Re: [PATCH] [RFC] x86: work around MPX Erratum

[Dave Hansen]

On 05/03/2016 02:12 PM, Borislav Petkov wrote:
> On Tue, May 03, 2016 at 02:04:40PM -0700, Dave Hansen wrote:
>> My concern was not necessarily with folks booting with 'nosmep', but
> 
> Btw, does anything speak for even keeping that 'nosmep' thing?

Generally, I'm not sure we need the no$foo options at all.  There's
always "clearcpuid=" which does the same thing.  It just requires you to
go look up the X86_FEATURE_* bit first.

>> with processors that have MPX present and SMEP fused off (or made
>> unavailable by a hypervisor) and which are unaffected by this issue.
> 
> So we won't init MPX on those...

Yes, and as long as such a processor doesn't exist today and never
exists in the future or the folks that buy such a processor truly don't
care about MPX, that's fine to do.  I'm just a bit nervous about the
whole "never exists in the future" part.

>> People would have to be very careful to never create a processor which
>> did not have SMEP but did have MPX, since MPX would effectively be
>> unusable on such a processor.
> 
> We can disable that combination in qemu too, right?

What do you mean by disable?  Have qemu error out if MPX and SMEP aren't
disabled in concert with each other?