Tim, On Mon, 17 Jun 2019, Thomas Gleixner wrote: > Tim, > > On Mon, 17 Jun 2019, Tim Chen wrote: > > > +Spectre variant 1 attacks take advantage of speculative execution of > > +conditional branches, while Spectre variant 2 attacks use speculative > > +execution of indirect branches to leak privileged memory. See [1] [5] > > +[7] [10] [11]. > > It would be great to actually link these [N] to the actual http link at the > bottom. No idea what's the best way to do that. > > Jonathan? > > > +Mitigation control on the kernel command line > > +--------------------------------------------- > > + > > +Spectre variant 2 mitigation can be disabled or force enabled at the > > +kernel command line. > > The below renders horribly when converted to HTML > > You probably want to wrap these into a table > > > + nospectre_v2 [X86] Disable all mitigations for the Spectre variant 2 > > + (indirect branch prediction) vulnerability. System may > > + allow data leaks with this option, which is equivalent > > + to spectre_v2=off. > > + > > + > > + spectre_v2= [X86] Control mitigation of Spectre variant 2 > > + (indirect branch speculation) vulnerability. > > + The default operation protects the kernel from > > + user space attacks. > > Maybe Jonathan has a better idea. But ideally you follow the table style which is used for the L1TF and MDS command line options. Thanks, tglx
