On Wed, 3 Jan 2018, Andi Kleen wrote: > On Wed, Jan 03, 2018 at 03:51:35PM -0800, Linus Torvalds wrote: > > On Wed, Jan 3, 2018 at 3:09 PM, Andi Kleen <a...@firstfloor.org> wrote: > > > This is a fix for Variant 2 in > > > https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html > > > > > > Any speculative indirect calls in the kernel can be tricked > > > to execute any kernel code, which may allow side channel > > > attacks that can leak arbitrary kernel data. > > > > Why is this all done without any configuration options? > > I was thinking of a config option, but I was struggling with a name. > > CONFIG_INSECURE_KERNEL, CONFIG_LEAK_MEMORY? > > And should it be positive or negative?
It should be a CPU_BUG bit as we have for the other mess. And that can be used for patching. Thanks, tglx