1 |
> |
2 |
> The settings relevant to Spectre are: |
3 |
> CONFIG_BPF_JIT - this being set to y is enough to make Intel |
4 |
> processors vulnerable to variant 1/2. This being set to y is |
5 |
> necessary, but not sufficient, for making AMD vulnerable to variant 1. |
6 |
> net.core.bpf_jit_enable - this being set to 1 along with the config |
7 |
> option being set is sufficient to make AMD vulnerable to variant 1. |
8 |
> This setting has no effect on making Intel vulnerable to variant 1 or |
9 |
> 2. I suspect this sysctl item won't appear unless it is loaded into |
10 |
> the kernel in the first place. |
11 |
|
12 |
|
13 |
Thanks for the clarification. I checked my three systemd systems and all |
14 |
are; |
15 |
# CONFIG_BPF_JIT is not set |
16 |
|
17 |
systemd ebuild is looking for; |
18 |
$ grep -i bpf /usr/portage/sys-apps/systemd/systemd-2* |
19 |
/usr/portage/sys-apps/systemd/systemd-235-r1.ebuild: kernel_is -ge 4 |
20 |
10 && CONFIG_CHECK+=" ~CGROUP_BPF" |
21 |
/usr/portage/sys-apps/systemd/systemd-236-r4.ebuild: kernel_is -ge 4 |
22 |
10 && CONFIG_CHECK+=" ~CGROUP_BPF" |