Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp2952663ybi; Mon, 17 Jun 2019 13:23:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqz7DDD3yjflD5N70l0e3yn36W/hd5YWoXql6PgPrTxNUA5AFot7xwj8/pIP18C4kLD3qG2B X-Received: by 2002:a17:902:7687:: with SMTP id m7mr27776726pll.310.1560803034716; Mon, 17 Jun 2019 13:23:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560803034; cv=none; d=google.com; s=arc-20160816; b=UYUCbjdLjV0rWAS33UuYXh0qJ4iswIICz6wIGw8Q93At65mPHdM+kc7blphkQlmGjD 3ignBYIPaTdy9gnmzswdhb2EcPWS+jebv6ePRqVj3ioE86zB5Um5Bjd/ezGM7qlCaO6Z tkZgMOpy8A6qvrWtyQ1dHu64rZnOf4r2/RPIujqhg5pDh1Bew0LS3dSVZto21zfnkof1 btXMrQoRTxLnu/khOlINgwed3WhYuyzr5BesKSw0nZDAHbWspc+1s33/UCu2Vh6yUQSq Cy2Z+MqRin0BP8ZK5zqgVofdRvt1gUSzcjq10qT2Imau0RykKr9VDOJK7zue2ZAcF48Y DKSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=0+lErPwzWoq9PcJ3ybKu+Ufs7OqNMzfId9u2xO6ndiM=; b=tLXFTV6tN8SlWtF/3BjsnqFwAdg1yfxuSzHsC/1nsl2Rs4TAvtTcG8DamRkX0IJDZd D9yqLH8LUbDlBy+egttmefogioQwsj4VsBRLQc/0dkDmK4uz9APm2fL32BVSw2lfZDql lwXc0wzYYmbb4Op81+FRFRpjpbbWagdjbZgqGqyNt8P+eS8xF5RKigAiktpAfVVzic0W nfdwo/tL//1yLsBzyVVip0KjvpFNBb+2skRQdBTih5AVkiEHCVIhClyOpQPUw6CVm2hL tGLtnma82EXySPBhz1Jm+x/lo0LKOBLawnS0qD3J70vhMEhN0ZkRwDOZe9jffOvgictW i0UQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q14si6443920pgq.588.2019.06.17.13.23.39; Mon, 17 Jun 2019 13:23:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728064AbfFQUXD (ORCPT + 99 others); Mon, 17 Jun 2019 16:23:03 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:45602 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726023AbfFQUXD (ORCPT ); Mon, 17 Jun 2019 16:23:03 -0400 Received: from p5b06daab.dip0.t-ipconnect.de ([91.6.218.171] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hcy8X-0004Us-6L; Mon, 17 Jun 2019 22:21:53 +0200 Date: Mon, 17 Jun 2019 22:21:51 +0200 (CEST) From: Thomas Gleixner To: Tim Chen cc: Alexei Starovoitov , Jonathan Corbet , Greg Kroah-Hartman , Ben Greear , stable@vger.kernel.org, Andi Kleen , Dave Hansen , Jun Nakajima , Jiri Kosina , Linus Torvalds , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Asit Mallick , Arjan van de Ven , Jon Masters , Waiman Long , Borislav Petkov , Mark Gross , LKML , x86@kernel.org Subject: Re: [PATCH v3] Documentation: Add section about CPU vulnerabilities for Spectre In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tim, On Mon, 17 Jun 2019, Tim Chen wrote: > +Spectre variant 1 attacks take advantage of speculative execution of > +conditional branches, while Spectre variant 2 attacks use speculative > +execution of indirect branches to leak privileged memory. See [1] [5] > +[7] [10] [11]. It would be great to actually link these [N] to the actual http link at the bottom. No idea what's the best way to do that. Jonathan? > +Mitigation control on the kernel command line > +--------------------------------------------- > + > +Spectre variant 2 mitigation can be disabled or force enabled at the > +kernel command line. The below renders horribly when converted to HTML You probably want to wrap these into a table > + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 > + (indirect branch prediction) vulnerability. System may > + allow data leaks with this option, which is equivalent > + to spectre_v2=off. > + > + > + spectre_v2= [X86] Control mitigation of Spectre variant 2 > + (indirect branch speculation) vulnerability. > + The default operation protects the kernel from > + user space attacks. Maybe Jonathan has a better idea. Other than those formatting detail, this looks really good. Well done! Thanks, tglx