From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 09 Jul 2018 23:11:23 -0000 Received: from mga18.intel.com ([134.134.136.126]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fcfJR-0004eg-Hm for speck@linutronix.de; Tue, 10 Jul 2018 01:11:22 +0200 Date: Mon, 9 Jul 2018 16:11:10 -0700 From: Andi Kleen Subject: [MODERATED] Re: [patch 2/2] Command line and documentation 2 Message-ID: <20180709231110.GP25550@tassilo.jf.intel.com> References: <20180708125216.197406530@linutronix.de> <20180708125654.812951995@linutronix.de> <20180709220701.GN25550@tassilo.jf.intel.com> <20180709230039.fkxexxncndhivjnh@treble> MIME-Version: 1.0 In-Reply-To: <20180709230039.fkxexxncndhivjnh@treble> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: > > Ah, so the command line description was actually wrong. The default > > is not novirt, but cond. That's good. But really need to fix that description > > in the other patch ... > > This description isn't correct. The default is 'never', unless > 'l1tf=full' or 'l1tf=full,force' is used, in which case the default is > 'cond'. IMHO that's wrong. We should default to cond at least. That would give reasonable security by default for most people. And hopefully the cond optimizations avoids some of the worst case performance impacts for short exits, but that still remains to be seen. -Andi