From: Jiri Kosina <jikos@kernel.org>
To: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Andi Kleen <ak@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Casey Schaufler <casey.schaufler@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Jon Masters <jcm@redhat.com>, Waiman Long <longman9394@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
Dave Stewart <david.c.stewart@intel.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
stable@vger.kernel.org
Subject: Re: [Patch v6 12/16] x86/speculation: Add 'seccomp' Spectre v2 app to app protection mode
Date: Wed, 21 Nov 2018 01:44:41 +0100 (CET) [thread overview]
Message-ID: <nycvar.YFH.7.76.1811210142540.21108@cbobk.fhfr.pm> (raw)
In-Reply-To: <fc2524a59454509f505e120b0b63d60efcadfc98.1542757030.git.tim.c.chen@linux.intel.com>
On Tue, 20 Nov 2018, Tim Chen wrote:
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index d2255f7..89b193c 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -4227,12 +4227,17 @@
> and STIBP mitigations against Spectre V2 attacks.
> If the CPU is not vulnerable, "off" is selected.
> If the CPU is vulnerable, the default mitigation
> - is "prctl".
> + is architecture and Kconfig dependent. See below.
> prctl - Enable mitigations per thread by restricting
> indirect branch speculation via prctl.
> Mitigation for a thread is not enabled by default to
> avoid mitigation overhead. The state of
> of the control is inherited on fork.
> + seccomp - Same as "prctl" above, but all seccomp threads
> + will disable SSB unless they explicitly opt out.
As Dave already pointed out elsewhere -- the "SSB" here is probably a
copy/paste error. It should read something along the lines of "... will
restrict indirect branch speculation ..."
Thanks,
--
Jiri Kosina
SUSE Labs
next prev parent reply other threads:[~2018-11-21 0:44 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-20 23:59 [Patch v6 00/16] Provide task property based options to enable Spectre v2 userspace-userspace protection Tim Chen
2018-11-20 23:59 ` [Patch v6 01/16] x86/speculation: Reorganize cpu_show_common() Tim Chen
2018-11-20 23:59 ` [Patch v6 02/16] x86/speculation: Add X86_FEATURE_USE_IBRS_ENHANCED Tim Chen
2018-11-20 23:59 ` [Patch v6 03/16] x86/speculation: Disable STIBP when enhanced IBRS is in use Tim Chen
2018-11-20 23:59 ` [Patch v6 04/16] x86/speculation: Rename SSBD update functions Tim Chen
2018-11-20 23:59 ` [Patch v6 05/16] x86/speculation: Reorganize speculation control MSRs update Tim Chen
2018-11-20 23:59 ` [Patch v6 06/16] smt: Create cpu_smt_enabled static key for SMT specific code Tim Chen
2018-11-20 23:59 ` [Patch v6 07/16] x86/smt: Convert cpu_smt_control check to cpu_smt_enabled static key Tim Chen
2018-11-21 0:00 ` [Patch v6 08/16] x86/speculation: Turn on or off STIBP according to a task's TIF_STIBP Tim Chen
2018-11-21 0:00 ` [Patch v6 09/16] x86/speculation: Add Spectre v2 app to app protection modes Tim Chen
2018-11-21 0:00 ` [Patch v6 10/16] x86/speculation: Create PRCTL interface to restrict indirect branch speculation Tim Chen
2018-11-21 0:00 ` [Patch v6 11/16] x86/speculation: Enable IBPB for tasks with TIF_SPEC_BRANCH_SPECULATION Tim Chen
2018-11-21 0:00 ` [Patch v6 12/16] x86/speculation: Add 'seccomp' Spectre v2 app to app protection mode Tim Chen
2018-11-21 0:44 ` Jiri Kosina [this message]
2018-11-21 0:54 ` Tim Chen
2018-11-21 0:00 ` [Patch v6 13/16] security: Update speculation restriction of a process when modifying its dumpability Tim Chen
2018-11-21 0:00 ` [Patch v6 14/16] x86/speculation: Use STIBP to restrict speculation on non-dumpable task Tim Chen
2018-11-21 1:27 ` Linus Torvalds
2018-11-21 6:14 ` Jiri Kosina
2018-11-21 17:41 ` Tim Chen
2018-11-21 19:32 ` Linus Torvalds
2018-11-21 20:07 ` Dave Hansen
2018-11-21 20:26 ` Linus Torvalds
2018-11-21 0:00 ` [Patch v6 15/16] sched/smt: Make sched_smt_present track topology Tim Chen
2018-11-21 0:00 ` [Patch v6 16/16] x86/smt: Allow disabling of SMT when last SMT is offlined Tim Chen
2018-11-21 0:44 ` [Patch v6 00/16] Provide task property based options to enable Spectre v2 userspace-userspace protection Tim Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.YFH.7.76.1811210142540.21108@cbobk.fhfr.pm \
--to=jikos@kernel.org \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=asit.k.mallick@intel.com \
--cc=casey.schaufler@intel.com \
--cc=dave.hansen@intel.com \
--cc=david.c.stewart@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jcm@redhat.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman9394@gmail.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).