[PVE-User] 4.15 based test kernel for PVE 5.x available

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Mar 12 20:08:57 CET 2018


On Mon, Mar 12, 2018 at 07:43:09PM +0100, Alexandre DERUMIER wrote:
> Hi,
> 
> Is retpoline support enabled like ubuntu build ? (builded with recent gcc ?)

yes, it has KPTI for v3/Meltdown, full RETPOLINE for v2, and masking of
pointers passed from user space via array_index_mask_nospec for v1.

it does not include the originally embargoed IBRS/IBPB patch set used by
RH/Suse/Canonical in the first waves of mitigation. some parts of that
might still get included if/when they get applied upstream. passing
SPEC_CTRL/IBRS/IBPB through to VM guests should work as before (if
supported by the CPU/µcode).



More information about the pve-user mailing list