[kernel-bugs] [Bug 1163120] No mitigations for CPU vulnerabilities
https://bugzilla.suse.com/show_bug.cgi?id=1163120 https://bugzilla.suse.com/show_bug.cgi?id=1163120#c17 Suse User <suseino@riseup.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME |--- --- Comment #17 from Suse User <suseino@riseup.net> ---
I believe Boris provided exhaustive answers to your questions.
Yes.
Upstream documentation provides all information about the current implementation of all these mitigations. We try really hard to follow upstream here. If I recall correctly, software mitigations were discussed in some cases, but they were not implemented, because of another issues they have (performance, not reliable and such).
Indeed the documentation provides info and Intel itself confirms that software-based mitigation is possible. Performance hit or not - if it is possible, why not have it and let the user decide whether to enable it or not (e.g. through a boot flag)? There are use cases where security is more important than speed and vice versa. Assuming that only the later is the preferred choice for everyone is not really correct. Let's please not forget that these issues exist exactly because of this such assumption. -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@suse.com