On 02/20/18 15:51, Paul Allen Newell wrote:
In earlier email in this thread, you stated:
Yes. As long as you don't have kernel modules which were built with a
non-patched gcc.
ls /sys/devices/system/cpu/vulnerabilities/*
cat /sys/devices/system/cpu/vulnerabilities/*
This file is new to me ... do you happen to know about when it was introduced and
if there is any documentation on it (I couldn't find anything but I feel I was
grasping in the dark as I must be missing something).
Looking at the changelog for the kernel, my guess is that they were introduced around
Jan 10 of this year. Maybe with the 4.14.13 kernel. I don't happen to have an
earlier one running. Except for a Live image which is at 4.13.9 and they aren't
there.
I've not done, but probably should, look at the BZ reports noted in the changelog as
well as the CVE reports.
For example, the changelog has...
* Wed Jan 10 2018 Justin M. Forbes <jforbes(a)fedoraproject.org> - 4.14.13-300
- Linux v4.14.13
- Iniital retpoline fixes for Spectre v2
From what I can tell in this thread, this is a good new addition
I would say so.
--
A motto of mine is: When in doubt, try it out