starlingx
/
config
Code Issues Proposed changes

Merge "Security: Allow disabling of spectre v1 swapgs mitigation" into r/stx.3.0

This commit is contained in:
Zuul 2020-02-04 16:18:25 +00:00 committed by Gerrit Code Review
parent 7b94ee4716 7529638659
commit dbbe813dd0
6 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sysinv/cgts-client/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="cgts-client"
TIS_PATCH_VER=73
TIS_PATCH_VER=74

4
sysinv/cgts-client/cgts-client/cgtsclient/v1/isystem_shell.py
View File

@ -86,7 +86,9 @@ def do_show(cc, args):
@utils.arg('-S', '--security_feature',
metavar='<security_feature>',
choices=['spectre_meltdown_v1', 'spectre_meltdown_all'],
help='Use spectre_meltdown_v1 for spectre/meltdown v1 fixes, or spectre_meltdown_all to use all fixes')
help='Use spectre_meltdown_v1 to add linux bootargs "nopti '
'nospectre_v2 nospectre_v1", or spectre_meltdown_all to not '
'add any mitigation disabling bootargs')
def do_modify(cc, args):
"""Modify system attributes."""
isystems = cc.isystem.list()

2
sysinv/sysinv/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="sysinv"
TIS_PATCH_VER=341
TIS_PATCH_VER=342

2
sysinv/sysinv/sysinv/sysinv/common/constants.py
View File

@ -1350,7 +1350,7 @@ GLANCE_REGISTRY_DATA_API = 'glance.db.registry.api'
# kernel options for various security feature selections
SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_V1 = 'spectre_meltdown_v1'
SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_V1_OPTS = 'nopti nospectre_v2'
SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_V1_OPTS = 'nopti nospectre_v2 nospectre_v1'
SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_ALL = 'spectre_meltdown_all'
SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_ALL_OPTS = ''
SYSTEM_SECURITY_FEATURE_SPECTRE_MELTDOWN_OPTS = {

2
tsconfig/centos/build_srpm.data
View File

@ -1,2 +1,2 @@
SRC_DIR="tsconfig"
TIS_PATCH_VER=10
TIS_PATCH_VER=11

4
tsconfig/tsconfig/tsconfig/tests/test_basics.py
View File

@ -60,7 +60,7 @@ sdn_enabled=no
region_config=no
system_mode=duplex
sw_version=19.12
security_feature="nopti nospectre_v2"
security_feature="nopti nospectre_v2 nospectre_v1"
vswitch_type=ovs-dpdk
"""
@ -82,7 +82,7 @@ region_2_name=Region2
distributed_cloud_role=CloudRole
system_mode=duplex
sw_version=19.12
security_feature="nopti nospectre_v2"
security_feature="nopti nospectre_v2 nospectre_v1"
vswitch_type=ovs-dpdk
"""