Security: Allow disabling of spectre v1 swapgs mitigation
Most of the v1 mitigation is baked into the kernel and not optional. The swapgs barriers are, however, optional. They have a negative performance impact so we disable them by using the nospectre_v1 kernel bootarg. Closes-Bug: 1860193 Depends-On: https://review.opendev.org/#/c/705822 Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> (cherry picked from commit de23dcfd0540a4ec20b3683f94250d1035e60901 in upstream stx/config repo) Change-Id: I5bc53446ba0cc345837ea3694637320531fe30d1
This commit is contained in:
parent
dbf748b56d
commit
13a66d9a02
|
@ -1,2 +1,2 @@
|
||||||
SRC_DIR="tsconfig"
|
SRC_DIR="tsconfig"
|
||||||
TIS_PATCH_VER=9
|
TIS_PATCH_VER=10
|
||||||
|
|
|
@ -60,7 +60,7 @@ sdn_enabled=no
|
||||||
region_config=no
|
region_config=no
|
||||||
system_mode=duplex
|
system_mode=duplex
|
||||||
sw_version=19.08
|
sw_version=19.08
|
||||||
security_feature="nopti nospectre_v2"
|
security_feature="nopti nospectre_v2 nospectre_v1"
|
||||||
vswitch_type=ovs-dpdk
|
vswitch_type=ovs-dpdk
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
@ -82,7 +82,7 @@ region_2_name=Region2
|
||||||
distributed_cloud_role=CloudRole
|
distributed_cloud_role=CloudRole
|
||||||
system_mode=duplex
|
system_mode=duplex
|
||||||
sw_version=19.08
|
sw_version=19.08
|
||||||
security_feature="nopti nospectre_v2"
|
security_feature="nopti nospectre_v2 nospectre_v1"
|
||||||
vswitch_type=ovs-dpdk
|
vswitch_type=ovs-dpdk
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue