Re: [PATCH v3 5/6] x86/pti: Do not enable PTI on processors which are not vulnerable to Meltdown

[Arjan van de Ven]

On 1/26/2018 7:27 AM, Dave Hansen wrote:
> On 01/26/2018 04:14 AM, Yves-Alexis Perez wrote:
> > I know we'll still be able to manually enable PTI with a command line option,
> > but it's also a hardening feature which has the nice side effect of emulating
> > SMEP on CPU which don't support it (e.g the Atom boxes above).
>
> For Meltdown-vulnerable systems, it's a no brainer: pti=on.  The
> vulnerability there is just too much.
>
> But, if we are going to change the default, IMNHO, we need a clear list
> of what SMEP emulation mitigates and where.  RSB-related Variant 2 stuff
> on Atom where the kernel speculatively 'ret's back to userspace is
> certainly a concern.  But, there's a lot of other RSB stuffing that's
> going on that will mitigate that too.
>
> Were you thinking of anything concrete?

not Atom though. Atom has has SMEP for a very long time, at least the ones
that do speculation do afaict.

SMEP is for other bugs (dud kernel function pointer) and for that,
emulating SMEP is an interesting opt-in for sure.