Re: [RFC] x86: Avoid CR3 load on compatibility mode with PTI

[Willy Tarreau]

On Sat, Jan 20, 2018 at 03:26:27PM +0100, Ingo Molnar wrote:
> 
> * Nadav Amit <nadav.amit@xxxxxxxxx> wrote:
> 
> > > So we are trading a 5-15% slowdown (PTI) for another 5-15% slowdown, plus we 
> > > are losing the soft-SMEP feature on older CPUs that PTI enables, which is a 
> > > pretty powerful mitigation technique.
> > 
> > This soft-SMEP can be kept by keeping PTI if SMEP is unsupported. Although we 
> > trade slowdowns, they are different ones, which allows the user to make his best 
> > decision.
> 
> Indeed, not allowing PTI to be disabled if SMEP is unavailable might be a 
> solution.

Well, I do not agree with this, for the simple reason that the SMEP-like
protection provided by PTI was in fact a byproduct of the Meltdown
mitigation, eventhough quite a valuable one. For me, disabling PTI means
"I want to recover the performance I had on this workload before the PTI
fixes because I value performance over security". By doing it per process
we'll allow users to have both performance for a few processes and
protection (including SMEP-like) for the rest of the system. Their only
other choice will be to completely disable PTI, thus removing all
protection and losing the SMEP emulation.

Best regards,
Willy