mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-09 20:30:23 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add info regarding the downsides of disabling SMT

Browse Source
This commit is contained in:
Raja Grewal 2024-07-17 13:32:08 +10:00
parent 49594ccb22
commit 81a3715c7c
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/default/grub.d/40_cpu_mitigations.cfg
View File

@ -17,9 +17,12 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX mitigations=auto,nosmt"
## Disable SMT as it has been the cause of and amplified numerous CPU exploits. ## Disable SMT as it has been the cause of and amplified numerous CPU exploits.
## The only full mitigation of cross-HT attacks is to disable SMT. ## The only full mitigation of cross-HT attacks is to disable SMT.
## Disabling will significantly decrease system performance on multi-threaded tasks.
## To enable SMT, remove this line all other occurrences of "nosmt" in this file.
## ##
## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/core-scheduling.html ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/core-scheduling.html
## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17 ## https://forums.whonix.org/t/should-all-kernel-patches-for-cpu-bugs-be-unconditionally-enabled-vs-performance-vs-applicability/7647/17
## https://github.com/anthraxx/linux-hardened/issues/37#issuecomment-619597365
## ##
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nosmt=force"