История изменений

а я отключил на некоторых машинах сие.
$ dmesg | grep boot
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.0.0-29-generic root=UUID=0bb4f50e-ed9b-4b9e-8bfc-30771785be37 ro lapic noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable; SMT disabled
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, STIBP: disabled

а я отключил на некоторых машинах сие.
$ dmesg | grep boot Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.0.0-29-generic root=UUID=0bb4f50e-ed9b-4b9e-8bfc-30771785be37 ro lapic noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off

$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion
/sys/devices/system/cpu/vulnerabilities/mds:Vulnerable; SMT disabled
/sys/devices/system/cpu/vulnerabilities/meltdown:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Vulnerable, STIBP: disabled

а я отключил на некоторых машинах сие.
$ dmesg | grep boot Kernel command line: BOOT_IMAGE=/boot/vmlinuz-5.0.0-29-generic root=UUID=0bb4f50e-ed9b-4b9e-8bfc-30771785be37 ro lapic noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off