From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gregkh@linuxfoundation.org>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 04 Mar
  2019 07:31:00 -0000
Received: from mail.kernel.org ([198.145.29.99])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <gregkh@linuxfoundation.org>)
	id 1h0i3u-00039L-AI
	for speck@linutronix.de; Mon, 04 Mar 2019 08:30:59 +0100
Date: Mon, 4 Mar 2019 08:30:49 +0100
From: Greg KH <gregkh@linuxfoundation.org>
Subject: [MODERATED] Re: [PATCH RFC 1/4] 1
Message-ID: <20190304073049.GA23573@kroah.com>
References: <20190304012138.gikabpafseh2swre@treble>
 <20190304012322.re2q6n2wjxbwpiin@treble>
MIME-Version: 1.0
In-Reply-To: <20190304012322.re2q6n2wjxbwpiin@treble>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Sun, Mar 03, 2019 at 07:23:22PM -0600, speck for Josh Poimboeuf wrote:
> From: Josh Poimboeuf <jpoimboe@redhat.com>
> Subject: [PATCH RFC 1/4] x86/speculation/mds: Add mds=full,nosmt cmdline
>  option
> 
> Add the mds=full,nosmt cmdline option.  This is like mds=full, but with
> SMT disabled if the CPU is vulnerable.
> 
> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
> ---
>  Documentation/admin-guide/hw-vuln/mds.rst       |  3 +++
>  Documentation/admin-guide/kernel-parameters.txt |  6 ++++--
>  arch/x86/kernel/cpu/bugs.c                      | 10 ++++++++++
>  3 files changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
> index 1de29d28903d..244ab47d1fb3 100644
> --- a/Documentation/admin-guide/hw-vuln/mds.rst
> +++ b/Documentation/admin-guide/hw-vuln/mds.rst
> @@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
>  
>  		It does not automatically disable SMT.
>  
> +  full,nosmt	The same as mds=full, with SMT disabled on vulnerable
> +		CPUs.  This is the complete mitigation.

While I understand the intention, the number of different combinations
we are "offering" to userspace here is huge, and everyone is going to be
confused as to what to do.  If we really think/say that SMT is a major
issue for this, why don't we just have "full" disable SMT?

thanks,

greg k-h