thestinger
commented
6 years ago There's no complete patch available, so what are you asking for exactly?
Closed ralaud closed 6 years ago
thestinger
commented
6 years ago There's no complete patch available, so what are you asking for exactly?
ralaud
commented
6 years ago There's no complete patch available
I did not know that there is no complete patch. Thanks for your fast information and for your work in linux-hardened kernel.
thestinger
commented
6 years ago I don't think there ever will be a complete patch available, unfortunately. They can only fix things on a case-by-case basis now.
thestinger
commented
6 years ago The latest release is 4.15.2.a though, so you can update to that, which has more of these fixes.
ralaud
commented
6 years ago So its necessary to upgrade CPU later, if I want a complete fix?
thestinger
commented
6 years ago If Intel or AMD ever feels like making a CPU not vulnerable to it. The kernel can work around it on a case by case basis, which they're doing, but it can never realistically be fully mitigated.
thestinger
commented
6 years ago They won't necessarily be interested in making a CPU without this vulnerability. The performance hit may be too high...
ralaud
commented
6 years ago But big companies like Google, Amazon or Microsoft could force Intel and AMD. They need to focus on security, for their Cloud services.
ralaud
commented
6 years ago Is it possible to use machine learning for automating the case by case basis?
ralaud
commented
6 years ago Case by case method is working :)
thestinger
commented
6 years ago KPTI mitigates Variant 3, retpolines nearly fully mitigate Variant 2 (with other more expensive options available) but there isn't going to be a magic bullet for Variant 1.
thestinger
commented
6 years ago Having a few things sanitized doesn't really change that it's an issue everywhere else. It's also an issue for lots of userspace programs too, not just the userspace <-> kernel boundary or remote <-> kernel boundary.
Is CVE-2017-5753 already patched ?
Because,
With regards.