Re: [PATCH 1/6] x86/bugs: Create single parameter for VERW based mitigations

[Daniel Sneddon]

On 10/15/24 06:52, Borislav Petkov wrote:
> On Mon, Oct 14, 2024 at 08:42:26AM -0700, Daniel Sneddon wrote:
>> The reason I did the patches this way wasn't so much "need" as it just seemed a
>> simpler way to do it. Why have 4 knobs when there is really only 1 mitigation
>> under the hood? My question for you then is what you mean by "proper sync"? I'm
>> guessing you mean that if any one of those 4 mitigations is set to off then
>> assume all are off? 
> 
> Well, up until now at least, we have handled under the assumption that not
> every user knows exactly what needs to be configured in order to be safe.
> 
> So, we have always aimed for a sane default.
> 
> IOW, if a user wants to disable one mitigation but all 4 are mitigated by the
> same thing, then we probably should issue a warning saying something like:
> 
> 	"If you want to disable W, then you need to disable W, X and Y too in
> 	order to disable W effectively as all 4 are mitigated by the same
> 	mechanism."
> 
> And problem solved.

Makes sense. I'll drop the new parameter and add a warning.

Thanks,
Dan
> 
> IOW, I don't expect someone would consciously want to disable a subset of
> those mitigations but leave the remaining ones on. What usually happens, is
> people do "mitigations=off" in order to regain their performance but not do
> this selective thing which doesn't make a whole lot sense to me anyway.
> 
> Thx.
>