From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mingo.kernel.org@gmail.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 09 Jul
  2018 11:47:52 -0000
Received: from mail-wr1-x42c.google.com ([2a00:1450:4864:20::42c])
	by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80)
	(envelope-from <mingo.kernel.org@gmail.com>)
	id 1fcUdy-0007PS-Nw
	for speck@linutronix.de; Mon, 09 Jul 2018 13:47:51 +0200
Received: by mail-wr1-x42c.google.com with SMTP id s11-v6so10657921wra.13
        for <speck@linutronix.de>; Mon, 09 Jul 2018 04:47:50 -0700 (PDT)
Received: from gmail.com (2E8B0CD5.catv.pool.telekom.hu. [46.139.12.213])
        by smtp.gmail.com with ESMTPSA id
 h12-v6sm11689240wmb.3.2018.07.09.04.47.44        for <speck@linutronix.de>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 09 Jul 2018 04:47:44 -0700 (PDT)
Sender: Ingo Molnar <mingo.kernel.org@gmail.com>
Date: Mon, 9 Jul 2018 13:47:42 +0200
From: Ingo Molnar <mingo@kernel.org>
Subject: [MODERATED] Re: [patch 2/2] Command line and documentation 2
Message-ID: <20180709114742.GA27240@gmail.com>
References: <20180708125216.197406530@linutronix.de>
 <20180708125654.812951995@linutronix.de>
 <20180709110432.GB26055@gmail.com>
 <nycvar.YFH.7.76.1807091306480.997@cbobk.fhfr.pm>
MIME-Version: 1.0
In-Reply-To: <nycvar.YFH.7.76.1807091306480.997@cbobk.fhfr.pm>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>


* speck for Jiri Kosina <speck@linutronix.de> wrote:

> On Mon, 9 Jul 2018, speck for Ingo Molnar wrote:
> 
> > > +  novirt,nowarn: Same as 'novirt', but hypervisors will not warn when
> > > +		 a VM is started in a potentially insecure configuration.
> > > +
> > > +The default is 'novirt'.
> > 
> > Isn't the default 'novirt,nowarn'?
> 
> No, the default absolutely is 'novirt'

Indeed - I just mis-remembered it: "novirt,nowarn" is the last entry in the 
values, not the default.

> 
> 	/* Default mitigation for L1TF-affected CPUs */
> 	enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_NOVIRT;
> 
> I don't think making default 'novirt,nowarn' would make any sense really. 
> It's uncomfortable enough that the kernel is by default not turning the 
> protection on.
> 
> If it wouldn't be even issuing a warning, that'd be rather bad.

Yeah, agreed.

Thanks,

	Ingo