@@ -593,61 +593,14 @@ kernel command line.
593593 Not specifying this option is equivalent to
594594 spectre_v2=auto.
595595
596- For user space mitigation:
597-
598- spectre_v2_user=
599-
600- [X86] Control mitigation of Spectre variant 2
601- (indirect branch speculation) vulnerability between
602- user space tasks
603-
604- on
605- Unconditionally enable mitigations. Is
606- enforced by spectre_v2=on
607-
608- off
609- Unconditionally disable mitigations. Is
610- enforced by spectre_v2=off
611-
612- prctl
613- Indirect branch speculation is enabled,
614- but mitigation can be enabled via prctl
615- per thread. The mitigation control state
616- is inherited on fork.
617-
618- prctl,ibpb
619- Like "prctl" above, but only STIBP is
620- controlled per thread. IBPB is issued
621- always when switching between different user
622- space processes.
623-
624- seccomp
625- Same as "prctl" above, but all seccomp
626- threads will enable the mitigation unless
627- they explicitly opt out.
628-
629- seccomp,ibpb
630- Like "seccomp" above, but only STIBP is
631- controlled per thread. IBPB is issued
632- always when switching between different
633- user space processes.
634-
635- auto
636- Kernel selects the mitigation depending on
637- the available CPU features and vulnerability.
638-
639- Default mitigation:
640- If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl"
641-
642- Not specifying this option is equivalent to
643- spectre_v2_user=auto.
644-
645596 In general the kernel by default selects
646597 reasonable mitigations for the current CPU. To
647598 disable Spectre variant 2 mitigations, boot with
648599 spectre_v2=off. Spectre variant 1 mitigations
649600 cannot be disabled.
650601
602+ For spectre_v2_user see :doc: `/admin-guide/kernel-parameters `.
603+
651604Mitigation selection guide
652605--------------------------
653606
0 commit comments