On Wed, 5 Sep 2018, Andi Kleen wrote: > > So, after giving it a bit more thought, I still believe "I want spectre V2 > > protection" vs. "I do not care about spectre V2 on my system > > (=nospectre_v2)" are the sane options we should provide; so I'll respin v4 > > of my patchset, including the ptrace check in switch_mm() (statically > > patched out on !IBPB-capable systems), and we can then later see whether > > the LSM implementation, once it exists, should be used instead. > > Please if you repost include plenty of performance numbers for multi threaded > workloads. It's ridiculous to even discuss this without them.
Either we care about that problem and provide a proper mechanism to protect systems or we do not. That's not a performance number problem at all. Thanks, tglx