runc icon indicating copy to clipboard operation
runc copied to clipboard

Published 20 hours ago verified publisher icon opencontainers

Add --allow-speculation option to disable IBPB/STIBP mitigation

Open KentaTada opened this issue 5 years ago • 2 comments

In https://github.com/opencontainers/runc/issues/2430#issuecomment-633763854, I considered disabling IBPB/STIBP to improve the performance impact on bytecode interpreters. This commit adds the flag which disables IBPB/STIBP mitigation for container.

Signed-off-by: Kenta Tada [email protected]

KentaTada avatar May 26 '20 10:05 KentaTada

is it something worth adding to the runtime specs?

giuseppe avatar May 27 '20 18:05 giuseppe

@giuseppe Thank you. I reconsidered this feature will be needed from other container runtimes and some use cases. So, I want to discuss this feature in https://github.com/opencontainers/runtime-spec/pull/1047 at first. I'll continue this PR after that.

KentaTada avatar May 28 '20 04:05 KentaTada