On Wed, Dec 05, 2018 at 01:41:30AM -0700, Jan Beulich wrote: > >>> On 04.12.18 at 22:35, <brian.wo...@amd.com> wrote: > > The other thing I don't get is why advertise virtualized SSBD when the > > guest setting it does nothing? If ssbd_opt=true is set, as the code is > > now, why even advertise it to the guest? I'd suggest either allowing > > the guest to turn it off or not advertise it at all (when ssbd_opt = > > true). > > I think it's better to advertise the feature nevertheless: Otherwise > the guest might either try some other way of mitigating the > (believed) vulnerability, or it may report in its logs that it's vulnerable > (without mitigation) when it really isn't. > > Jan >
I can understand that reasoning, but I'd still argue that an additional option to force guests to use SSBD (like setting ssbd=yes in these patches) and the default of ssbd=yes allow the guest to turn it off would be more correct. I'm not going to be adamant about it though. -- Brian Woods _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
