On 1/8/19 5:11 PM, Alexei Starovoitov wrote:
Alexi,
Do you have any suggestions on how to rewrite this two paragraphs? You are probably the best person to update content for this section.
how about moving bpf bits out of this doc and placing them under Documentation/bpf/ ? We can create bpf_security.rst there with specdown mitigations, best practices, useful sysctl and config knobs, etc.
Maybe we can provide some minimum but accurate info here on this category of Spectre attack for completeness. We can later provide a link to bpf_security.rst here with more details when that becomes available.
Otherwise, I can remove it if you prefer. But people concerned about Spectre will most likely read this doc first. I want them to be pointed to the detailed BPF security doc.
Tim