On Mon, 2018-01-29 at 12:19 +0100, Martin Steigerwald wrote: > > The whole thing works: > > % grep . /sys/devices/system/cpu/vulnerabilities/* > > /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI > /sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable > /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic > retpoline > > I bet the virtualbox modules compiled by virtualbox-dkms will taint the > support, but I bet sooner or later they will support retpoline as well. > (Another reason to switch to KVM one day.)
As long as those are actually compiled, it should be fine. Any C code will be built with the correct CFLAGS. If they have explicit asm which has indirect jumps, that would still be a problem. We just need to port objtool into the kernel and do it at module load time, to check for that... :)
smime.p7s
Description: S/MIME cryptographic signature