Re: Question on CVE-2017-5754 on Debian 8.9

Hi there, I am running kernel 4.14.14 under gentoo testing on an AMD kaveri box.

The version of GCC I am using is 7.2. Whether that means the reptoline patch is working for me I am not quite sure but it could be I guess.....

Someone who is smarter than the average bear has written a patch for the spectre problem with no performance penalty:

https://www.neowin.net/news/retpoline-patch-coming-to-linux-49-and-linux-414

I am not sure if you can do this as debian testing or experimental.

Cheers

Michael Fothergill

You can compile the kernel in debian:

https://www.debian.org/releases/jessie/i386/ch08s06.html.en

There is also a debian page on gcc7

https://wiki.debian.org/GCC7

If I ask the gentoo folks they will tell me if the KPTI and retpoline patches are turned on automatically in kernel 4.14.14

or if you have to set a specific flag when you run make menuconfig (runs in Debian too); then if GCC7 is new enough for this

you are good to go......

Cheers

Reply to:

Follow-Ups:

Re: Question on CVE-2017-5754 on Debian 8.9
- From: Richard Hector <richard@walnut.gen.nz>