[$] Better CPU vulnerability mitigation configuration
Date:
Wed, 19 Mar 2025 15:45:44 +0000
Description:
Modern CPUs all have multiple hardware vulnerabilities that the kernel needs to mitigate;
the 6.13 kernel has workarounds for 14 security-sensitive CPU bugs just on x86_64.
Several of those have multiple variants,
or multiple mitigations that apply on different microarchitectures. There are different kernel command-line options for each of these mitigations, which leads
to a confusing situation for users trying to figure out how to configure their systems. David Kaplan recently posted a patch set that adds a single, unified command-line option for controlling
mitigations and
simplifies the logic for detecting, configuring, and
applying them as well.
If it is merged, the patch set could
make it much easier for users to navigate the complicated web of CPU vulnerabilities and their mitigations.
======================================================================
Link to news story:
https://lwn.net/Articles/1013640/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)