Christian Gelinek 写道：
> Spectre v2: Vulnerable: eIBRS with unprivileged eBPF
[…]
> Spectre v2: Mitigation; Enhanced IBRS, IBPB 
> conditional, RSB filling, PBRSB-eIBRS SW sequence

Does

  $ echo 1 | sudo tee /proc/sys/kernel/unprivileged_bpf_disabled

change this?

What does Debian's kconfig list for CONFIG_BPF_UNPRIV_DEFAULT_OFF?

Guix has it *unset* (which means default *on*) which means that 
unprivileged_bpf_disabled is 0 (which means *enabled*) because 
Linux is a hot mess and nobody cares.

Kind regards,

T G-R