Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756760AbeAHQxx (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Mon, 8 Jan 2018 11:53:53 -0500
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:38921 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752168AbeAHQxw (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Jan 2018 11:53:52 -0500
Date: Mon, 8 Jan 2018 17:53:04 +0100
From: Willy Tarreau <w@1wt.eu>
To: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Jon Masters <jcm@redhat.com>,
        "Woodhouse, David" <dwmw@amazon.co.uk>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Alan Cox <gnomes@lxorguk.ukuu.org.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Andi Kleen <andi@firstfloor.org>,
        Greg Kroah-Hartman <gregkh@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Jeff Law <law@redhat.com>, Nick Clifton <nickc@redhat.com>
Subject: Re: Avoid speculative indirect calls in kernel
Message-ID: <20180108165304.GB10913@1wt.eu>
References: <4dde456c-fd15-e768-8876-5844c8b7c455@redhat.com>
 <alpine.DEB.2.20.1801050153290.2127@nanos>
 <20180105064946.GA4007@1wt.eu>
 <44f1b753-47d3-82e3-9401-256b4beadd4f@intel.com>
 <20180105071333.GA4029@1wt.eu>
 <20180107141410.d6xd573s436ma5kz@pd.tnic>
 <20180107174451.GD9772@1wt.eu>
 <20180107185511.3r73spn4ylxgmd4u@pd.tnic>
 <20180107221038.GB9996@1wt.eu>
 <20180108162240.zw2oe43unfihehcg@pd.tnic>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180108162240.zw2oe43unfihehcg@pd.tnic>
User-Agent: Mutt/1.6.1 (2016-04-27)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Mon, Jan 08, 2018 at 05:22:41PM +0100, Borislav Petkov wrote:
> On Sun, Jan 07, 2018 at 11:10:38PM +0100, Willy Tarreau wrote:
> >  I just want to be clear that the big drop some of us are facing is
> > not an option *at all* for certain processes in certain environments
> > and that we'll either continue to run with pti=off or with pti=on + a
> > finer grained setting ASAP.
> 
> And that's all I'm saying: do pti=off in that case. The finer-grained
> "solution" is just silly.

I disagree because I want that, as much as possible, occasional
unprivileged local users can't exploit it. pti=off gives them full
access. The finer-grained solution ensures that only a few processes
share the same risk as the kernel as they work together to deliver
the service. And that's what I've implemented in a patch series I
sent in another thread :-)

   https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1580131.html

Cheers,
Willy