Gentoo Archives: gentoo-user

From:	Nikos Chantziaras <realnc@×××××.com>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Re: some spectre v1 code in 4.15.2
Date:	Tue, 13 Feb 2018 01:13:33
Message-Id:	`p5tdud$u3e$1@blaine.gmane.org`
In Reply to:	[gentoo-user] some spectre v1 code in 4.15.2 by Adam Carter

1	On 12/02/18 11:51, Adam Carter wrote:
2	> $ grep . /sys/devices/system/cpu/vulnerabilities/*
3	> /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
4	> /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user
5	> pointer sanitization
6	> /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full
7	> generic retpoline
8
9	One other thing that's landed, is an option to completely disable the
10	BPF interpreter in the kernel and force BPF JIT. Apparently, and
11	contrary to what people (me included) wrote here in the past, BPF JIT is
12	the secure option, and the interpreter is the insecure one.
13
14	The option is CONFIG_BPF_JIT_ALWAYS_ON. The prompt for it only becomes
15	available after enabling CONFIG_BPF_JIT.

Subject	Author
[gentoo-user] Re: some spectre v1 code in 4.15.2	Ian Zimmerman <itz@××××××××××××.org>