Re: [PATCH RFC 2/4] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI

From: Ingo Molnar
Date: Mon Jan 08 2018 - 12:27:01 EST



* Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:

> On Mon, Jan 08, 2018 at 06:05:31PM +0100, Ingo Molnar wrote:
> > Note that there is somewhat of a fuzzy detail regarding AMD CPUs which are marked
> > as 'Meltdown safe': should an explicit request to turn on PTI be honored by the
> > kernel? Should that be some sort of separate 'force PTI on' attribute?
>
> AMD should not have FEATURE_PTI enabled, and thus not end up in any code
> that cares about TIF_NOPTI.

I know, this is the status quo.

Nevertheless:

- if someone disbelieves AMD's claims and wants to force-enable it, should it be
possible without patching the kernel?

- or if someone wants to test it on AMD to increase test coverage. pti=on will
already be force-enable it on AMD CPUs.

Likewise, there's the counter part on the app level PTI disabling/enabling
ABI functionality as well:

- should there be a way for sysadmins to force PTI enabled, even on apps that
want to turn it off?

- should there be a way for sysadmins to force PTI disabled, even for apps that
want to turn it on?

If we decide that we want to allow fine-grained, per app control of PTI, then all
of these look valid scenarios to me.

Thanks,

Ingo