For the past several days we have been continuing our work on the mitigation of “Meltdown” and “Spectre” - though at this point, we are focusing on the latter.
One of the more important progress is the release of AOSC OS Core 5.1.1, while containing some bugfixes and updates, comes with an updated GCC (GNU Compiler Collection) containing Clear Linux’s implementation/backport of Retpoline patch set to the 7.2 branch (which we are currently shipping). The patch set has the target to avoid “generating code which contains an indirect branch that could have its prediction poisoned by an attacker” - as described by an LLVM contributor. While it could take some serious reading to fully understand what is going on, this is a step towards a more complete mitigation of possible impacts of the “Spectre” vulnerability.
Apart from that, we have the following updates since our last report:
That’s all for now. We’ll continue the progress reports in the coming weeks, possibly.
— Mingcong Bai