On Thu, 22 Nov 2018, Ingo Molnar wrote:
> > + [SPECTRE_V2_APP2APP_SECCOMP]= "App-App Mitigation: seccomp and
> > prctl opt-in",
>
> This description is not accurate: it's not a 'seccomp and prctl opt-in',
> the seccomp functionality is opt-out, the prctl is opt-in.
>
> So something like:
* Thomas Gleixner wrote:
> From: Jiri Kosina
>
> If 'prctl' mode of app2app protection from spectre v2 is selected on the
> kernel command-line, STIBP and IBPB are applied on tasks which restrict
> their indirect branch speculation via prctl.
>
> SECCOMP enables the SSBD mitigation for sandb
On Wed, Nov 21, 2018 at 09:14:54PM +0100, Thomas Gleixner wrote:
> From: Jiri Kosina
>
> If 'prctl' mode of app2app protection from spectre v2 is selected on the
> kernel command-line, STIBP and IBPB are applied on tasks which restrict
> their indirect branch speculation via prctl.
>
> SECCOMP e
From: Jiri Kosina
If 'prctl' mode of app2app protection from spectre v2 is selected on the
kernel command-line, STIBP and IBPB are applied on tasks which restrict
their indirect branch speculation via prctl.
SECCOMP enables the SSBD mitigation for sandboxed tasks already, so it
makes sense to pr
4 matches
Mail list logo
