Announcement

Collapse
No announcement yet.

Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks

    Phoronix: Linux 4.15-rc8 Bringing BPF Security Improvements For Fending Speculative Attacks

    With the Linux 4.15-rc8 kernel that is expected for release today as the final step before Linux 4.15, it's still seeing continued security improvements in the wake of the Spectre CPU vulnerabilities...

    http://www.phoronix.com/scan.php?pag...8-BPF-Security

  • #2
    Here are the Spectre v2 kernel options:
    x86/spectre: Add boot time option to select Spectre v2 mitigation
    https://git.kernel.org/pub/scm/linux...422eea71d473e0

    + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2
    + (indirect branch prediction) vulnerability. System may
    + allow data leaks with this option, which is equivalent
    + to spectre_v2=off.

    + spectre_v2= [X86] Control mitigation of Spectre variant 2
    + (indirect branch speculation) vulnerability.
    +
    + on - unconditionally enable
    + off - unconditionally disable
    + auto - kernel detects whether your CPU model is
    + vulnerable
    +
    + Selecting 'on' will, and 'auto' may, choose a
    + mitigation method at run time according to the
    + CPU, the available microcode, the setting of the
    + CONFIG_RETPOLINE configuration option, and the
    + compiler with which the kernel was built.
    +
    + Specific mitigations can also be selected manually:
    +
    + retpoline - replace indirect branches
    + retpoline,generic - google's original retpoline
    + retpoline,amd - AMD-specific minimal thunk
    +
    + Not specifying this option is equivalent to
    + spectre_v2=auto.

    Comment

    Working...
    X