Tim,
On Fri, 16 Nov 2018, Tim Chen wrote:
> Add new protection modes for Spectre v2 mitigations against
> Spectre v2 attacks on user processes. There are three modes:
>
> strict mode:
> In this mode, IBPB and STIBP are deployed full
> time to protect all processes.
>
> lite mode:
> In this mode, IBPB and STIBP are only deployed on
> processes marked with TIF_STIBP flag.
>
> none mode:
> In this mode, no mitigations are deployed.
>
> The protection mode can be specified by the spectre_v2_app2app
> boot parameter with the following semantics:
>
> spectre_v2_app2app=
> off - Turn off mitigation
> lite - Protect processes which are marked non-dumpable
> strict - Protect all processes
> auto - Kernel selects the mode
Is there any reason why we need yet another naming convention?
pti= on, off, auto
spectre_v2= on, off, auto
spec_store_bypass_disable = on, off, auto, prctl, seccomp
> Not specifying this option is equivalent to
> spectre_v2_app2app=auto.
For better understanding it's nowhere documented what auto does.
> + spectre_v2_app2app=
> + [X86] Control mitigation of Spectre variant 2
> + application to application (indirect branch speculation)
> + vulnerability.
> +
> + off - Unconditionally disable mitigations
> + lite - Protect tasks which have requested restricted
> + indirect branch speculation via the
> + PR_SET_SPECULATION_CTRL prctl().
> + strict - Protect all processes
> + auto - Kernel selects the mode
> +
> + Not specifying this option is equivalent to
> + spectre_v2_app2app=auto.
> +
> + Setting spectre_v2=off will also turn off this
> mitigation.
> +
> + Setting spectre_v2=on implies unconditionally enabling
> + this mitigation.
Can we please have a full documentation for all the spectre_v2 stuff
similar to l1tf?
Thanks,
tglx
