On 11/19/2018 05:32 AM, Thomas Gleixner wrote: > Tim, > > On Fri, 16 Nov 2018, Tim Chen wrote: > >> Add new protection modes for Spectre v2 mitigations against >> Spectre v2 attacks on user processes. There are three modes: >> >> strict mode: >> In this mode, IBPB and STIBP are deployed full >> time to protect all processes. >> >> lite mode: >> In this mode, IBPB and STIBP are only deployed on >> processes marked with TIF_STIBP flag. >> >> none mode: >> In this mode, no mitigations are deployed. >> >> The protection mode can be specified by the spectre_v2_app2app >> boot parameter with the following semantics: >> >> spectre_v2_app2app= >> off - Turn off mitigation >> lite - Protect processes which are marked non-dumpable >> strict - Protect all processes >> auto - Kernel selects the mode > > Is there any reason why we need yet another naming convention? > > pti= on, off, auto > > spectre_v2= on, off, auto > > spec_store_bypass_disable = on, off, auto, prctl, seccomp
The "on" option is set by spectre_v2=on so is not specified here. What will you like to name the "lite" and "strict" option instead? > > >> Not specifying this option is equivalent to >> spectre_v2_app2app=auto. > > For better understanding it's nowhere documented what auto does. I'll add the documentation. > >> + spectre_v2_app2app= >> + [X86] Control mitigation of Spectre variant 2 >> + application to application (indirect branch speculation) >> + vulnerability. >> + >> + off - Unconditionally disable mitigations >> + lite - Protect tasks which have requested restricted >> + indirect branch speculation via the >> + PR_SET_SPECULATION_CTRL prctl(). >> + strict - Protect all processes >> + auto - Kernel selects the mode >> + >> + Not specifying this option is equivalent to >> + spectre_v2_app2app=auto. >> + >> + Setting spectre_v2=off will also turn off this >> mitigation. >> + >> + Setting spectre_v2=on implies unconditionally enabling >> + this mitigation. > > Can we please have a full documentation for all the spectre_v2 stuff > similar to l1tf? > Sure. Can we do that as a separate patch? I'll need some time and internal review for any spectre_v2 documentation that's produced. Tim
