[PVE-User] 4.15 based test kernel for PVE 5.x available
f.gruenbichler at proxmox.com
Mon Mar 12 20:08:57 CET 2018
On Mon, Mar 12, 2018 at 07:43:09PM +0100, Alexandre DERUMIER wrote:
> Is retpoline support enabled like ubuntu build ? (builded with recent gcc ?)
yes, it has KPTI for v3/Meltdown, full RETPOLINE for v2, and masking of
pointers passed from user space via array_index_mask_nospec for v1.
it does not include the originally embargoed IBRS/IBPB patch set used by
RH/Suse/Canonical in the first waves of mitigation. some parts of that
might still get included if/when they get applied upstream. passing
SPEC_CTRL/IBRS/IBPB through to VM guests should work as before (if
supported by the CPU/µcode).
More information about the pve-user