Re: [Patch v6 12/16] x86/speculation: Add 'seccomp' Spectre v2 app to app protection mode
From: Tim Chen
Date: Tue Nov 20 2018 - 19:54:44 EST
On 11/20/2018 04:44 PM, Jiri Kosina wrote:
> On Tue, 20 Nov 2018, Tim Chen wrote:
>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
>> index d2255f7..89b193c 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>> @@ -4227,12 +4227,17 @@
>> and STIBP mitigations against Spectre V2 attacks.
>> If the CPU is not vulnerable, "off" is selected.
>> If the CPU is vulnerable, the default mitigation
>> - is "prctl".
>> + is architecture and Kconfig dependent. See below.
>> prctl - Enable mitigations per thread by restricting
>> indirect branch speculation via prctl.
>> Mitigation for a thread is not enabled by default to
>> avoid mitigation overhead. The state of
>> of the control is inherited on fork.
>> + seccomp - Same as "prctl" above, but all seccomp threads
>> + will disable SSB unless they explicitly opt out.
>
> As Dave already pointed out elsewhere -- the "SSB" here is probably a
> copy/paste error. It should read something along the lines of "... will
> restrict indirect branch speculation ..."
>
Thanks. Should have caught it.
Tim