From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <konrad.wilk@oracle.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 11 Jul
  2018 17:43:02 -0000
Received: from aserp2120.oracle.com ([141.146.126.78])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <konrad.wilk@oracle.com>)
	id 1fdJ8n-0007da-46
	for speck@linutronix.de; Wed, 11 Jul 2018 19:43:01 +0200
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
	by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w6BHdWim115121
	for <speck@linutronix.de>; Wed, 11 Jul 2018 17:42:54 GMT
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233])
	by aserp2120.oracle.com with ESMTP id 2k2p7dy9b5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Wed, 11 Jul 2018 17:42:54 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
	by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w6BHgrSa030114
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <speck@linutronix.de>; Wed, 11 Jul 2018 17:42:54 GMT
Received: from abhmp0013.oracle.com (abhmp0013.oracle.com [141.146.116.19])
	by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w6BHgruL008076
	for <speck@linutronix.de>; Wed, 11 Jul 2018 17:42:53 GMT
Date: Wed, 11 Jul 2018 13:42:52 -0400
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: [MODERATED] Re: [PATCH v9] Command-line
Message-ID: <20180711174252.GC5485@char.us.oracle.com>
References: <nycvar.YFH.7.76.1807110142070.997@cbobk.fhfr.pm>
MIME-Version: 1.0
In-Reply-To: <nycvar.YFH.7.76.1807110142070.997@cbobk.fhfr.pm>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

> @@ -1989,6 +1983,45 @@
>  			feature (tagged TLBs) on capable Intel chips.
>  			Default is 1 (enabled)
>  
> +	l1tf=           [X86] Control mitigation of the L1TF vulnerability on
> +			      affected CPUs
> +
> +			The kernel PTE inversion protection is unconditionally
> +			enabled and cannot be disabled.
> +
> +			full
> +				Provides all available mitigations for the L1TF
> +				vulnerability. Disables SMT and enable all
> +				mitigations in the hypervisors. SMT control via
> +				/sys/devices/system/cpu/smt/control is still
> +				possible after boot. Hypervisors will issue a
> +				warning when the first VM is started in a
> +				pontetially insecure configuration, i.e. SMT

s/pontetially/potentially/