From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Google-Smtp-Source: AH8x227s0I7uJdE6OmRlu39i35xM78JXatoJclpznS8wT2MUUAWzCvL/AKKciSo0g8KvaA2e+Q3T ARC-Seal: i=1; a=rsa-sha256; t=1516968893; cv=none; d=google.com; s=arc-20160816; b=LMl1uoFoP80k/krRpk8TJw/bJhOCt7jaU+WHRgRTZ5cQYkrHRQ3p6IWw8Q5gu5CnLA e8TqJ4ueBQOg+K15OTEvUTTHdZEeOBYTpnliT6tWLuzbIbbRz4PNwWdKmcK9H05A0c3D IivLSJYIJzrNFg7krN50JjFI2V/93VRh+/9NVQxBlCjWuTYnJDNcFeUqBB9OQAZFAFGg k9uOh8w5cMcSP0K4L+MK93oaPl4LYPZ/QtKUwcxzMep1nIIBJTtF0KFfd8dLs6qLqzVu e1jvuW4kAL9Hv58DwrDsUCy0psMRjK4dUGC3AT50ygB3hu9zRglT9kzQZ6x0Uz3P4HAf w02g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:references:in-reply-to:date:to:from:subject:message-id :arc-authentication-results; bh=D2HBVo08wiGpTquuDE+X0TBG+Wtpdzxmmxxs+8WgAsM=; b=SteA9RiESTjTim9KAL30pSRx07osqevKZj7KNAPsCwpi3u19yzGrf/PvV4TZUXjzxK 49DRIK4/YsigBrsnXScIVULUEhNNzLIW2j8NWfRg4a7VJUW79DTimf7dQVUCIIE7GXT0 vlLExQQIjkKxMpmeGl4vy6hxN3wvksOYjzCQQOXRWCZo1jW4spsQi1/L3VjjYsdHPCWG u4Zsp7bI7qcLCu273Mzo6OKyiD6R5qDObR3IQwLCuouEh56JEJI1sBfSRtRM7G4i2ydX OcwT66cyPt1/vh99dHjD7KUcUsqA4EmJAmGUvF1LhuTICJcDMinN6geBUGPVfdSoGQP1 vdwA== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 78.194.244.226 is neither permitted nor denied by best guess record for domain of corsac@debian.org) smtp.mailfrom=corsac@debian.org Authentication-Results: mx.google.com; spf=neutral (google.com: 78.194.244.226 is neither permitted nor denied by best guess record for domain of corsac@debian.org) smtp.mailfrom=corsac@debian.org Message-ID: <1516968886.19619.7.camel@debian.org> Subject: Re: [PATCH v3 5/6] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown From: Yves-Alexis Perez To: David Woodhouse , arjan@linux.intel.com, tglx@linutronix.de, karahmed@amazon.de, x86@kernel.org, linux-kernel@vger.kernel.org, tim.c.chen@linux.intel.com, bp@alien8.de, peterz@infradead.org, pbonzini@redhat.com, ak@linux.intel.com, torvalds@linux-foundation.org, gregkh@linux-foundation.org, dave.hansen@intel.com, gnomes@lxorguk.ukuu.org.uk Date: Fri, 26 Jan 2018 13:14:46 +0100 In-Reply-To: <1516813025-10794-6-git-send-email-dwmw@amazon.co.uk> References: <1516813025-10794-1-git-send-email-dwmw@amazon.co.uk> <1516813025-10794-6-git-send-email-dwmw@amazon.co.uk> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-ywoLQ64KJvTvI4veuUYJ" X-Mailer: Evolution 3.26.3-1 Mime-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1590493766352787258?= X-GMAIL-MSGID: =?utf-8?q?1590657174669341275?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: --=-ywoLQ64KJvTvI4veuUYJ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2018-01-24 at 16:57 +0000, David Woodhouse wrote: > Some old Atoms, anything in family 5 or 4, and newer CPUs when they adver= tise > the IA32_ARCH_CAPABILITIES MSR and it has the RDCL_NO bit set, are not vu= lnerable. >=20 > Roll the AMD exemption into the x86_match_cpu() table too. >=20 > Based on suggestions from Dave Hansen and Alan Cox. Hi David, I know we'll still be able to manually enable PTI with a command line optio= n, but it's also a hardening feature which has the nice side effect of emulati= ng SMEP on CPU which don't support it (e.g the Atom boxes above). Couldn't we keep the =E2=80=9Cdefault on=E2=80=9D? Or maybe on boxes which = also have CPID (in order to limit the performance cost)? Regards, --=20 Yves-Alexis --=-ywoLQ64KJvTvI4veuUYJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlprG7YACgkQ3rYcyPpX RFufoQf+LE7/jozqn1bGpdAwPCMAYa03Oz4S3+7PEHAP6crkDv2X8MIvXBjqniNI Kx9cFvw0/gGZ64MuasDuRIQY3bv8uR2r2ojFb2Lw4Q3VSle7b6+rqVhF+m05yTIr Go9+GL8JnldnR4J0WePlUL2UDuv8oU1A88AMhTx3ROjOS/wABxGdLvLiEBMlzI2/ SdDyF4cX3P0wl9pJ8acSD1CbDSLPs8dguUJW6m5WzBIJXK55wTsZ2Hr7ZGTp2cEE R4sW3Qq16CtTfJuz1pFdiewX8stAulNd3C2651hKrLCVqtQ7Dh9y+8TPINjC2gwc rAbjptnRRlQrK+5OEpgpwI7E2uXKVw== =R0PD -----END PGP SIGNATURE----- --=-ywoLQ64KJvTvI4veuUYJ--