdown  spectre_v1  spectre_v2
7 >> $ cat /sys/devices/system/cpu/vulnerabilities/meltdown
8 >> Mitigation: PTI
9 >> $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
10 >> Vulnerable
11 >> $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
12 >> Vulnerable: Minimal generic ASM retpoline
13 >
14 > Good to know! Thanks.
15 >
16 > For Spectre, GCC 7.3 is needed, which isn't released yet, but AFAIK is
17 > being fast-tracked for release by upstream. There's plans to backport to
18 > GCC 6 as well.
19
20 GCC 7.3.0 is now in the tree (~arch). If you want full mitigation
21 against Spectre v2, you need to build the kernel with that version.
22
23 For this to work, you need to enable CONFIG_RETPOLINE in the kernel:
24
25 Processor type and features
26 [*] Avoid speculative indirect branches in kernel
27
28 Rebuild kernel and modules and you should see something like this:
29
30 $ cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
31 Mitigation: Full generic retpoline

Replies