From 13a66d9a027917a4d3010f528e0237021989b1d7 Mon Sep 17 00:00:00 2001 From: Jim Somerville Date: Mon, 27 Jan 2020 14:25:14 -0500 Subject: [PATCH] Security: Allow disabling of spectre v1 swapgs mitigation Most of the v1 mitigation is baked into the kernel and not optional. The swapgs barriers are, however, optional. They have a negative performance impact so we disable them by using the nospectre_v1 kernel bootarg. Closes-Bug: 1860193 Depends-On: https://review.opendev.org/#/c/705822 Signed-off-by: Jim Somerville (cherry picked from commit de23dcfd0540a4ec20b3683f94250d1035e60901 in upstream stx/config repo) Change-Id: I5bc53446ba0cc345837ea3694637320531fe30d1 --- tsconfig/centos/build_srpm.data | 2 +- tsconfig/tsconfig/tsconfig/tests/test_basics.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tsconfig/centos/build_srpm.data b/tsconfig/centos/build_srpm.data index f60b44e0..e5741776 100644 --- a/tsconfig/centos/build_srpm.data +++ b/tsconfig/centos/build_srpm.data @@ -1,2 +1,2 @@ SRC_DIR="tsconfig" -TIS_PATCH_VER=9 +TIS_PATCH_VER=10 diff --git a/tsconfig/tsconfig/tsconfig/tests/test_basics.py b/tsconfig/tsconfig/tsconfig/tests/test_basics.py index 0ca67ed6..fb60caaf 100644 --- a/tsconfig/tsconfig/tsconfig/tests/test_basics.py +++ b/tsconfig/tsconfig/tsconfig/tests/test_basics.py @@ -60,7 +60,7 @@ sdn_enabled=no region_config=no system_mode=duplex sw_version=19.08 -security_feature="nopti nospectre_v2" +security_feature="nopti nospectre_v2 nospectre_v1" vswitch_type=ovs-dpdk """ @@ -82,7 +82,7 @@ region_2_name=Region2 distributed_cloud_role=CloudRole system_mode=duplex sw_version=19.08 -security_feature="nopti nospectre_v2" +security_feature="nopti nospectre_v2 nospectre_v1" vswitch_type=ovs-dpdk """