Re: [PATCH] x86/speculation: Add document to describe Spectre and its mitigations

From: Arjan van de Ven
Date: Mon Dec 31 2018 - 12:10:42 EST


On 12/31/2018 8:22 AM, Ben Greear wrote:


On 12/21/2018 05:17 PM, Tim Chen wrote:
On 12/21/18 1:59 PM, Ben Greear wrote:
On 12/21/18 9:44 AM, Tim Chen wrote:
Thomas,

Andi and I have made an update to our draft of the Spectre admin guide.
We may be out on Christmas vacation for a while. But we want to
send it out for everyone to take a look.

Can you add a section on how to compile out all mitigations that have anything
beyond negligible performance impact for those running systems where performance
is more important than security?


If you don't worry about security and performance is paramount, then
boot with "nospectre_v2". That's explained in the document.

There seem to be lots of different variants of this type of problem. It was not clear
to me that just doing nospectre_v2 would be sufficient to get back full performance.

And anyway, I would like to compile the kernel to not need that command-line option,
so I am still interesting in what compile options need to be set to what values...

the cloud people call this scenario "single tenant".. there might be different "users" in the uid
sense, but they're all owned by the same folks


it would not be insane to make a CONFIG_SINGLE_TENANT kind of option under which we can group thse kind of things
(and likely others)