Re: [PATCH] x86/speculation: Add document to describe Spectre and its mitigations

[Arjan van de Ven]

On 12/31/2018 8:22 AM, Ben Greear wrote:
> On 12/21/2018 05:17 PM, Tim Chen wrote:
> > On 12/21/18 1:59 PM, Ben Greear wrote:
> > > On 12/21/18 9:44 AM, Tim Chen wrote:
> > > > Thomas,
> > > >
> > > > Andi and I have made an update to our draft of the Spectre admin guide.
> > > > We may be out on Christmas vacation for a while. But we want to
> > > > send it out for everyone to take a look.
> > >
> > > Can you add a section on how to compile out all mitigations that have anything
> > > beyond negligible performance impact for those running systems where performance
> > > is more important than security?
> >
> > If you don't worry about security and performance is paramount, then
> > boot with "nospectre_v2". That's explained in the document.
>
> There seem to be lots of different variants of this type of problem. It was not clear
> to me that just doing nospectre_v2 would be sufficient to get back full performance.
>
> And anyway, I would like to compile the kernel to not need that command-line option,
> so I am still interesting in what compile options need to be set to what values...

the cloud people call this scenario "single tenant".. there might be different "users" in the uid
sense, but they're all owned by the same folks


it would not be insane to make a CONFIG_SINGLE_TENANT kind of option under which we can group thse kind of things
(and likely others)