Security: Handle nospectre_v1 in the bootargs
Most of the v1 mitigation is baked into the kernel and not
optional. The swapgs barriers are, however, optional.
They have a negative performance impact so we disable them
by using the nospectre_v1 kernel bootarg.
Partial-Bug: 1860193
Depends-On: https://review.opendev.org/#/c/705300
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
(cherry picked from commit 91f488af02
)
Change-Id: I88c8fafe558c5f03a9d0af7c42a668decef18f5a
This commit is contained in:
parent
e7e89778b8
commit
2a7cb246a1
|
@ -91,6 +91,10 @@ grep -q 'nospectre_v2' /proc/cmdline
|
|||
if [ $? -eq 0 ]; then
|
||||
KERN_OPTS="${KERN_OPTS} nospectre_v2"
|
||||
fi
|
||||
grep -q 'nospectre_v1' /proc/cmdline
|
||||
if [ $? -eq 0 ]; then
|
||||
KERN_OPTS="${KERN_OPTS} nospectre_v1"
|
||||
fi
|
||||
|
||||
perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub
|
||||
|
||||
|
|
|
@ -38,6 +38,10 @@ grep -q 'nospectre_v2' /proc/cmdline
|
|||
if [ $? -eq 0 ]; then
|
||||
KERN_OPTS="${KERN_OPTS} nospectre_v2"
|
||||
fi
|
||||
grep -q 'nospectre_v1' /proc/cmdline
|
||||
if [ $? -eq 0 ]; then
|
||||
KERN_OPTS="${KERN_OPTS} nospectre_v1"
|
||||
fi
|
||||
|
||||
perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub
|
||||
|
||||
|
|
|
@ -32,6 +32,10 @@ grep -q 'nospectre_v2' /proc/cmdline
|
|||
if [ $? -eq 0 ]; then
|
||||
KERN_OPTS="${KERN_OPTS} nospectre_v2"
|
||||
fi
|
||||
grep -q 'nospectre_v1' /proc/cmdline
|
||||
if [ $? -eq 0 ]; then
|
||||
KERN_OPTS="${KERN_OPTS} nospectre_v1"
|
||||
fi
|
||||
|
||||
perl -pi -e 's/(GRUB_CMDLINE_LINUX=.*)\"/\1'"$KERN_OPTS"'\"/g' /etc/default/grub
|
||||
|
||||
|
|
|
@ -10,5 +10,5 @@ sdn_enabled=no
|
|||
region_config=no
|
||||
system_mode=@SYS_MODE@
|
||||
sw_version=@SW_VERSION@
|
||||
security_feature="nopti nospectre_v2"
|
||||
security_feature="nopti nospectre_v2 nospectre_v1"
|
||||
vswitch_type=ovs-dpdk
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
SRC_DIR="${GIT_BASE}/bsp-files"
|
||||
COPY_LIST="$PKG_BASE/LICENSE"
|
||||
TIS_PATCH_VER=3
|
||||
TIS_PATCH_VER=4
|
||||
|
|
Loading…
Reference in New Issue