Tim,
On Mon, 17 Jun 2019, Thomas Gleixner wrote:
Tim,
On Mon, 17 Jun 2019, Tim Chen wrote:
+Spectre variant 1 attacks take advantage of speculative execution of +conditional branches, while Spectre variant 2 attacks use speculative +execution of indirect branches to leak privileged memory. See [1] [5] +[7] [10] [11].
It would be great to actually link these [N] to the actual http link at the bottom. No idea what's the best way to do that.
Jonathan?
+Mitigation control on the kernel command line +---------------------------------------------
+Spectre variant 2 mitigation can be disabled or force enabled at the +kernel command line.
The below renders horribly when converted to HTML
You probably want to wrap these into a table
- nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2
(indirect branch prediction) vulnerability. System mayallow data leaks with this option, which is equivalentto spectre_v2=off.spectre_v2= [X86] Control mitigation of Spectre variant 2(indirect branch speculation) vulnerability.The default operation protects the kernel fromuser space attacks.Maybe Jonathan has a better idea.
But ideally you follow the table style which is used for the L1TF and MDS command line options.
Thanks,
tglx