From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E7B8C31E5D for ; Mon, 17 Jun 2019 20:24:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3AA3521670 for ; Mon, 17 Jun 2019 20:24:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728276AbfFQUX6 (ORCPT ); Mon, 17 Jun 2019 16:23:58 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:45621 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726023AbfFQUX6 (ORCPT ); Mon, 17 Jun 2019 16:23:58 -0400 Received: from p5b06daab.dip0.t-ipconnect.de ([91.6.218.171] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hcyAG-0004Xp-Rt; Mon, 17 Jun 2019 22:23:41 +0200 Date: Mon, 17 Jun 2019 22:23:39 +0200 (CEST) From: Thomas Gleixner To: Tim Chen cc: Alexei Starovoitov , Jonathan Corbet , Greg Kroah-Hartman , Ben Greear , stable@vger.kernel.org, Andi Kleen , Dave Hansen , Jun Nakajima , Jiri Kosina , Linus Torvalds , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Asit Mallick , Arjan van de Ven , Jon Masters , Waiman Long , Borislav Petkov , Mark Gross , LKML , x86@kernel.org Subject: Re: [PATCH v3] Documentation: Add section about CPU vulnerabilities for Spectre In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tim, On Mon, 17 Jun 2019, Thomas Gleixner wrote: > Tim, > > On Mon, 17 Jun 2019, Tim Chen wrote: > > > +Spectre variant 1 attacks take advantage of speculative execution of > > +conditional branches, while Spectre variant 2 attacks use speculative > > +execution of indirect branches to leak privileged memory. See [1] [5] > > +[7] [10] [11]. > > It would be great to actually link these [N] to the actual http link at the > bottom. No idea what's the best way to do that. > > Jonathan? > > > +Mitigation control on the kernel command line > > +--------------------------------------------- > > + > > +Spectre variant 2 mitigation can be disabled or force enabled at the > > +kernel command line. > > The below renders horribly when converted to HTML > > You probably want to wrap these into a table > > > + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 > > + (indirect branch prediction) vulnerability. System may > > + allow data leaks with this option, which is equivalent > > + to spectre_v2=off. > > + > > + > > + spectre_v2= [X86] Control mitigation of Spectre variant 2 > > + (indirect branch speculation) vulnerability. > > + The default operation protects the kernel from > > + user space attacks. > > Maybe Jonathan has a better idea. But ideally you follow the table style which is used for the L1TF and MDS command line options. Thanks, tglx