On 12/31/2018 8:22 AM, Ben Greear wrote:
On 12/21/2018 05:17 PM, Tim Chen wrote:
On 12/21/18 1:59 PM, Ben Greear wrote:
On 12/21/18 9:44 AM, Tim Chen wrote:
Thomas,
Andi and I have made an update to our draft of the Spectre admin guide.
We may be out on Christmas vacation for a while. But we want to
send it out for everyone to take a look.
Can you add a section on how to compile out all mitigations that have anything
beyond negligible performance impact for those running systems where performance
is more important than security?
If you don't worry about security and performance is paramount, then
boot with "nospectre_v2". That's explained in the document.
There seem to be lots of different variants of this type of problem. It was
not clear
to me that just doing nospectre_v2 would be sufficient to get back full
performance.
And anyway, I would like to compile the kernel to not need that command-line
option,
so I am still interesting in what compile options need to be set to what
values...
the cloud people call this scenario "single tenant".. there might be different
"users" in the uid
sense, but they're all owned by the same folks
it would not be insane to make a CONFIG_SINGLE_TENANT kind of option under
which we can group thse kind of things
(and likely others)
