Re: [PATCH v3] Documentation: Add section about CPU vulnerabilities for Spectre

[Tim Chen]

On 6/17/19 1:30 PM, Jon Masters wrote:
> On 6/17/19 4:22 PM, Jon Masters wrote:
> 
>>> +   For kernel code that has been identified where data pointers could
>>> +   potentially be influenced for Spectre attacks, new "nospec" accessor
>>> +   macros are used to prevent speculative loading of data.
>>
>> Maybe explain that nospec (speculative clamping) relies on the absence
>> of value prediction in the masking (in current hardware). It may NOT
>> always be a safe approach in future hardware, where Spectre-v1 attacks
>> are likely to persist but hardware may speculate about the mask value.
> 
> Something like the Arm CSDB barrier would seem to be potentially useful
> for $FUTURE_X86 as a fence with lighter-weight semantics than an *fence.
> 

Is it necessary to go into such level of implementation details on nospec?
These seem to be appropriate as code comments in nospec for kernel developer.
But for an admin-guide doc, it may confuse sys admin to think that nospec
could not be ineffective.

When new hardware appears that need new implementations of nospec, we should
tweak nospec and not need the admin to worry about such implementation details.

Tim