CORE 5.1.1, "MELTDOWN", AND "SPECTRE"

JANUARY 10, 2018

Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. – Linus Torvalds

For the past several days we have been continuing our work on the mitigation of “Meltdown” and “Spectre” - though at this point, we are focusing on the latter.

One of the more important progress is the release of AOSC OS Core 5.1.1, while containing some bugfixes and updates, comes with an updated GCC (GNU Compiler Collection) containing Clear Linux’s implementation/backport of Retpoline patch set to the 7.2 branch (which we are currently shipping). The patch set has the target to avoid “generating code which contains an indirect branch that could have its prediction poisoned by an attacker” - as described by an LLVM contributor. While it could take some serious reading to fully understand what is going on, this is a step towards a more complete mitigation of possible impacts of the “Spectre” vulnerability.

Apart from that, we have the following updates since our last report:

  • Kernels. With the introduction of Retpoline patches to GCC, the 4.14 branch of Kernels (“Mainline” and “Libre”) has been rebulit with the patches from Clear Linux to include similar fixes in the Kernels. No patch had been made available for our 4.9 branch of Kernel yet.
  • NVIDIA. A new driver release, version 390.12 has been released to address the Spectre-related vulnerabilities. No statement from NVIDIA about the 340 branch for older cards has been issued, though question has been raised in the NVIDIA DevTalk Forum.

That’s all for now. We’ll continue the progress reports in the coming weeks, possibly.

— Mingcong Bai

1515594931923