On 26 January 2018 at 16:49, tv.deb...@googlemail.com < tv.deb...@googlemail.com> wrote:
> On 26/01/2018 22:08, Michael Lange wrote: > >> Hi, >> >> On Fri, 26 Jan 2018 21:34:51 +0530 >> "tv.deb...@googlemail.com" <tv.deb...@googlemail.com> wrote: >> >> Hi, sorry to jump into the thread this late, I didn't follow the >>> beginning. You can save yourself quite a bit of hassle by downloading >>> the upstream up-to-date vanilla kernel 4.15-rc9 and compile that with >>> Unstable gcc-7. All you need is there already and you will get as good >>> a mitigation for Spectre as one can get right now. >>> >> >> well, I just saw that gcc-7.3 arrived in sid today, so at least the >> issues with gcc-8 from experimental seem to be history. >> As far as I know the gcc-7.2 that was the latest in sid until yesterday >> was not the best option in this regard. >> >> Just for the fun of it I got rid of gcc-8 now and upgraded to gcc-7.3; at >> least now the kernel started to compile properly. Didn't have time right >> now to let it finish though, since I had to boot again into stretch. >> Probably there is a good chance that by tomorrow or so we can get a >> kernel-image upgrade from sid anyway. >> >> Regards >> >> Michael >> >> >> >> .-.. .. ...- . .-.. --- -. --. .- -. -.. .--. .-. --- ... .--. . .-. >> >> I am pleased to see that we have differences. May we together become >> greater than the sum of both of us. >> -- Surak of Vulcan, "The Savage Curtain", stardate 5906.4 >> >> > gcc-7[.2] was really gcc-7.3-rc for a while, That's what someone said to me earlier, but when I installed gcc7 as sid the other day it said I had installed 7.2.20 or something and I did wonder if it really was 7.3-rc instead but I don't think apt-cache or some other fantastic search tool would tell me that........ I seem to recall other people saying it wouldn't work so instead of reaching for dowsing rod or a ouija board I installed GCC8. MF > and was doing a good job at enabling Spectre mitigation (as tested by the > spectre-meltdown-checker and /sys/devices/system/cpu/vulnerabilities/* > entries). > No it is really gcc-7.3 and is fully capable. > > I have not tested with a 4.4.15 kernel yet, but that should work too since > most (all?) mitigation have been back-ported by now. > > That leave the firmware/microcode as the ugly blind spot since we depend > on chips and boards manufacturers to design and distribute working code. > >