when not having installed an intel-microcode version containing the mitigation, this options disables AVX instructions, which breaks quite a lot of software (e.g. firefox, electron apps)
Reported-by: Stefan Hanreich <s.hanre...@proxmox.com> Tested-by: Stefan Hanreich <s.hanre...@proxmox.com> Signed-off-by: Stoiko Ivanov <s.iva...@proxmox.com> --- quickly build a kernel with this and Stefan tested his reproducer from yesterday without an updated microcode. debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 9a26a0bf4317..dac31d4e3749 100755 --- a/debian/rules +++ b/debian/rules @@ -98,7 +98,7 @@ PMX_CONFIG_OPTS= \ --set-str CONFIG_LSM lockdown,yama,integrity,apparmor \ -e CONFIG_PAGE_TABLE_ISOLATION \ -e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \ --e CONFIG_GDS_FORCE_MITIGATION +-d CONFIG_GDS_FORCE_MITIGATION debian/control: $(wildcard debian/*.in) sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel