On Wed, Nov 13, 2024 at 10:37:24PM +0100, Borislav Petkov wrote: > On Wed, Nov 13, 2024 at 01:24:40PM -0800, Josh Poimboeuf wrote: > > There are a lot of subtle details to this $#!tstorm, and IMO we probably > > wouldn't be having these discussions in the first place if the comment > > lived in the docs, as most people seem to ignore them... > > That's why I'm saying point to the docs from the code. You can't have a big > fat comment in the code about this but everything else in the hw-vuln docs. But those docs are user facing, describing the "what" for each vulnerability individually. They're basically historical documents which don't evolve over time unless we tweak an interface or add a new mitigation. This comment relates to the "why" for the code itself (and its poor confused developers), taking all the RSB-related vulnerabilities into account. -- Josh
