On Tue, Jan 08, 2019 at 05:41:37PM -0800, Tim Chen wrote: > On 1/8/19 5:11 PM, Alexei Starovoitov wrote: > > >> > >> Alexi, > >> > >> Do you have any suggestions on how to rewrite this two paragraphs? You > >> are probably the best person to update content for this section. > > > > how about moving bpf bits out of this doc and placing them under Documentation/bpf/ ? > > We can create bpf_security.rst there with specdown mitigations, best practices, > > useful sysctl and config knobs, etc. > > > > Maybe we can provide some minimum but accurate info here on this category of Spectre attack > for completeness. We can later provide a link to bpf_security.rst here with more details > when that becomes available. > > Otherwise, I can remove it if you prefer. But people concerned about Spectre will most likely read > this doc first. I want them to be pointed to the detailed BPF security doc. since Documentation/ got converted to .rst, the links made it easy to follow from one doc into another. I think splitting big doc makes it easier for users to read and for us to maintain/update.
