From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ak@linux.intel.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 21 Jun
  2018 23:05:53 -0000
Received: from mga03.intel.com ([134.134.136.65])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <ak@linux.intel.com>)
	id 1fW8eF-00060X-LR
	for speck@linutronix.de; Fri, 22 Jun 2018 01:05:52 +0200
Date: Thu, 21 Jun 2018 16:05:48 -0700
From: Andi Kleen <ak@linux.intel.com>
Subject: [MODERATED] Re: [PATCH v2.1 4/6] [PATCH v2.1 4/6] Patch #4
Message-ID: <20180621230548.GV30690@tassilo.jf.intel.com>
References: <20180620204351.997227234@localhost.localdomain>
MIME-Version: 1.0
In-Reply-To: <20180620204351.997227234@localhost.localdomain>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

> +	if (boot_cpu_has(X86_BUG_L1TF) && (cpu_smt_control == CPU_SMT_ENABLED)) {
> +		printk(KERN_ERR "kvm: SMT enabled with L1TF CPU bug present. Refer to CVE-2018-3615 for details.\n");

Doesn't make sense if it's mitigated.

> +		if (disallow_smt) {
> +			r = -EOPNOTSUPP;
> +			goto out;
> +		}
> +		printk(KERN_ERR "Without disabling SMT or setting disallow_smt=1 you risk untrusted guests\n"
> +				"being able to snoop the host memory!");

This is not correct because the snooping can be also prevented in other ways,
e.g. using task affinity, cpu sets, interrupt binding etc.

I wouldn't give a specific recipe, it's far too complicated for an kernel
message.

Also all shouldn't be KERN_ERR, just _WARN

-Andi