Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter

From: Ingo Molnar
Date: Thu May 16 2019 - 04:18:28 EST

Next message: Kairui Song: "Re: [RFC PATCH] vmcore: Add a kernel cmdline device_dump_limit"
Previous message: Boris Petkov: "Re: [PATCH 2/3 v3] x86/kexec: Set the C-bit in the identity map page table when SEV is active"
In reply to: Jiri Kosina: "Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter"
Next in thread: Josh Poimboeuf: "Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Jiri Kosina <jikos@xxxxxxxxxx> wrote:

> On Thu, 16 May 2019, Geert Uytterhoeven wrote:
>
> > Currently, if the user specifies an unsupported mitigation strategy on
> > the kernel command line, it will be ignored silently. The code will
> > fall back to the default strategy, possibly leaving the system more
> > vulnerable than expected.
>
> Honestly, I am not convinced. We are not doing this for vast majority of
> other cmdline options either, if for any at all.

That's really a weakness - I've been bitten by this previously: I typoed
or mis-remembered a command line option and didn't have it while I
thought I had it.

Our boot-commandline library is pretty user-unfriendly.

Thanks,

Ingo

Next message: Kairui Song: "Re: [RFC PATCH] vmcore: Add a kernel cmdline device_dump_limit"
Previous message: Boris Petkov: "Re: [PATCH 2/3 v3] x86/kexec: Set the C-bit in the identity map page table when SEV is active"
In reply to: Jiri Kosina: "Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter"
Next in thread: Josh Poimboeuf: "Re: [PATCH] cpu/speculation: Warn on unsupported mitigations= parameter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]