From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 09 Jul 2018 11:09:05 -0000 Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fcU2Q-0005QC-ER for speck@linutronix.de; Mon, 09 Jul 2018 13:09:04 +0200 Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 0F704AF54 for ; Mon, 9 Jul 2018 11:08:56 +0000 (UTC) Date: Mon, 9 Jul 2018 13:08:53 +0200 (CEST) From: Jiri Kosina Subject: [MODERATED] Re: [patch 2/2] Command line and documentation 2 In-Reply-To: <20180709110432.GB26055@gmail.com> Message-ID: References: <20180708125216.197406530@linutronix.de> <20180708125654.812951995@linutronix.de> <20180709110432.GB26055@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Mon, 9 Jul 2018, speck for Ingo Molnar wrote: > > + novirt,nowarn: Same as 'novirt', but hypervisors will not warn when > > + a VM is started in a potentially insecure configuration. > > + > > +The default is 'novirt'. > > Isn't the default 'novirt,nowarn'? No, the default absolutely is 'novirt' /* Default mitigation for L1TF-affected CPUs */ enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_NOVIRT; I don't think making default 'novirt,nowarn' would make any sense really. It's uncomfortable enough that the kernel is by default not turning the protection on. If it wouldn't be even issuing a warning, that'd be rather bad. Thanks, -- Jiri Kosina SUSE Labs