Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when pti_disable is set

[Willy Tarreau]

On Fri, Jan 12, 2018 at 09:55:45AM -0800, Linus Torvalds wrote:
> On Fri, Jan 12, 2018 at 8:27 AM, David Laight <David.Laight@xxxxxxxxxx> wrote:
> >
> > You need to allow for libraries that create threads before main()
> > is called.
> 
> I really don't think we do. I think the normal case is the wrapper.
> 
> Processes should never say "I'm so important that I'm disabling PTI".
> That's crazy talk, and wrong.
> 
> It's wrong for all the usual reasons - everybody always thinks that
> _their_ own work is so important and bug-free, and that things like
> PTI are about protecting all those other imcompetent people.
> 
> No. Bullshit. Nobody should ever disable PTI for themselves, because
> nobody is inherently trustworthy.
> 
> Instead, we have the case of  something _external_ saying "this
> process is so important that it should be started without PTI".

I totally agree, and what I initially envisionned (for my use case)
was a config option with a scary enough name if we couldn't have the
wrapper. But the wrapper brings the long term benefit of allowing us
to do what we want with the pgd, which is a nice add-on.

Willy