Oracle Linux: Selectively Disable Speculative Execution Mitigations (Doc ID 2471704.1)

Last updated on JANUARY 24, 2022

Applies to:

Linux OS - Version Oracle Linux 7.2 with Unbreakable Enterprise Kernel [4.1.12] and later
Linux x86
Linux x86-64

Purpose

This document describes circumstances under which system administrators may choose to make a risk-based decision to disable security mitigations for vulnerabilities which exploit speculative execution side-channel attacks (e.g. Spectre, Meltdown, L1TF) in order to improve system performance at a cost of increased exposure to attacks by local users or locally executing code.

Special consideration is given to Intel Skylake (SKL) family processors. Note that Oracle Linux systems default to enabling all mitigations for speculative execution side-channel vulnerabilities.

Details

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Purpose

Details

Overview

Special Consideration for Intel Skylake Processors

Scenarios Where Operators May Consider Allowing Speculative Execution

Instructions to Disable IBRS only for Skylake systems

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Linux: Selectively Disable Speculative Execution Mitigations (Doc ID 2471704.1)

Applies to:

Purpose

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!