On 10/17/18 10:59 AM, Tim Chen wrote: > > Signed-off-by: Tim Chen <tim.c.c...@linux.intel.com> > --- > Documentation/admin-guide/kernel-parameters.txt | 5 +- > Documentation/userspace-api/spec_ctrl.rst | 10 +++ > arch/x86/kernel/cpu/bugs.c | 85 > ++++++++++++++++++++++++- > include/linux/sched.h | 11 ++++ > include/uapi/linux/prctl.h | 1 + > tools/include/uapi/linux/prctl.h | 1 + > 6 files changed, 111 insertions(+), 2 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt > b/Documentation/admin-guide/kernel-parameters.txt > index 2feb6b2..9af11be 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -4196,7 +4196,10 @@ > lite - turn on mitigation for non-dumpable > processes (i.e. protect daemons and other > privileged processes that tend to be > - non-dumpable). > + non-dumpable), and processes that has indirect
have > + branch speculation restricted via prctl's > + PR_SET_SPECULATION_CTRL option > + > strict - protect against attacks for all user processes > auto - let kernel decide lite or strict mode > -- ~Randy