Tim, On Mon, 17 Jun 2019, Tim Chen wrote: > +Spectre variant 1 attacks take advantage of speculative execution of > +conditional branches, while Spectre variant 2 attacks use speculative > +execution of indirect branches to leak privileged memory. See [1] [5] > +[7] [10] [11]. It would be great to actually link these [N] to the actual http link at the bottom. No idea what's the best way to do that. Jonathan? > +Mitigation control on the kernel command line > +--------------------------------------------- > + > +Spectre variant 2 mitigation can be disabled or force enabled at the > +kernel command line. The below renders horribly when converted to HTML You probably want to wrap these into a table > + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 > + (indirect branch prediction) vulnerability. System may > + allow data leaks with this option, which is equivalent > + to spectre_v2=off. > + > + > + spectre_v2= [X86] Control mitigation of Spectre variant 2 > + (indirect branch speculation) vulnerability. > + The default operation protects the kernel from > + user space attacks. Maybe Jonathan has a better idea. Other than those formatting detail, this looks really good. Well done! Thanks, tglx
