[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Intel i7-1165G7 vulnerable to Spectre v2
|
From: |
Christian Gelinek |
|
Subject: |
Re: Intel i7-1165G7 vulnerable to Spectre v2 |
|
Date: |
Fri, 3 Feb 2023 10:13:11 +0000 |
On 1/2/23 15:58, Tobias Geerinckx-Rice wrote:
Christian Gelinek 写道:
Spectre v2: Vulnerable: eIBRS with unprivileged eBPF
[…]
Spectre v2: Mitigation; Enhanced IBRS, IBPB conditional, RSB filling,
PBRSB-eIBRS SW sequence
Does
$ echo 1 | sudo tee /proc/sys/kernel/unprivileged_bpf_disabled
change this?
It does, thank you! This is the updated output line of `lscpu`:
Spectre v2: Mitigation; Enhanced IBRS, IBPB conditional, RSB filling,
PBRSB-eIBRS SW sequence
which matches the output I saw when I was running Debian 11.
How can I make this change permanent, ideally surviving both reboots as
well as `guix system reconfigure` invocations?
Or do we think this will be soon compiled into the kernel, if I
understood Remco's message [0] and your response [1] to that correctly,
and therefore coming "for free" (for me, anyway) by `reconfigure`ing?
Kinde regards,
Christian
[0]: https://lists.gnu.org/archive/html/help-guix/2023-02/msg00008.html
[1]: https://lists.gnu.org/archive/html/help-guix/2023-02/msg00009.html