[Webkit-unassigned] [Bug 188145] Hardcoded LFENCE instruction

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jul 29 11:49:59 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=188145

--- Comment #6 from karogyoker2+webkit at gmail.com ---
(In reply to Yusuke Suzuki from comment #3)
> Then, what makes WebKit safe from Spectre?

Good point. I was thinking a vulnerable browser is still better than a browser which is completely unusable. But obviously, this reasoning is not security oriented.
Then maybe we should fall back to generic retpoline here, if it is possible. Since my C++ knowledge ends here, sadly, I cannot help on this. Maybe we should look into how Mozilla fixed this, because Firefox ESR 52 has Spectre mitigation and still supported until the end of August. Also, it doesn't require SSE2 (on Linux).

Or just release an official statement that machines without SSE2 are no longer supported (like Google or Mozilla did).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180729/6c54823a/attachment.html>


More information about the webkit-unassigned mailing list