I was under the impression that the changes for Clang with retropipe was for specter. Mitigation of it then can be done by recompiling... everything.
> Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities disclosed today, specifically identified by CVE-2017-5715, "Branch Target Injection", and is one of the two halves to Spectre..
Yes, but then you'd just end up with having a vulnerable application running inside of the VM. The mitigations in the compilers are for making programs compiled by those compilers immune(ish?) to Spectre, not to make it impossible for those programs to use Spectre to attack other processes.
You can, but spectre only affects your own process, and if you can compile/run your program, it's unlikely that exploiting anything to read the memory of your own process is any danger.
Meltdown: Easier to exploit, fixable in software but perhaps up to a 30% performance hit for some operations.
Spectre: Harder to exploit, not fixable in software, needs new hardware.
See these two links for more detail:
https://twitter.com/nicoleperlroth/status/948684376249962496
https://googleprojectzero.blogspot.co.uk/2018/01/reading-pri...