On Mon, Feb 12, 2018 at 10:26 AM, Pavel Machek <pa...@ucw.cz> wrote:
> On Tue 2017-12-26 23:43:54, Tom Lendacky wrote:
>> AMD processors are not subject to the types of attacks that the kernel
>> page table isolation feature protects against.  The AMD microarchitecture
>> does not allow memory references, including speculative references, that
>> access higher privileged data when running in a lesser privileged mode
>> when that access would result in a page fault.
>> Disable page table isolation by default on AMD processors by not setting
>> the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
>> is set.
> PTI was originally meant to protect KASLR from memory leaks, before
> Spectre was public. I guess that's still valid use on AMD cpus?
>                                                                 Pavel

KASLR leaks are a much lower threat than Meltdown.  Given that no AMD
processor supports PCID, enabling PTI has a much more significant
performance impact for a much smaller benefit.  For the paranoid user
they still have the option to enable PTI at boot, but it should not be
on by default.

Brian Gerst

Reply via email to