Retpoline: A Branch Target Injection Mitigation - White Paper "6th generation Intel Core Processors and its close derivatives" are what the Intel’s Retpolines document refers to as "Skylake-generation". See How to determine which modules are responsible for spectre_v2 returning "Vulnerable: Retpoline with unsafe module(s)"? for further information. If one or more kernel modules were not built with the Retpoline support, the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file will indicate vulnerability and the /var/log/messages file will identify the offending modules. This document also states that the risk of an attack is low.įor use cases where complete Spectre V2 mitigation is desired, a user can select IBRS through the kernel boot line by adding the spectre_v2=ibrs flag. Intel’s Retpoline document describes any cases of exposure.
However, note that using Retpolines in some cases may not fully mitigate Spectre V2. Red Hat has implemented this change as a result of Intel’s recommendations to align with the defaults used in the Linux community and to restore lost performance. The default mitigation for the Spectre V2 vulnerability (CVE-2017-5715) for systems with the 6th Generation Intel Core Processors and its close derivatives has changed from Indirect Branch Restricted Speculation (IBRS) to Retpolines in Red Hat Enterprise Linux 8. Spectre V2 mitigation default changed from IBRS to Retpolines Notable changes to internationalization in RHEL 8 Red Hat Enterprise Linux 8 International Languages Dynamic programming languages, web and database servers
0 kommentar(er)
