Re: [RFC PATCH 00/34] x86/bugs: Attack vector controls

From: Pawan Gupta
Date: Tue Sep 17 2024 - 13:04:32 EST


On Thu, Sep 12, 2024 at 02:08:23PM -0500, David Kaplan wrote:
> The rest of the patches define new "attack vector" command line options
> to make it easier to select appropriate mitigations based on the usage
> of the system. While many users may not be intimately familiar with the
> details of these CPU vulnerabilities, they are likely better able to
> understand the intended usage of their system. As a result, unneeded
> mitigations may be disabled, allowing users to recoup more performance.

How much performance improvement are you seeing with each of the attack
vector?

There aren't many vulnerabilities that only affect a single attack vector.
So, selecting to mitigate single attack vector mitigates a lot more than
that.

We may be able to get better performance improvement by adding vector-based
switches at the mitigation points. And only enable them if user asked for it.