Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756760AbeAHQxx (ORCPT + 1 other); Mon, 8 Jan 2018 11:53:53 -0500 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:38921 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752168AbeAHQxw (ORCPT ); Mon, 8 Jan 2018 11:53:52 -0500 Date: Mon, 8 Jan 2018 17:53:04 +0100 From: Willy Tarreau To: Borislav Petkov Cc: Dave Hansen , Thomas Gleixner , Jon Masters , "Woodhouse, David" , Paolo Bonzini , Alan Cox , Linus Torvalds , Andi Kleen , Greg Kroah-Hartman , Tim Chen , Linux Kernel Mailing List , Jeff Law , Nick Clifton Subject: Re: Avoid speculative indirect calls in kernel Message-ID: <20180108165304.GB10913@1wt.eu> References: <4dde456c-fd15-e768-8876-5844c8b7c455@redhat.com> <20180105064946.GA4007@1wt.eu> <44f1b753-47d3-82e3-9401-256b4beadd4f@intel.com> <20180105071333.GA4029@1wt.eu> <20180107141410.d6xd573s436ma5kz@pd.tnic> <20180107174451.GD9772@1wt.eu> <20180107185511.3r73spn4ylxgmd4u@pd.tnic> <20180107221038.GB9996@1wt.eu> <20180108162240.zw2oe43unfihehcg@pd.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180108162240.zw2oe43unfihehcg@pd.tnic> User-Agent: Mutt/1.6.1 (2016-04-27) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Mon, Jan 08, 2018 at 05:22:41PM +0100, Borislav Petkov wrote: > On Sun, Jan 07, 2018 at 11:10:38PM +0100, Willy Tarreau wrote: > > I just want to be clear that the big drop some of us are facing is > > not an option *at all* for certain processes in certain environments > > and that we'll either continue to run with pti=off or with pti=on + a > > finer grained setting ASAP. > > And that's all I'm saying: do pti=off in that case. The finer-grained > "solution" is just silly. I disagree because I want that, as much as possible, occasional unprivileged local users can't exploit it. pti=off gives them full access. The finer-grained solution ensures that only a few processes share the same risk as the kernel as they work together to deliver the service. And that's what I've implemented in a patch series I sent in another thread :-) https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1580131.html Cheers, Willy