This update comes to us courtesy of tmb, our kernel magician:
Since we released 4.14.18 yesterday, we now are in pretty good shape with the mitigations, especially on x86_64. We now have bits in place for Spectre v1, v2 and Meltdown.
Of course over the coming weeks/months there will be more follow-up fixes upstream to cover corner cases, missed fixes and improvements for all of this…
And we still need Intel and AMD to release microcodes so hardware vendors can release updated BIOS/EFI firmwares and to the public so we can provide microcode updates in case of vendors not providing new BIOS/EFI firmwares.
Oh, and for those that like to check 🙂 The official way of checking the kernel status is:
grep . /sys/devices/system/cpu/vulnerabilities/*
We still lack meltdown support for 32bit in mga6, but we have now (Feb 9th) merged the upstream suggested patches for it in Cauldron, so a kernel with those patches will land in testing later today along with an update to 4.14.19
It still lacks some performance related bits, but we are getting there.
Many thanks to tmb for taking the time to bring us this update!
Edit: we corrected the grep command due to the helpful comments.