Revised Patches Out For New Kernel "mitigations=" Option For Toggling Spectre/Meltdown
Written by Michael Larabel in Linux Security on 16 April 2019 at 05:59 PM EDT. 2 Comments
LINUX SECURITY --
The effort to provide a more convenient / easy to remember kernel option for toggling Spectre/Meltdown mitigations is out with a second revision and they have also shortened the option to remember.

See the aforelinked article if the topic is new to you, but this is about an arguably long overdue ability to easily control the Spectre/Meltdown behavior -- or configurable CPU mitigations in general to security vulnerabilities -- via a single kernel flag/switch. For the past year and a half of Spectre/Meltdown/L1TF mitigations there has been various different flags to tweak the behavior of these mitigations but not offering a single, easy-to-remember switch if say wanting to disable them in the name of restoring/better performance.

The patches by Red Hat developer Josh Poimboeuf sent out earlier this month allowed a consolidated option of cpu_spec_mitigations= to control these mitigations with values like off to disable all of them outright. With today's "V2" patches, the flag has been renamed simply to "mitigations=."

mitigations=off added to the kernel command line parameters would disable the relevant mitigations. There are also currently supported flags for auto and auto,nosmt if wanting to disable SMT/HT. The individual flags will remain while this is more of a convenience switch rather than having to keep track of all the different options for those wanting either a binary approach to handling of speculative execution vulnerabilities.

Besides renaming of the option, these revised patches also have fixes around the Arm and POWER handling. More details via this patch series and hopefully it will be accepted for the upcoming Linux 5.2 cycle.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Linux Security News
Popular News This Week