On 1/8/19 5:11 PM, Alexei Starovoitov wrote: >> >> Alexi, >> >> Do you have any suggestions on how to rewrite this two paragraphs? You >> are probably the best person to update content for this section. > > how about moving bpf bits out of this doc and placing them under Documentation/bpf/ ? > We can create bpf_security.rst there with specdown mitigations, best practices, > useful sysctl and config knobs, etc. > Maybe we can provide some minimum but accurate info here on this category of Spectre attack for completeness. We can later provide a link to bpf_security.rst here with more details when that becomes available. Otherwise, I can remove it if you prefer. But people concerned about Spectre will most likely read this doc first. I want them to be pointed to the detailed BPF security doc. Tim
