Re: [PATCH v3] Documentation: Add section about CPU vulnerabilities for Spectre

From: Thomas Gleixner
Date: Tue Jun 18 2019 - 16:38:56 EST

On Tue, 18 Jun 2019, Tim Chen wrote:
> On 6/17/19 1:30 PM, Jon Masters wrote:
> > On 6/17/19 4:22 PM, Jon Masters wrote:
> >
> >>> + For kernel code that has been identified where data pointers could
> >>> + potentially be influenced for Spectre attacks, new "nospec" accessor
> >>> + macros are used to prevent speculative loading of data.
> >>
> >> Maybe explain that nospec (speculative clamping) relies on the absence
> >> of value prediction in the masking (in current hardware). It may NOT
> >> always be a safe approach in future hardware, where Spectre-v1 attacks
> >> are likely to persist but hardware may speculate about the mask value.
> >
> > Something like the Arm CSDB barrier would seem to be potentially useful
> > for $FUTURE_X86 as a fence with lighter-weight semantics than an *fence.
> >
> Is it necessary to go into such level of implementation details on nospec?
> These seem to be appropriate as code comments in nospec for kernel developer.
> But for an admin-guide doc, it may confuse sys admin to think that nospec
> could not be ineffective.
> When new hardware appears that need new implementations of nospec, we should
> tweak nospec and not need the admin to worry about such implementation details.

Correct. Those details are architecture level details. See the split of the
MDS documentation...