Spectre and Meltdown

Linux Vanilla Kernel

The kernel team tries to implement an universal way to fix this issues.

$ grep . /sys/devices/system/cpu/vulnerabilities/*

here a fixed VirtualBox Guest (Slackware64 - current - 20180301)

/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline

RedHats own way

RedHat puts a lot of faith in INTEL and follows their strategy and use
a modified form a microcode. It remains to be seen if this pays of.

here a fixed AMD A6-3650 APU, 2.6GHz, Socket FM1, 4C/4T (CentOs7.4 - 20180301)


Three new boot parameter to enable/disable the features

noibrs noibpb nopti
or change them on the fly
# echo 0 > /sys/kernel/debug/x86/pti_enabled
# echo 0 > /sys/kernel/debug/x86/ibpb_enabled
# echo 0 > /sys/kernel/debug/x86/ibrs_enabled

check your current state

spectre-meltdown-checker.sh provides a nice tool to review the current state:

$ git clone https://github.com/speed47/spectre-meltdown-checker.git 
$ cd spectre-meltdown-checker/
# ./spectre-meltdown-checker.sh


kroah.com Meltdown Status - RedHat 7.5 Beta Release Notes
Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables