Several Linux kernel versions, including 4.9, 4.14, and the upcoming 4.15, will have Retpoline support built in to mitigate against the Spectre vulnerability. Greg Kroah-Hartman, one of the head honchos overlooking kernel development, accepted the patch into the 4.9 and 4.14 kernels meaning Linux users everywhere should be secure from Spectre without any performance hits.
The exact kernel versions to look out for are 4.9.77 and 4.14.14. Unfortunately, for those of us still on Linux 4.4 and 3.18, which are still supported, there is no sign of the Retpoline patch just yet despite getting receiving other updates. Hopefully it’ll be released in a subsequent update after they’ve had time to monitor for any problems in 4.9 and 4.14.
The Retpoline patch has already been applied to Linux 4.15, which is currently nearing the end of the testing phase before being pushed as a stable release. On Sunday, Linus Torvalds pushed the eighth release candidate, which is the last planned before it goes stable next Sunday.
The Retpoline patch was created by Paul Turner, a software engineer in Google’s Technical Infrastructure group. His solution employs a software binary modification technique that prevents branch target injection. With this patch, Turner managed to mitigate the vulnerability without incurring a performance hit, which Amazon encountered when they tried their hand and creating a solution.