Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Changing CFLAGS to mitigate Spectre v2 #2499
According to the Google security report, in theory Spectre v2 affects not only Kernel & microcode, but also all userspace applications and libraries.
We should consider adding the following CFLAGS to the default profile in Container Linux, like:
To use that, at least Gcc 7.3 or 8.1 is needed, and the default Gcc is already 7.3. So that should be no issue.
I'm still wondering why it's not enabled by default, both from upstream Gentoo and Container Linux. I suppose it's because of one of the following:
Anyway despite all the issues, I think it's worth trying the CFLAGS.