diff options
author | Andrea Arcangeli <aarcange@redhat.com> | 2020-11-04 19:14:06 -0500 |
---|---|---|
committer | Andrea Arcangeli <aarcange@redhat.com> | 2023-11-11 22:03:37 -0500 |
commit | 4ca4b6c8036829bdc03b15832b678cb6298149ff (patch) | |
tree | 285bf9f665268f962288ed4c9e0ac4e7d1582efc | |
parent | 0aff205ea3cbf27d0df55f583989abdae9c71b0c (diff) | |
download | aa-4ca4b6c8036829bdc03b15832b678cb6298149ff.tar.gz |
x86: deduplicate the spectre_v2_user documentation
This would need updating to make prctl be the new default, but it's
simpler to delete it and refer to the dup.
Fixes: 6b3e64c237c0 ("x86/speculation: Add seccomp Spectre v2 user space protection mode")
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
-rw-r--r-- | Documentation/admin-guide/hw-vuln/spectre.rst | 51 |
1 files changed, 2 insertions, 49 deletions
diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 8b72378602b125..62d1ae186e4139 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -628,61 +628,14 @@ kernel command line. Not specifying this option is equivalent to spectre_v2=auto. -For user space mitigation: - - spectre_v2_user= - - [X86] Control mitigation of Spectre variant 2 - (indirect branch speculation) vulnerability between - user space tasks - - on - Unconditionally enable mitigations. Is - enforced by spectre_v2=on - - off - Unconditionally disable mitigations. Is - enforced by spectre_v2=off - - prctl - Indirect branch speculation is enabled, - but mitigation can be enabled via prctl - per thread. The mitigation control state - is inherited on fork. - - prctl,ibpb - Like "prctl" above, but only STIBP is - controlled per thread. IBPB is issued - always when switching between different user - space processes. - - seccomp - Same as "prctl" above, but all seccomp - threads will enable the mitigation unless - they explicitly opt out. - - seccomp,ibpb - Like "seccomp" above, but only STIBP is - controlled per thread. IBPB is issued - always when switching between different - user space processes. - - auto - Kernel selects the mitigation depending on - the available CPU features and vulnerability. - - Default mitigation: - If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" - - Not specifying this option is equivalent to - spectre_v2_user=auto. - In general the kernel by default selects reasonable mitigations for the current CPU. To disable Spectre variant 2 mitigations, boot with spectre_v2=off. Spectre variant 1 mitigations cannot be disabled. +For spectre_v2_user see :doc:`/admin-guide/kernel-parameters`. + Mitigation selection guide -------------------------- |