Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp2954942ybi; Mon, 17 Jun 2019 13:26:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqygusDmuX3Z19tCiHUW/g8UUUt/3UKKAO60auoAT/5Ta/WwEG+gfoB74Uy51TZS4/VKLEdL X-Received: by 2002:a62:ce4f:: with SMTP id y76mr100026pfg.21.1560803070291; Mon, 17 Jun 2019 13:24:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560803070; cv=none; d=google.com; s=arc-20160816; b=shkSRjUGtI4acb+TCwrMnLV7hlYtaD8ApgTl3gxsMPQL/fEWZaAvXOYyQb7dF8J8cM 25xwwpVSz2k4Bs0q2+TZbVGbFCcya7Q5gLayPcfNKMf97E8C1KuPrAdiX5viGmIdiFCD YdUo1aECCUXoVYJ1+yIosteC78Bl7t1K6Fn6VcMai7QlE5uON+7W7B1qI6HpQ7k5wJxE ZRWXSjL8RcjTFwZfHiQg5Kkg6qB90mPnjd/K2p+1vRW+3KjdfD3GnJO0BLFOBCtgLbWl 4opcEcCYMS3xPs1K4rK5QchtiLcS25YeBK6aqpUbWTRFtTeIC3IPJvB2K9iYM2nxvXZ2 6qcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=64paai8y1+RHHyX57Ori99cTnNf4SJLE3NJzxKHdh2U=; b=NQ9/m50m7e2BvWL8jaKIvtJrkxt9HwiCpqtqQyeqJQX+Dul29QVc6LFZtbVnh5VZkf O4rZq6C4oGOEVzM7OnKKCJMIOs1phMSiwX4NGd1CzYrzZgeVTjTxUDEheMAESD8uZF9F Jl0Y/9r/s/RvdhigWdLkMfeou2G9yGl2TD2aGxP1JhtWWHXNeQTMuHuyMkKFRPu+ZBnc 8wO16/gRFHSPW7lzh/piOvmZ9KLTu54Qp4XvY3g2aa+YOjkINxUkaCmQNuhZTUZqRlEs AJxXAlMDnJKVxQtgC7YVPZxm07cT+FY8zj/JB5B2DUyrM7RY/iRZfW2fUQsjFQoAXRRR EDyg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k24si11069218pfk.195.2019.06.17.13.24.14; Mon, 17 Jun 2019 13:24:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728173AbfFQUX6 (ORCPT + 99 others); Mon, 17 Jun 2019 16:23:58 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:45621 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726023AbfFQUX6 (ORCPT ); Mon, 17 Jun 2019 16:23:58 -0400 Received: from p5b06daab.dip0.t-ipconnect.de ([91.6.218.171] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1hcyAG-0004Xp-Rt; Mon, 17 Jun 2019 22:23:41 +0200 Date: Mon, 17 Jun 2019 22:23:39 +0200 (CEST) From: Thomas Gleixner To: Tim Chen cc: Alexei Starovoitov , Jonathan Corbet , Greg Kroah-Hartman , Ben Greear , stable@vger.kernel.org, Andi Kleen , Dave Hansen , Jun Nakajima , Jiri Kosina , Linus Torvalds , Tom Lendacky , Ingo Molnar , Peter Zijlstra , Josh Poimboeuf , Andrea Arcangeli , David Woodhouse , Asit Mallick , Arjan van de Ven , Jon Masters , Waiman Long , Borislav Petkov , Mark Gross , LKML , x86@kernel.org Subject: Re: [PATCH v3] Documentation: Add section about CPU vulnerabilities for Spectre In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Tim, On Mon, 17 Jun 2019, Thomas Gleixner wrote: > Tim, > > On Mon, 17 Jun 2019, Tim Chen wrote: > > > +Spectre variant 1 attacks take advantage of speculative execution of > > +conditional branches, while Spectre variant 2 attacks use speculative > > +execution of indirect branches to leak privileged memory. See [1] [5] > > +[7] [10] [11]. > > It would be great to actually link these [N] to the actual http link at the > bottom. No idea what's the best way to do that. > > Jonathan? > > > +Mitigation control on the kernel command line > > +--------------------------------------------- > > + > > +Spectre variant 2 mitigation can be disabled or force enabled at the > > +kernel command line. > > The below renders horribly when converted to HTML > > You probably want to wrap these into a table > > > + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 > > + (indirect branch prediction) vulnerability. System may > > + allow data leaks with this option, which is equivalent > > + to spectre_v2=off. > > + > > + > > + spectre_v2= [X86] Control mitigation of Spectre variant 2 > > + (indirect branch speculation) vulnerability. > > + The default operation protects the kernel from > > + user space attacks. > > Maybe Jonathan has a better idea. But ideally you follow the table style which is used for the L1TF and MDS command line options. Thanks, tglx