| 1 |
> |
| 2 |
> The settings relevant to Spectre are: |
| 3 |
> CONFIG_BPF_JIT - this being set to y is enough to make Intel |
| 4 |
> processors vulnerable to variant 1/2. This being set to y is |
| 5 |
> necessary, but not sufficient, for making AMD vulnerable to variant 1. |
| 6 |
> net.core.bpf_jit_enable - this being set to 1 along with the config |
| 7 |
> option being set is sufficient to make AMD vulnerable to variant 1. |
| 8 |
> This setting has no effect on making Intel vulnerable to variant 1 or |
| 9 |
> 2. I suspect this sysctl item won't appear unless it is loaded into |
| 10 |
> the kernel in the first place. |
| 11 |
|
| 12 |
|
| 13 |
Thanks for the clarification. I checked my three systemd systems and all |
| 14 |
are; |
| 15 |
# CONFIG_BPF_JIT is not set |
| 16 |
|
| 17 |
systemd ebuild is looking for; |
| 18 |
$ grep -i bpf /usr/portage/sys-apps/systemd/systemd-2* |
| 19 |
/usr/portage/sys-apps/systemd/systemd-235-r1.ebuild: kernel_is -ge 4 |
| 20 |
10 && CONFIG_CHECK+=" ~CGROUP_BPF" |
| 21 |
/usr/portage/sys-apps/systemd/systemd-236-r4.ebuild: kernel_is -ge 4 |
| 22 |
10 && CONFIG_CHECK+=" ~CGROUP_BPF" |
Archives