Subj : [$] Better CPU vulnerability mitigation configuration
To   : All
From : LWN.net
Date : Wed Mar 19 2025 16:00:08

[$] Better CPU vulnerability mitigation configuration

Date:
Wed, 19 Mar 2025 15:45:44 +0000

Description:
Modern CPUs all have multiple hardware vulnerabilities that the kernel needs 
to mitigate;
the 6.13 kernel has workarounds for 14 security-sensitive CPU bugs just on 
x86_64.
Several of those have multiple variants,
or multiple mitigations that apply on different microarchitectures. There are
different kernel command-line options for each of these mitigations, which 
leads
to a confusing situation for users trying to figure out how to configure their
systems. David Kaplan recently posted a patch set that adds a single, unified 
command-line option for controlling
mitigations and
simplifies the logic for detecting, configuring, and
applying them as well.
If it is merged, the patch set could
make it much easier for users to navigate the complicated web of CPU
vulnerabilities and their mitigations.

======================================================================
Link to news story:
https://lwn.net/Articles/1013640/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.