My Oracle Support Banner

Oracle Linux: Selectively Disable Speculative Execution Mitigations (Doc ID 2471704.1)

Last updated on DECEMBER 05, 2018

Applies to:

Linux OS - Version Oracle Linux 7.2 with Unbreakable Enterprise Kernel [4.1.12] and later
Linux x86
Linux x86-64

Purpose

This document describes circumstances under which system administrators may choose to make a risk-based decision to disable security mitigations for vulnerabilities which exploit speculative execution side-channel attacks (e.g. Spectre, Meltdown, L1TF) in order to improve system performance at a cost of increased exposure to attacks by local users or locally executing code. 

Special consideration is given to Intel Skylake (SKL) family processors. Note that Oracle Linux systems default to enabling all mitigations for speculative execution side-channel vulnerabilities.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Details
 Overview
 Special Consideration for Intel Skylake Processors
 Scenarios Where Operators May Consider Allowing Speculative Execution
 Instructions to Disable IBRS only for Skylake systems  
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.