On 10/15/24 06:52, Borislav Petkov wrote: > On Mon, Oct 14, 2024 at 08:42:26AM -0700, Daniel Sneddon wrote: >> The reason I did the patches this way wasn't so much "need" as it just seemed a >> simpler way to do it. Why have 4 knobs when there is really only 1 mitigation >> under the hood? My question for you then is what you mean by "proper sync"? I'm >> guessing you mean that if any one of those 4 mitigations is set to off then >> assume all are off? > > Well, up until now at least, we have handled under the assumption that not > every user knows exactly what needs to be configured in order to be safe. > > So, we have always aimed for a sane default. > > IOW, if a user wants to disable one mitigation but all 4 are mitigated by the > same thing, then we probably should issue a warning saying something like: > > "If you want to disable W, then you need to disable W, X and Y too in > order to disable W effectively as all 4 are mitigated by the same > mechanism." > > And problem solved. Makes sense. I'll drop the new parameter and add a warning. Thanks, Dan > > IOW, I don't expect someone would consciously want to disable a subset of > those mitigations but leave the remaining ones on. What usually happens, is > people do "mitigations=off" in order to regain their performance but not do > this selective thing which doesn't make a whole lot sense to me anyway. > > Thx. >
