On Wed, Jan 3, 2018 at 7:19 PM, Jiri Kosina <ji...@kernel.org> wrote: > On Wed, 3 Jan 2018, Andi Kleen wrote: > >> > It should be a CPU_BUG bit as we have for the other mess. And that can be >> > used for patching. >> >> It has to be done at compile time because it requires a compiler option. > > If gcc anotates indirect calls/jumps in a way that we could patch them > using alternatives in runtime, that'd be enough. > > -- > Jiri Kosina > SUSE Labs
I understand the GCC patches being discussed will fix the vulnerability because newly compiled kernels will be compiled with a GCC with these patches. But, are the GCC patches being discussed also expected to fix the vulnerability because user binaries will be compiled using them? In such case, a binary could be maliciously changed back, or a custom GCC made with the patches reverted. Please forgive me if my ignorance about all the related GCC patches makes this a stupid question.