Is the official position that no patch is necessary in the Scala compiler for Meltdown & Spectre because Oracle’s patches to the JVM are sufficient?

Both are OS level fixes.

There are ASLR-type mitigation strategies that could be implemented at the JVM level. I’m just looking for confirmation that the Scala compiler is simply going to rely upon those (plus of course the OS/CPU-level patches).

I’m not at any position to confirm anything, but I don’t think there’s anything that can be done about this at the level of the Scala compiler. All the compiler can do is emit bytecode. It can’t affect the memory layout or actual cpu instructions that the JVM will employ.

1 Like

I was under the impression that both Meltdown and Spectre are specifically
cache timing vulnerabilities, and as such memory layout is irrelevant in
this context.