Re: [PATCH v3 5/6] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown

[Dave Hansen]

On 01/26/2018 04:14 AM, Yves-Alexis Perez wrote:
> I know we'll still be able to manually enable PTI with a command line option,
> but it's also a hardening feature which has the nice side effect of emulating
> SMEP on CPU which don't support it (e.g the Atom boxes above).

For Meltdown-vulnerable systems, it's a no brainer: pti=on.  The
vulnerability there is just too much.

But, if we are going to change the default, IMNHO, we need a clear list
of what SMEP emulation mitigates and where.  RSB-related Variant 2 stuff
on Atom where the kernel speculatively 'ret's back to userspace is
certainly a concern.  But, there's a lot of other RSB stuffing that's
going on that will mitigate that too.

Were you thinking of anything concrete?

I haven't found anything compelling enough to justify the downsides,
especially since things without SMEP tend not to have PCIDs as well.