Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI

From: Willy Tarreau
Date: Tue Jan 09 2018 - 17:06:41 EST


On Tue, Jan 09, 2018 at 10:46:02PM +0100, Borislav Petkov wrote:
> On Tue, Jan 09, 2018 at 10:32:27PM +0100, Willy Tarreau wrote:
> > Requiring a reboot just to fix a performance problem you've discovered
> > the hard way is not the most friendly way to help users I'm afraid.
>
> That's a very strange argument: if you know you'd need max perf, you
> boot with pti=allow_optout.
>
> Color me confused.

That's very simple : you first know you need more perf when you see the
name of your boss on your phone asking what's happening with the site
suddenly crawling at the worst possible moment, when everyone is there
to see it dead. Performance is something that's tuned at runtime, always,
not via random reboots. When you have 10 servers running at 100% CPU,
the last thing you're thinking about is to remove one of them so that
the 9 remaining ones are at 110% while you reboot :-/

Willy