On Fri, 16 Nov 2018, Tim Chen wrote: > diff --git a/Documentation/admin-guide/kernel-parameters.txt > b/Documentation/admin-guide/kernel-parameters.txt > index 81d1d5a..9c306e3 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -4215,6 +4215,26 @@ > Not specifying this option is equivalent to > spectre_v2=auto. > > + spectre_v2_app2app= > + [X86] Control mitigation of Spectre variant 2 > + application to application (indirect branch speculation) > + vulnerability. > + > + off - Unconditionally disable mitigations > + lite - Protect tasks which have requested restricted > + indirect branch speculation via the > + PR_SET_SPECULATION_CTRL prctl().
Don't we also want to do the same for SECCOMP processess, analogically how we do it for SSBD? Thanks, -- Jiri Kosina SUSE Labs