On Thu, Feb 21, 2019 at 02:37:45PM +0100, Peter Zijlstra wrote:
> On Thu, Feb 21, 2019 at 08:12:25AM -0500, Prarit Bhargava wrote:
> > Users cannot disable multiple CPU features with the kernel parameter
> > clearcpuid=. For example, "clearcpuid=154 clearcpuid=227" only disables
> > CPUID bit 154.
> >
> > Previous to commit 0c2a3913d6f5 ("x86/fpu: Parse clearcpuid= as early XSAVE
> > argument") it was possible to pass multiple clearcpuid options as kernel
> > parameters using individual entries. With the new code it isn't easy to
> > replicate exactly that behaviour but a comma separated list can be easily
> > implemented, eg) "clearcpuid=154,227"
> >
> > Make the clearcpuid parse a comma-separated list of values instead of only
> > a single value.
>
> So I think the feature is broken as is; because it doesn't clear the
> CPUID bits for userspace.
Usually it's enough to make the kernel stop using something. I used it many
times for this.
People who want to affect user space usually run VMs anyways.
-Andi
