starlingx/config
Code Issues Proposed changes

Security: Allow disabling of spectre v1 swapgs mitigation

Browse Source 
Most of the v1 mitigation is baked into the kernel and not
optional.  The swapgs barriers are, however, optional.
They have a negative performance impact so we disable them
by using the nospectre_v1 kernel bootarg.

Change-Id: Ia5938249ad0f0a53435251e505dac843b923ad62
Closes-Bug: 1860193
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
This commit is contained in:
Jim Somerville
2020-01-27 14:25:14 -05:00
parent a1b8c9f1be
commit de23dcfd05
6 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tsconfig/centos/build_srpm.data
View File

@@ -1,2 +1,2 @@
SRC_DIR="tsconfig"
TIS_PATCH_VER=10
TIS_PATCH_VER=11

4
tsconfig/tsconfig/tsconfig/tests/test_basics.py
View File

@@ -60,7 +60,7 @@ sdn_enabled=no
region_config=no
system_mode=duplex
sw_version=19.09
security_feature="nopti nospectre_v2"
security_feature="nopti nospectre_v2 nospectre_v1"
vswitch_type=ovs-dpdk
"""
@@ -82,7 +82,7 @@ region_2_name=Region2
distributed_cloud_role=CloudRole
system_mode=duplex
sw_version=19.09
security_feature="nopti nospectre_v2"
security_feature="nopti nospectre_v2 nospectre_v1"
vswitch_type=ovs-dpdk
"""