SMT is a pretty major double-edged sword. It can unquestionably yield performance gains. But it also brings along determinism and security baggage. The kernel has robust runtime controls for enabling or disabling SMT with the 'nosmt' command line parameter or /sys/devices/system/cpu/smt/control. But, just like the CPU mitigation options, command-line parameters are harder to manage policy with than Kconfig. Introduce Kconfig options that mirror the 'nosmt' parameter: * On * Off * Force Off These can all be overridden with 'nosmt'. On/Off can be overridden at runtime with the sysfs control. --- b/arch/Kconfig | 37 +++++++++++++++++++++++++++++++++++++ b/kernel/cpu.c | 14 ++++++++++++-- 2 files changed, 49 insertions(+), 2 deletions(-) diff -puN arch/Kconfig~offline-smt-1 arch/Kconfig --- a/arch/Kconfig~offline-smt-1 2025-08-28 15:58:26.158769632 -0700 +++ b/arch/Kconfig 2025-08-28 17:02:55.318155481 -0700 @@ -41,6 +41,43 @@ config HOTPLUG_SMT config SMT_NUM_THREADS_DYNAMIC bool +choice + prompt "Boot-time SMT Control" + depends on HOTPLUG_SMT + default CPU_SMT_ENABLED + help + Choose the default boot policy for Simultaneous Multi + Threading (SMT). SMT offers potentially higher performance + at the cost of determinism and security. + + This default can always be overridden at boot with the + 'nosmt' kernel command-line parameter. + + It can also be overridden after boot in sysfs unless + CPU_SMT_FORCE_DISABLED is chosen. + + If unsure, select CPU_SMT_ENABLED. + +config CPU_SMT_ENABLED + bool "On" + help + SMT is enabled by default but can be disabled at boot + runtime. + +config CPU_SMT_DISABLED + bool "Off" + help + SMT is disabled by default but can be enabled at boot + runtime. + +config CPU_SMT_FORCE_DISABLED + bool "Force Off" + help + SMT is disabled by default. This can be overridden + with the 'nosmt' command-line parameter. + +endchoice + # Selected by HOTPLUG_CORE_SYNC_DEAD or HOTPLUG_CORE_SYNC_FULL config HOTPLUG_CORE_SYNC bool diff -puN kernel/cpu.c~offline-smt-1 kernel/cpu.c --- a/kernel/cpu.c~offline-smt-1 2025-08-28 16:15:30.227667158 -0700 +++ b/kernel/cpu.c 2025-08-28 16:22:02.418280576 -0700 @@ -1,4 +1,4 @@ -/* CPU control. +kernel/cpu.c/* CPU control. * (C) 2001, 2002, 2003, 2004 Rusty Russell * * This code is licenced under the GPL. @@ -604,7 +604,17 @@ void __weak arch_smt_update(void) { } #ifdef CONFIG_HOTPLUG_SMT -enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; +#ifdef CONFIG_CPU_SMT_ENABLED +#define CPU_SMT_DEFAULT CPU_SMT_ENABLED +#endif +#ifdef CONFIG_CPU_SMT_DISABLED +#define CPU_SMT_DEFAULT CPU_SMT_DISABLED +#endif +#ifdef CONFIG_CPU_SMT_FORCE_DISABLED +#define CPU_SMT_DEFAULT CPU_SMT_FORCE_DISABLED +#endif + +enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_DEFAULT; static unsigned int cpu_smt_max_threads __ro_after_init; unsigned int cpu_smt_num_threads __read_mostly = UINT_MAX; _