Revised Patches Out For New Kernel "mitigations=" Option For Toggling Spectre/Meltdown

The effort to provide a more convenient / easy to remember kernel option for toggling Spectre/Meltdown mitigations is out with a second revision and they have also shortened the option to remember.

See the aforelinked article if the topic is new to you, but this is about an arguably long overdue ability to easily control the Spectre/Meltdown behavior -- or configurable CPU mitigations in general to security vulnerabilities -- via a single kernel flag/switch. For the past year and a half of Spectre/Meltdown/L1TF mitigations there has been various different flags to tweak the behavior of these mitigations but not offering a single, easy-to-remember switch if say wanting to disable them in the name of restoring/better performance.

The patches by Red Hat developer Josh Poimboeuf sent out earlier this month allowed a consolidated option of cpu_spec_mitigations= to control these mitigations with values like off to disable all of them outright. With today's "V2" patches, the flag has been renamed simply to "mitigations=."

mitigations=off added to the kernel command line parameters would disable the relevant mitigations. There are also currently supported flags for auto and auto,nosmt if wanting to disable SMT/HT. The individual flags will remain while this is more of a convenience switch rather than having to keep track of all the different options for those wanting either a binary approach to handling of speculative execution vulnerabilities.

Besides renaming of the option, these revised patches also have fixes around the Arm and POWER handling. More details via this patch series and hopefully it will be accepted for the upcoming Linux 5.2 cycle.