Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S933650AbeAJOmy (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Wed, 10 Jan 2018 09:42:54 -0500
Received: from mail.skyhub.de ([5.9.137.197]:35350 "EHLO mail.skyhub.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S932448AbeAJOmw (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Jan 2018 09:42:52 -0500
Date: Wed, 10 Jan 2018 15:42:39 +0100
From: Borislav Petkov <bp@alien8.de>
To: Willy Tarreau <w@1wt.eu>
Cc: Andy Lutomirski <luto@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
        Brian Gerst <brgerst@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Kees Cook <keescook@chromium.org>
Subject: Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and
 ARCH_SET_NOPTI to enable/disable PTI
Message-ID: <20180110144239.cm5t7j6s7akkpked@pd.tnic>
References: <20180109143653.GA12976@1wt.eu>
 <20180109145157.5ltqbz4o5sqkcggb@pd.tnic>
 <20180109145422.GD12976@1wt.eu>
 <CALCETrU_Qt+0k4GO2qp=9D7h5czp0QkY=D9Y4AUfs9yzpNHswQ@mail.gmail.com>
 <20180109212940.ffvqb6wmehmxre4i@pd.tnic>
 <20180109213227.GA13282@1wt.eu>
 <20180109214602.k7cuxwikg6xshztu@pd.tnic>
 <20180109220605.GE13282@1wt.eu>
 <20180109222036.6h7jjyaayusn4yb5@pd.tnic>
 <20180109224009.GA13326@1wt.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20180109224009.GA13326@1wt.eu>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Tue, Jan 09, 2018 at 11:40:09PM +0100, Willy Tarreau wrote:
> Boris, please don't try to make me look like a fool when I'm trying to
> explain a common process.

I haven't even intended to do that, sorry, maybe you're misunderstanding
me.

All I'm trying to say is booting with pti=allow_optout should be part of
the proper *setup* of the box. In the sense, the thing is kinda expected
to go to 100% and if performance is still not enough, to allow customers
to disable PTI per process for the price of diminished security.

But...

> No, your distro did. Please keep in mind that you were the one asking me
> to have this option so that distros can enable it to please their users,
> or possibly in fact to remove it to please the competitors.

... I was asking for this so that I can completely keep the code out of the
built kernel but from reading this thread, it sounds to me like we'd
need the full spectrum of options:

1. prohibit disabling of PTI
2. per-process PTI disabling
3. disable PTI on the system

and then show people how to do that and do that at runtime. Apparently,
it is important to people to be able to control that.

And also explain what each option means so that they can evaluate
themselves what they'd prefer.

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.