On Thu, Oct 5, 2023 at 1:41 AM Yafang Shao <laoar.shao@xxxxxxxxx> wrote: > > Currently, there exists a system-wide setting related to CPU security > mitigations, denoted as 'mitigations='. When set to 'mitigations=off', it > deactivates all optional CPU mitigations. Therefore, if we implement a > system-wide 'mitigations=off' setting, it should inherently bypass Spectre > v1 and Spectre v4 in the BPF subsystem. > > Please note that there is also a 'nospectre_v1' setting on x86 and ppc > architectures, though it is not currently exported. For the time being, > let's disregard it. > > This idea emerged during our discussion about potential Spectre v1 attacks > with Luis[1]. > > [1]. https://lore.kernel.org/bpf/b4fc15f7-b204-767e-ebb9-fdb4233961fb@xxxxxxxxxxxxx/ > > Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx> > Cc: Luis Gerhorst <gerhorst@xxxxxxxxx> Acked-by: Song Liu <song@xxxxxxxxxx>
