Received: by 10.223.185.116 with SMTP id b49csp2398020wrg; Mon, 12 Feb 2018 08:56:32 -0800 (PST) X-Google-Smtp-Source: AH8x2262qmH2u1Bi3liOe7WvBYsCgWzoS//8r0kpUOQ0Zxp9E2H97C1cLedVDhqTwyI+qPEkYvpg X-Received: by 10.101.77.134 with SMTP id p6mr9626307pgq.230.1518454592433; Mon, 12 Feb 2018 08:56:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518454592; cv=none; d=google.com; s=arc-20160816; b=q+8YRfEV22IHcUlkuM7POBoFjLUXnb66Oki5aSICWNCQx/IJK/KIwiQ7BxXEgaP+Bl EE9kGhVKxom0aguvzTBK2fHJ0NT07uJAx6OUMKAeGjPeHq4HSUVB/6WguFjcMVAoDk60 Kl6EoseVWWlEn6RjYmde0FUNeQ/4ttPxfmzw335M2cG0f8nGQoog1ARZDCKsYSE02rrK 39ilH+jtktdOLoFP3N7Hj2aT9XMEDiRE6h2bBkRSKzZ/CnWWb7HIaXEZK9ngCIvKywiE k5NHcXS/tFr7K7ecpV+DmqHafMP/re0RcBSoqBLn+Q3204/r1ZxM8sDtBGbeezZCvve+ H9rQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=xt1a9/hE1QwqgdKb1VhWl628WklLcLxs97ZT5eifO7o=; b=GZZ3gb9hn9vS3R1RgQGyZsEID9n+bXVvLUbMUkZ1Yy9R8sjvCmOZpU7j1INGHz8HLY g7OkDWVGhMpmJdDqnj94gZJXmihBLsG1xi5/1Us3G8Z1VaI/PQdwQlnquKC49RAvEVsZ tEHG8L1TyzWy+Rz5fN6j5GfazTP07nyPWJPWzYFDTEZLDEHhjNOSWo9TUR2vcbMbUyDU 3Y1OWA7MmAifb8jIIpIEIOV2F6+ZHzw86u1tXmuVp2RP8Z8QdO3CWpBh2Pyu5tqyrwGi U8/ZZR85uBs3Yvob4sTf0pgmI77oRuDsDDsbrq+YNj2jUgS0pV3teHrTvGPMXDuJ7HUI FgYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HcshtjWd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x88si2853570pfj.307.2018.02.12.08.56.17; Mon, 12 Feb 2018 08:56:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=HcshtjWd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753487AbeBLPhj (ORCPT + 99 others); Mon, 12 Feb 2018 10:37:39 -0500 Received: from mail-io0-f196.google.com ([209.85.223.196]:35186 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753196AbeBLPhh (ORCPT ); Mon, 12 Feb 2018 10:37:37 -0500 Received: by mail-io0-f196.google.com with SMTP id m11so17662242iob.2 for ; Mon, 12 Feb 2018 07:37:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xt1a9/hE1QwqgdKb1VhWl628WklLcLxs97ZT5eifO7o=; b=HcshtjWdfUj2PdDcDWZK7Fyb8+8lE7jeo+izKnUnexMc+ukN7UgRJy2671asX5zvSX 9UYy2d0rAw8WNjRubSQg/ReYr+hJ3/rZFn3pAxJJymVfS7fIsg9rizqjYDKmtsVBAv01 NVJGrfv//3JWPDvkgKPOeUTm++/I0ckf3glDrUA2aheI2dGE+hnyGf+vdAGW5mElzIa9 iw0Mn231uSQIS38DnMac539CiQSI53szdiFKt1JuF/lyrJ6uaQsBNB+ietEFaHfSCLMo xqy9EttUvbwbVMumE0Tdfwf5nFGlzDyLV1qGgwGqNr2R+XtLqpJj3PrrcnGNeI2k2+RE 9bEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xt1a9/hE1QwqgdKb1VhWl628WklLcLxs97ZT5eifO7o=; b=QijzDRAixjCamW1SeuPvfmrdiNoHGcVLtguko370v3ileLfH134YLwawBZhrDPt1+H hJzshXqaI9a6KGHUdLlmgMvcgRy7TYplqRIACgln43Z1lAC3+fBdyoolx3wFK5mUJIma Gy5qBqe6djtd0UEo/Pz8w62kv5F1RuLG6PzB4Untn5GxOpO7F4gCCXtN+Hp5ihdR9LSY bw9UA2QqZWtyQgcvd+uztn+HyO416Cyu0vdNk1sav+8S8GVdR/ATSke72FNmaNjeHQKh sVzUU3MMVSPjNQhD2uG3WAdf899nCpa0V6ojyBxRf4t7bI3lLgC19yNxRzFR4Q/2Ppp9 yNtw== X-Gm-Message-State: APf1xPBrOvPNTJ2Trbiaji2bAHV6SbycXh8JvQyy+0cbOaOHzVRg6hM7 IhuArmhciaaHEKmm/zcj2nuRGTsl+e0T24PEEw== X-Received: by 10.107.83.12 with SMTP id h12mr12723747iob.277.1518449857002; Mon, 12 Feb 2018 07:37:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.118.212 with HTTP; Mon, 12 Feb 2018 07:37:36 -0800 (PST) In-Reply-To: <20180212152630.GD13962@amd> References: <20171227054354.20369.94587.stgit@tlendack-t1.amdoffice.net> <20180212152630.GD13962@amd> From: Brian Gerst Date: Mon, 12 Feb 2018 10:37:36 -0500 Message-ID: Subject: Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors To: Pavel Machek Cc: Tom Lendacky , "the arch/x86 maintainers" , Dave Hansen , Linux Kernel Mailing List , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Thomas Gleixner , Borislav Petkov Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 12, 2018 at 10:26 AM, Pavel Machek wrote: > On Tue 2017-12-26 23:43:54, Tom Lendacky wrote: >> AMD processors are not subject to the types of attacks that the kernel >> page table isolation feature protects against. The AMD microarchitecture >> does not allow memory references, including speculative references, that >> access higher privileged data when running in a lesser privileged mode >> when that access would result in a page fault. >> >> Disable page table isolation by default on AMD processors by not setting >> the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI >> is set. > > PTI was originally meant to protect KASLR from memory leaks, before > Spectre was public. I guess that's still valid use on AMD cpus? > Pavel KASLR leaks are a much lower threat than Meltdown. Given that no AMD processor supports PCID, enabling PTI has a much more significant performance impact for a much smaller benefit. For the paranoid user they still have the option to enable PTI at boot, but it should not be on by default. -- Brian Gerst