On 04/17/2018 06:01 PM, speck for Thomas Gleixner wrote:
> On Tue, 17 Apr 2018, speck for Jiri Kosina wrote:
> 
>> On Tue, 17 Apr 2018, speck for Jon Masters wrote:
>>
>>> The proposal would be that it only allows you to go one-way. You can say
>>> "I am vulnerable", turn off MD, but you can't say "I am not vulnerable".
>>
>> That means we probably never reach full coverage; the problem with this 
>> "opt-in" aproach is that noone would ever bother (even more so as time 
>> passess) to add this explicit "I am vulnerable" call into the source; it's 
>> basically out of control, and thus unmaintainable.
> 
> We had the same discussion with the per process kpti control ...

Ok. Big hammer it is.

Jon.

-- 
Computer Architect | Sent from my Fedora powered laptop