Received: by 10.223.176.46 with SMTP id f43csp826358wra; Fri, 26 Jan 2018 07:31:03 -0800 (PST) X-Google-Smtp-Source: AH8x226ne+AXMDHq1qvawl3B1Woqe6AuYTrl69qTajkj4yfQzxUo81+Vz3wPLKNY0PWnLqcQK+hu X-Received: by 10.99.171.78 with SMTP id k14mr15859935pgp.287.1516980663827; Fri, 26 Jan 2018 07:31:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516980663; cv=none; d=google.com; s=arc-20160816; b=0V6HL3IBRi8LGAxQTdssQoFWP5GDpH1rO+F1VcLS6qpEZ+e/IcYuhTRwO1P7szBKqC APVbVGIbbr0hGbOI28K4Dpv06suCdL+si5gZE3PfzK/x6SClo9+NTrGcfWqF03Hjvxd9 TfkU7mzaR86ctha7hZH3HhsPVhHQ1PS33XjCA2tbnZ2KvlGpsP4fpVU9ZATfeMH4h5Dg RyoEDtt9js1c4pZ1CKOXNim7457us3LXswbhMXiFzCiplILzw6cHSTTLt0LTw9PT/wYs T1JN7VN7kt3WQCCSO226+JMg5KV2dmyWTjwV2ZR93OhTUoqjdXO5UtUtMdf5oeS/lDtU XO1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:arc-authentication-results; bh=D/YfBxBOvT6CFgRLYv2n+FQyNrC9gt/6BO8MOUQYukI=; b=l2rSmg5GFN682NK0oWokuEFwHEOSfI4WlSkq0pcCaS4X4tmLPB415BQxhf1K2q/7Fr zaBJMkit45Sh4EcXdKL/oVflXllDEKvTv2xxuc7ver4LkcmOXD5eqW+d8VKfWPnhLByG htyXSRxyUFPGntumD0+1aM2E9D98VkwTahAlTq1/okvSzty7XUhNNRMG/EZ7QGvFp6Vk yo4mhMOFV4ASeDQVoPvWSGYRBmKr778TqG68AgMpPNmwXUeLGkvHRTi65Qz19BlH1p19 Jaqw6rgEsc5LOWfa7j+9c8FCbB1pJDZSkjdvnPex1effBbcDHdqkoxU1ZKn86ibK8mIR B8GA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s2si3110732pgc.320.2018.01.26.07.30.49; Fri, 26 Jan 2018 07:31:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753175AbeAZPaT (ORCPT + 99 others); Fri, 26 Jan 2018 10:30:19 -0500 Received: from mga04.intel.com ([192.55.52.120]:51336 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751662AbeAZPaS (ORCPT ); Fri, 26 Jan 2018 10:30:18 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jan 2018 07:30:18 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.46,417,1511856000"; d="scan'208";a="29705630" Received: from avandeve-mobl.amr.corp.intel.com (HELO [10.254.64.38]) ([10.254.64.38]) by orsmga002.jf.intel.com with ESMTP; 26 Jan 2018 07:30:16 -0800 Subject: Re: [PATCH v3 5/6] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown To: Dave Hansen , Yves-Alexis Perez , David Woodhouse , tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, gnomes@lxorguk.ukuu.org.uk References: <1516813025-10794-1-git-send-email-dwmw@amazon.co.uk> <1516813025-10794-6-git-send-email-dwmw@amazon.co.uk> <1516968886.19619.7.camel@debian.org> From: Arjan van de Ven Message-ID: Date: Fri, 26 Jan 2018 07:30:15 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/26/2018 7:27 AM, Dave Hansen wrote: > On 01/26/2018 04:14 AM, Yves-Alexis Perez wrote: >> I know we'll still be able to manually enable PTI with a command line option, >> but it's also a hardening feature which has the nice side effect of emulating >> SMEP on CPU which don't support it (e.g the Atom boxes above). > > For Meltdown-vulnerable systems, it's a no brainer: pti=on. The > vulnerability there is just too much. > > But, if we are going to change the default, IMNHO, we need a clear list > of what SMEP emulation mitigates and where. RSB-related Variant 2 stuff > on Atom where the kernel speculatively 'ret's back to userspace is > certainly a concern. But, there's a lot of other RSB stuffing that's > going on that will mitigate that too. > > Were you thinking of anything concrete? not Atom though. Atom has has SMEP for a very long time, at least the ones that do speculation do afaict. SMEP is for other bugs (dud kernel function pointer) and for that, emulating SMEP is an interesting opt-in for sure.