[Webkit-unassigned] [Bug 188145] Hardcoded LFENCE instruction
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jul 29 12:49:27 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188145
--- Comment #7 from Yusuke Suzuki <utatane.tea at gmail.com> ---
(In reply to karogyoker2+webkit from comment #6)
> (In reply to Yusuke Suzuki from comment #3)
> > Then, what makes WebKit safe from Spectre?
>
> Good point. I was thinking a vulnerable browser is still better than a
> browser which is completely unusable. But obviously, this reasoning is not
> security oriented.
> Then maybe we should fall back to generic retpoline here, if it is possible.
> Since my C++ knowledge ends here, sadly, I cannot help on this. Maybe we
> should look into how Mozilla fixed this, because Firefox ESR 52 has Spectre
> mitigation and still supported until the end of August. Also, it doesn't
> require SSE2 (on Linux).
Firefox ESR 52 includes Firefox 49. So it does not work w/o SSE2[1].
>
> Or just release an official statement that machines without SSE2 are no
> longer supported (like Google or Mozilla did).
It seems that current supported Firefox and Chromium no longer support x86 w/o SSE2.
Windows 7 also does not support it now[2].
So I think dropping support for x86 w/o SSE2 is good solution in this case.
I've sent a mail to webkit-dev mailing list to clarify that WebKit does not support non-SSE2 x86[3].
[1]: https://support.mozilla.org/en-US/kb/your-hardware-no-longer-supported
[2]: https://support.microsoft.com/en-us/help/4088875/windows-7-update-kb4088875
[3]: https://lists.webkit.org/pipermail/webkit-dev/2018-July/030071.html
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180729/244e9ba9/attachment.html>
More information about the webkit-unassigned
mailing list