Received: by 10.223.176.46 with SMTP id f43csp824144wra; Fri, 26 Jan 2018 07:29:24 -0800 (PST) X-Google-Smtp-Source: AH8x227FzernMbaUMW6EPZfSF4b03BwaRr4vmAk0tPW2zK3Ylnv/EolkmHPgHcQLmVkJBKF2JdU5 X-Received: by 10.98.31.131 with SMTP id l3mr19736013pfj.116.1516980564626; Fri, 26 Jan 2018 07:29:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516980564; cv=none; d=google.com; s=arc-20160816; b=KY06V8zzY/dejUdpwkPECPfU7pixXXGXbGt5YTyshNkYV67HfFukoCLTISL3mlZO2n XQrFBh8D8NiZZUcSmV8DfwVnpNtTzQazsCWh/uvR/tT7bHIiCg4h7XfzczO6MJgTsMkM nTr1HTIx2aQgl/OZVLnWWq4zbmjw9DJhp9d1h/bVCfBX4/RjOwOocdoe5qzZTKhgw572 GasWWJAREsRm1MBiQuu/JH9hIndrsLGsMKN9/Wa1dLEalIvCPxb72zSrVF33wRlt4XHQ ijYzhzmmc7F/c0U/di+PZSgiU33A2df/2e1efxB4cS0ocXDWiOyzOoQ5pIuLpX7sbzA8 t8kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:arc-authentication-results; bh=uFTLwoQpmrKmRUrBqQ9Xrq6nVQYx5gqQxbLiBKloVnU=; b=M2+XDXzlRCFklYMrH3bTqKi7xAdyFO643+5Wzq+RdkdK9bx+ZRaFu7kyZEU25H+A2U peCYIIGCiUl0vKSSKAWEX2ne/vJI+Yx+B90cPXBqmVcbnt619DKEk3lSUMX0usWz2PZE xXrWbAN/kFnEUEBz87O6gv4SHRR0DKz86/51YOL2bgeg+flUNgYzNlYkzwp8FPkNqpxm Y3aXa5zAKG7bytWo8cuU+4Vu6ziQ2aWHi+YohkZqUmVCiHJKbmlcAbvxNMvvFD3Ka04M 9Sl+fI7/tu02G6QmlMGE6GtwJXQalbPee5u9IIaHKou03HSN9y9kehg7XVFZwT5sVGUM iDCA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 70-v6si3831717pla.635.2018.01.26.07.29.09; Fri, 26 Jan 2018 07:29:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753633AbeAZP1q (ORCPT + 99 others); Fri, 26 Jan 2018 10:27:46 -0500 Received: from mga03.intel.com ([134.134.136.65]:16928 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753577AbeAZP1j (ORCPT ); Fri, 26 Jan 2018 10:27:39 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jan 2018 07:27:38 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,417,1511856000"; d="scan'208";a="13700176" Received: from ezdoller-desk.amr.corp.intel.com (HELO [10.254.75.239]) ([10.254.75.239]) by orsmga006.jf.intel.com with ESMTP; 26 Jan 2018 07:27:38 -0800 Subject: Re: [PATCH v3 5/6] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown To: Yves-Alexis Perez , David Woodhouse , arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, gnomes@lxorguk.ukuu.org.uk References: <1516813025-10794-1-git-send-email-dwmw@amazon.co.uk> <1516813025-10794-6-git-send-email-dwmw@amazon.co.uk> <1516968886.19619.7.camel@debian.org> From: Dave Hansen Message-ID: Date: Fri, 26 Jan 2018 07:27:38 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <1516968886.19619.7.camel@debian.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/26/2018 04:14 AM, Yves-Alexis Perez wrote: > I know we'll still be able to manually enable PTI with a command line option, > but it's also a hardening feature which has the nice side effect of emulating > SMEP on CPU which don't support it (e.g the Atom boxes above). For Meltdown-vulnerable systems, it's a no brainer: pti=on. The vulnerability there is just too much. But, if we are going to change the default, IMNHO, we need a clear list of what SMEP emulation mitigates and where. RSB-related Variant 2 stuff on Atom where the kernel speculatively 'ret's back to userspace is certainly a concern. But, there's a lot of other RSB stuffing that's going on that will mitigate that too. Were you thinking of anything concrete? I haven't found anything compelling enough to justify the downsides, especially since things without SMEP tend not to have PCIDs as well.