Typo:

Hmm, I wonder why ...

"So let's document reality rather than Intel's Pollyanna world-view."

Thank you Linus for not making me loose my faith in you.
On a more serious side I really like this cleanup.
It's a more reasonable trade-of to stupid security by default mode.

Running with l1tf=full spec_store_bypass_disable=on spectre_v2=on nosmt=force for a couple of weeks now, and I can't say I've noticed any significant changes or speed degradation in my normal IntelliJ/Firefox etc... workflow. Yes, SMT is off, but with 4 cores still available on this mobile i7 haswell, I haven't noticed a difference. Maybe this will be different if I ever want to transcode some Video, or play more games on this machine.

grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: cache flushes, SMT disabled
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW

The full mitigations for Spectre v2, v4, l1tf with SMT off, aren't too bad if you've already got a 4+ core system I'd say. STIBP won't change this, since you'll still be SMT vulnerable on l1tf if you turn SMT back on. Clearly the threats are relative among these bugs, but I mostly want the security I thought I was getting when I bought the system. Performance on many real workloads is umm.. "subjective."