diff options
| author | Andrea Arcangeli <aarcange@redhat.com> | 2020-11-04 19:14:06 -0500 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2021-10-04 12:12:57 -0700 |
| commit | d9bbdbf324cda23aa44873f505be77ed4b61d79c (patch) | |
| tree | 7ae3d52fd8ddc17b4f0ad91ceee0066fc0dac52b /Documentation/admin-guide/hw-vuln | |
| parent | 2f46993d83ff4abb310ef7b4beced56ba96f0d9d (diff) | |
x86: deduplicate the spectre_v2_user documentation
This would need updating to make prctl be the new default, but it's
simpler to delete it and refer to the dup.
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20201105001406.13005-2-aarcange@redhat.com
Diffstat (limited to 'Documentation/admin-guide/hw-vuln')
| -rw-r--r-- | Documentation/admin-guide/hw-vuln/spectre.rst | 51 |
1 files changed, 2 insertions, 49 deletions
diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 19b897cb1d45..ab7d402c1677 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -593,61 +593,14 @@ kernel command line. Not specifying this option is equivalent to spectre_v2=auto. -For user space mitigation: - - spectre_v2_user= - - [X86] Control mitigation of Spectre variant 2 - (indirect branch speculation) vulnerability between - user space tasks - - on - Unconditionally enable mitigations. Is - enforced by spectre_v2=on - - off - Unconditionally disable mitigations. Is - enforced by spectre_v2=off - - prctl - Indirect branch speculation is enabled, - but mitigation can be enabled via prctl - per thread. The mitigation control state - is inherited on fork. - - prctl,ibpb - Like "prctl" above, but only STIBP is - controlled per thread. IBPB is issued - always when switching between different user - space processes. - - seccomp - Same as "prctl" above, but all seccomp - threads will enable the mitigation unless - they explicitly opt out. - - seccomp,ibpb - Like "seccomp" above, but only STIBP is - controlled per thread. IBPB is issued - always when switching between different - user space processes. - - auto - Kernel selects the mitigation depending on - the available CPU features and vulnerability. - - Default mitigation: - If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" - - Not specifying this option is equivalent to - spectre_v2_user=auto. - In general the kernel by default selects reasonable mitigations for the current CPU. To disable Spectre variant 2 mitigations, boot with spectre_v2=off. Spectre variant 1 mitigations cannot be disabled. +For spectre_v2_user see :doc:`/admin-guide/kernel-parameters`. + Mitigation selection guide -------------------------- |