Re: [Patch v5 11/16] x86/speculation: Add Spectre v2 app to app protection modes

[Jiri Kosina]

On Fri, 16 Nov 2018, Tim Chen wrote:

> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 81d1d5a..9c306e3 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -4215,6 +4215,26 @@
>  			Not specifying this option is equivalent to
>  			spectre_v2=auto.
>  
> +	spectre_v2_app2app=
> +			[X86] Control mitigation of Spectre variant 2
> +		        application to application (indirect branch speculation)
> +			vulnerability.
> +
> +			off    - Unconditionally disable mitigations
> +			lite   - Protect tasks which have requested restricted
> +				 indirect branch speculation via the
> +				 PR_SET_SPECULATION_CTRL prctl(). 

Don't we also want to do the same for SECCOMP processess, analogically how 
we do it for SSBD?

Thanks,

-- 
Jiri Kosina
SUSE Labs