Re: [PATCH v3 20/35] x86/bugs: Define attack vectors

[Borislav Petkov]

On Thu, Feb 27, 2025 at 04:05:08PM +0000, Kaplan, David wrote:
> No.  It should be 'mitigations=auto;no_user_kernel,no_user_user'
> 
> (And maybe add 'no_guest_guest' if they don’t care about the malicious VMs attacking each other)

Doh, ofc, I meant that. :-P

mitigations=off;no_guest_guest

is a non-sensical config: "disable all and then disable guest_guest
additionally". Doh.

> Right, the question is do we support both opt-in and opt-out forms.  We can.
> We could also start by only supporting opt-out form.

We probably should put this to a vote. I think supporting both will cause
a lot of confusion but starting with one set and then maybe adding the other
one later, if really needed, is what we could start with.

> As mentioned earlier in the thread, SMT really needs a tristate of:
> 1. All SMT mitigations including potentially disabling SMT
> 2. All SMT mitigations but excluding the possibility of disabling SMT (current default)
> 3. No SMT mitigations (not even things like STIBP)
> 
> There are various ways to encode that in the command line options.  'auto,nosmt' is already #1.  And just 'auto' is currently #2.
> 
> We could then add 'no_cross_thread' to support #3.  I think that was the latest proposal.

No objections here.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette