A lot of the security fixes since spectre have focused on exploiting speculative execution (a key CPU performance feature) to cross security boundaries. Defeating speculative execution when switching from user to kernel space (for example) adds a lot of overhead.
The new kernel add controls so that machines that don’t need to worry about these exploits to disable the performance killing fixes.
Title make little sense to me.
A lot of the security fixes since spectre have focused on exploiting speculative execution (a key CPU performance feature) to cross security boundaries. Defeating speculative execution when switching from user to kernel space (for example) adds a lot of overhead.
The new kernel add controls so that machines that don’t need to worry about these exploits to disable the performance killing fixes.