slp/kernel-ibrs

Project ID: 17807

Description

This is a variant for Fedora's kernel, replacing repoline patches with upstream's IBRS.

I built this for myself, as I'm not a big fan of retpoline as a mitigation, but perhaps others may find this useful too. Future kernels from 4.15.x series will provide both mitigations, allowing the user to choose between them.

Combined with the latest microcode_ctl package (microcode_ctl-2.1-20.fc27.x86_64), this will get you some (upstream's IBRS patch is still WIP) protection against Spectre variant #2, and a /sys/kernel/debug/x86/ibrs_enabled knob with the same semantics as described in this article:

Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables.

Installation Instructions

$ sudo dnf copr enable slp/kernel-ibrs

$ sudo dnf install kernel-4.14.13-300.ibrs.fc27

$ sudo dracut --force /boot/initramfs-4.14.13-300.ibrs.fc27.x86_64.img 4.14.13-300.ibrs.fc27.x86_64

Active Releases

The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).

Release	Architectures	Repo Download

* Total number of downloaded packages.

Last Build

kernel

Build: 700832

State: succeeded

Finished: 6 years ago

Quick Enable

#> dnf copr enable slp/kernel-ibrs

More info about enabling Copr repositories

Other Actions

Report Abuse

slp/kernel-ibrs

Description

Installation Instructions

Active Releases

Last Build

kernel

Quick Enable

Other Actions

Contact us

Copr Project

Site Navigation

Powered by