Browse Source

Security: System security option includes nospectre_v1

Most of the v1 mitigation is baked into the kernel and not
optional.  The swapgs barriers are, however, optional.
They have a negative performance impact so we disable them
by using the nospectre_v1 kernel bootarg.

Partial-Bug: 1860193
Depends-On: https://review.opendev.org/#/c/704406
Change-Id: I6281166c53b13124800b4061ebe08f85d5175d6a
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
changes/55/704455/2
Jim Somerville 2 months ago
parent
commit
b7c6c2a168
1 changed files with 1 additions and 1 deletions
  1. +1
    -1
      automated-pytest-suite/keywords/system_helper.py

+ 1
- 1
automated-pytest-suite/keywords/system_helper.py View File

@@ -2413,7 +2413,7 @@ def modify_spectre_meltdown_version(version='spectre_meltdown_all',

from keywords import host_helper
hosts = get_hosts(con_ssh=con_ssh)
check_val = 'nopti nospectre_v2'
check_val = 'nopti nospectre_v2 nospectre_v1'
if check_first and version == current_version:
LOG.info(
"{} already set in 'system show'. Checking actual cmdline options "


Loading…
Cancel
Save