From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jpoimboe@redhat.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 04 Mar
  2019 01:21:49 -0000
Received: from mx1.redhat.com ([209.132.183.28])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <jpoimboe@redhat.com>)
	id 1h0cIe-0005CP-0C
	for speck@linutronix.de; Mon, 04 Mar 2019 02:21:48 +0100
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No
 client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id
 DB7ED3084215	for <speck@linutronix.de>; Mon,  4 Mar 2019 01:21:40 +0000 (UTC)
Received: from treble (ovpn-122-204.rdu2.redhat.com [10.10.122.204])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8415B5D70A
	for <speck@linutronix.de>; Mon,  4 Mar 2019 01:21:40 +0000 (UTC)
Date: Sun, 3 Mar 2019 19:21:38 -0600
From: Josh Poimboeuf <jpoimboe@redhat.com>
Subject: [MODERATED] [PATCH RFC 0/4] Proposed cmdline improvements
Message-ID: <20190304012138.gikabpafseh2swre@treble>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>


For MDS and SMT, I'd propose that we do something similar to what we did
for L1TF: a) add an mds=full,nosmt option; and b) add a printk warning
if SMT is enabled.  That's the first three patches.

The last patch proposes a meta-option which is intended to make it
easier for users to choose sane mitigation defaults for all the
speculative vulnerabilities at once.

Josh Poimboeuf (4):
  x86/speculation/mds: Add mds=full,nosmt cmdline option
  x86/speculation: Move arch_smt_update() call to after mitigation
    decisions
  x86/speculation/mds: Add SMT warning message
  x86/speculation: Add 'cpu_spec_mitigations=' cmdline options

 Documentation/admin-guide/hw-vuln/mds.rst     |  3 +
 .../admin-guide/kernel-parameters.txt         | 49 ++++++++++++-
 arch/powerpc/kernel/security.c                |  6 +-
 arch/powerpc/kernel/setup_64.c                |  2 +-
 arch/s390/kernel/nospec-branch.c              |  4 +-
 arch/x86/include/asm/processor.h              |  2 +
 arch/x86/kernel/cpu/bugs.c                    | 68 ++++++++++++++++---
 arch/x86/mm/pti.c                             |  3 +-
 include/linux/cpu.h                           |  8 +++
 kernel/cpu.c                                  | 15 ++++
 10 files changed, 144 insertions(+), 16 deletions(-)

-- 
2.17.2