On Thu, Nov 22, 2018 at 12:08:54AM +0100, Borislav Petkov wrote: > On Wed, Nov 21, 2018 at 05:04:50PM -0600, Josh Poimboeuf wrote: > > Why not just 'user'? Like SPECTRE_V2_USER_*. > > Sure, a bit better except that it doesn't explain what it does, I'd say.
But it does describe its purpose, especially in relation to the 'spectre_v2=' option. Previously 'spectre_v2=' might have been more appropriately named 'spectre_v2_kernel=' because it only protected the kernel from Spectre v2 attacks. Now with these new patches, 'spectre_v2=on' will protect the entire system. Whereas 'spectre_v2_user=' is a subset of that; it helps protect user space from itself. Appending "user" to the existing 'spectre_v2=' option helps to communicate that, IMO. Now off to eat a giant turkey. -- Josh
