Documentation/admin-guide/kernel-parameters.txt

2271 			Default: enabled on cores which need mitigation.
2373 	kvm-intel.vmentry_l1d_flush=[KVM,Intel] Mitigation for L1 Terminal Fault
2381 			never:	Disables the mitigation
2389 	l1tf=           [X86] Control mitigation of the L1TF vulnerability on
2416 				hypervisor mitigation, i.e. conditional
2429 				hypervisor mitigation.
2714 			Control mitigation for the Micro-architectural Data
2726 			This parameter controls the MDS mitigation. The
2729 			full       - Enable MDS mitigation on vulnerable CPUs
2730 			full,nosmt - Enable MDS mitigation and disable
2732 			off        - Unconditionally disable MDS mitigation
2735 			an active TAA mitigation as both vulnerabilities are
2737 			this mitigation, you need to specify tsx_async_abort=off
2970 			[X86,INTEL] Control mitigation for the Processor
2977 			Therefore, similar to MDS and TAA, the mitigation
2980 			This parameter controls the mitigation. The
2983 			full       - Enable mitigation on vulnerable CPUs
2985 			full,nosmt - Enable mitigation and disable SMT on
2988 			off        - Unconditionally disable mitigation
2992 			MDS or TAA mitigation as these vulnerabilities are
2994 			disable this mitigation, you need to specify
4761 	retbleed=	[X86] Control mitigation of RETBleed (Arbitrary
4771 			off          - no mitigation
4773 			auto,nosmt   - automatically select a mitigation,
4775 				       the full mitigation (only on Zen1
4793 			Selecting 'auto' will choose a mitigation method at run
5114 	spectre_v2=	[X86] Control mitigation of Spectre variant 2
5127 			mitigation method at run time according to the
5132 			Selecting 'on' will also enable the mitigation
5153 			[X86] Control mitigation of Spectre variant 2
5164 				  but mitigation can be enabled via prctl
5165 				  per thread.  The mitigation control state
5176 				  threads will enable the mitigation unless
5185 			auto    - Kernel selects the mitigation depending on
5188 			Default mitigation:
5195 			[HW] Control Speculative Store Bypass (SSB) Disable mitigation
5221 				  picks the most appropriate mitigation. If the
5223 				  CPU is vulnerable the default mitigation is
5275 			(SRBDS) mitigation.
5287 			The microcode mitigation can be disabled with
5290 			off:    Disable mitigation and remove
5315 			firmware based mitigation, this parameter
5316 			indicates how the mitigation should be used:
5318 			force-on:  Unconditionally enable mitigation for
5320 			force-off: Unconditionally disable mitigation for
5322 			kernel:    Always enable mitigation in the
5660 	tsx_async_abort= [X86,INTEL] Control mitigation for the TSX Async
5675 			This parameter controls the TAA mitigation.  The
5678 			full       - Enable TAA mitigation on vulnerable CPUs
5681 			full,nosmt - Enable TAA mitigation and disable SMT on
5685 			off        - Unconditionally disable TAA mitigation
5688 			prevented by an active MDS mitigation as both vulnerabilities
5690 			this mitigation, you need to specify mds=off too.
5694 			and deploy MDS mitigation, TAA mitigation is not
5696 			mitigation.