Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI

From: Ingo Molnar
Date: Wed Jan 10 2018 - 02:31:37 EST

Next message: Adrian Hunter: "Re: [PATCH 3/3] mmc: sdhci: fix o2 eMMC init bug and add support for hardware tuning"
Previous message: Takashi Iwai: "[GIT PULL] sound fixes for 4.15-rc8"
In reply to: Borislav Petkov: "Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI"
Next in thread: Willy Tarreau: "Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Borislav Petkov <bp@xxxxxxxxx> wrote:

> Oh, and you've built the kernel with the option to be able to disable
> PTI so it's not like you haven't seen it already.

In general in many corporate environments requiring kernel reboots or kernel
rebuilds limits the real-world usability of any kernel feature we offer down to
"non-existent". Saying "build your own kernel or reboot" is excluding a large
subset of our real-world users.

Build and boot options are fine for developers and testing. Otherwise _everything_
not readily accessible when your distro kernel has booted up is essentially behind
a usability (and corporate policy) wall so steep that it's essentially
non-existent to many users.

So either we make this properly sysctl (and/or prctl) controllable, or just don't
do it at all.

Thanks,

Ingo

Next message: Adrian Hunter: "Re: [PATCH 3/3] mmc: sdhci: fix o2 eMMC init bug and add support for hardware tuning"
Previous message: Takashi Iwai: "[GIT PULL] sound fixes for 4.15-rc8"
In reply to: Borislav Petkov: "Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI"
Next in thread: Willy Tarreau: "Re: [RFC PATCH v2 2/6] x86/arch_prctl: add ARCH_GET_NOPTI and ARCH_SET_NOPTI to enable/disable PTI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]