Security: System security option includes nospectre_v1
Most of the v1 mitigation is baked into the kernel and not optional. The swapgs barriers are, however, optional. They have a negative performance impact so we disable them by using the nospectre_v1 kernel bootarg. Partial-Bug: 1860193 Depends-On: https://review.opendev.org/#/c/704406 Change-Id: I6281166c53b13124800b4061ebe08f85d5175d6a Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
This commit is contained in:
parent
a8acbf01c5
commit
b7c6c2a168
@ -2413,7 +2413,7 @@ def modify_spectre_meltdown_version(version='spectre_meltdown_all',
|
||||
|
||||
from keywords import host_helper
|
||||
hosts = get_hosts(con_ssh=con_ssh)
|
||||
check_val = 'nopti nospectre_v2'
|
||||
check_val = 'nopti nospectre_v2 nospectre_v1'
|
||||
if check_first and version == current_version:
|
||||
LOG.info(
|
||||
"{} already set in 'system show'. Checking actual cmdline options "
|
||||
|
Loading…
Reference in New Issue
Block a user