On Tue, 18 Jun 2019, Tim Chen wrote: > On 6/17/19 1:30 PM, Jon Masters wrote: > > On 6/17/19 4:22 PM, Jon Masters wrote: > > > >>> + For kernel code that has been identified where data pointers could > >>> + potentially be influenced for Spectre attacks, new "nospec" accessor > >>> + macros are used to prevent speculative loading of data. > >> > >> Maybe explain that nospec (speculative clamping) relies on the absence > >> of value prediction in the masking (in current hardware). It may NOT > >> always be a safe approach in future hardware, where Spectre-v1 attacks > >> are likely to persist but hardware may speculate about the mask value. > > > > Something like the Arm CSDB barrier would seem to be potentially useful > > for $FUTURE_X86 as a fence with lighter-weight semantics than an *fence. > > > > Is it necessary to go into such level of implementation details on nospec? > These seem to be appropriate as code comments in nospec for kernel developer. > But for an admin-guide doc, it may confuse sys admin to think that nospec > could not be ineffective. > > When new hardware appears that need new implementations of nospec, we should > tweak nospec and not need the admin to worry about such implementation details. Correct. Those details are architecture level details. See the split of the MDS documentation... Thanks, tglx
