Bug 210473

Summary: No mitigations for some CPU vulnerabilities on Intel(R) Celeron(R) M processor
Product: Platform Specific/Hardware Reporter: Kernel User (kernelbugs)
Component: OtherAssignee: platform_other
Status: NEW ---    
Severity: high    
Priority: P1    
Hardware: Intel   
OS: Linux   
URL: https://bugzilla.opensuse.org/show_bug.cgi?id=1163120
Kernel Version: 5.9.8-2-default #1 SMP Thu Nov 12 07:43:32 UTC 2020 (ea93937) i686 i386 Subsystem:
Regression: No Bisected commit-id:

Description Kernel User 2020-12-03 12:45:46 UTC 
The CPU 'Intel(R) Celeron(R) M processor' remains not fully mitigated and vulnerable to:

itlb_multihit
mds
spec_store_bypass

In the linked bug report (on openSUSE's bugzilla) it was discussed that the proper way to do this is through microcode. I understand that as well as that Intel is not going to do it for some CPUs. However as it seems per Intel's documentation software mitigation is possible (https://bugzilla.opensuse.org/show_bug.cgi?id=1163120#c15). 

Performance hit or not - if it is possible, it is correct to have it and let the user decide whether to enable it or not (e.g. through a boot flag)? There are use cases where security is more important than speed and vice versa.

*Full CPU info and details available on the link.