Re: [PATCH 1/6] x86/bugs: Create single parameter for VERW based mitigations
From: Borislav Petkov
Date: Tue Oct 15 2024 - 09:53:26 EST
On Mon, Oct 14, 2024 at 08:42:26AM -0700, Daniel Sneddon wrote:
> The reason I did the patches this way wasn't so much "need" as it just seemed a
> simpler way to do it. Why have 4 knobs when there is really only 1 mitigation
> under the hood? My question for you then is what you mean by "proper sync"? I'm
> guessing you mean that if any one of those 4 mitigations is set to off then
> assume all are off?
Well, up until now at least, we have handled under the assumption that not
every user knows exactly what needs to be configured in order to be safe.
So, we have always aimed for a sane default.
IOW, if a user wants to disable one mitigation but all 4 are mitigated by the
same thing, then we probably should issue a warning saying something like:
"If you want to disable W, then you need to disable W, X and Y too in
order to disable W effectively as all 4 are mitigated by the same
mechanism."
And problem solved.
IOW, I don't expect someone would consciously want to disable a subset of
those mitigations but leave the remaining ones on. What usually happens, is
people do "mitigations=off" in order to regain their performance but not do
this selective thing which doesn't make a whole lot sense to me anyway.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette