From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com ([134.134.136.20]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fLtx0-0003xw-BB for speck@linutronix.de; Thu, 24 May 2018 19:22:54 +0200 Subject: [MODERATED] Re: L1D-Fault KVM mitigation References: <20180424090630.wlghmrpasn7v7wbn@suse.de> <20180424093537.GC4064@hirez.programming.kicks-ass.net> <1524563292.8691.38.camel@infradead.org> <20180424110445.GU4043@hirez.programming.kicks-ass.net> <1527068745.8186.89.camel@infradead.org> <20180524094526.GE12198@hirez.programming.kicks-ass.net> From: Dave Hansen Message-ID: <47bca42e-656b-4918-14de-1f26ad932df1@linux.intel.com> Date: Thu, 24 May 2018 10:22:47 -0700 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="T9unHJfnjTJTdtwf9nNdbHgXcwCwUjxs4"; protected-headers="v1" To: speck@linutronix.de List-ID: This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156) --T9unHJfnjTJTdtwf9nNdbHgXcwCwUjxs4 Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 05/24/2018 08:38 AM, speck for Jiri Kosina wrote: >> That means HT off, but it's still better than having absolutely nothin= g. > Will we actually be enforcing switching SMT off (before anything better= =20 > exists) by either offlining all the siblings or forcing them to idle at= =20 > the moment first virtual machine gets started, from the kernel directly= ? >=20 > This seems like this policy would better be enforced by userspace=20 > (libvirt?), but kernel should probably at least warn on affected CPUs i= f=20 > it detects this is being violated. The most straightforward thing is to do trigger the same behavior as "noht" as part of our arch/x86/kernel/cpu/bugs.c code whenever KVM is compile-time enabled. I think we have to do that by default, but allow folks to override it if they want, like if they know KVM will never get used. --T9unHJfnjTJTdtwf9nNdbHgXcwCwUjxs4--