On Mon, 12 Feb 2018, Pavel Machek wrote:
> On Tue 2017-12-26 23:43:54, Tom Lendacky wrote:
> > AMD processors are not subject to the types of attacks that the kernel
> > page table isolation feature protects against. The AMD microarchitecture
> > does not allow memory references, including speculative references, that
> > access higher privileged data when running in a lesser privileged mode
> > when that access would result in a page fault.
> > Disable page table isolation by default on AMD processors by not setting
> > the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
> > is set.
> PTI was originally meant to protect KASLR from memory leaks, before
> Spectre was public. I guess that's still valid use on AMD cpus?
The KASLR attacks against which PTI protects are not based on a memory
leak. The KASLR attacks are revealing the kernel virtual address space w/o
revealing any data.
Quite some of those attacks can be mitigated via PTI, but only some of the
attacks work on AMD CPUs. The bulk (and easy to conduct) attacks do not
work work on AMD CPUs due to the same reason why Meltdown does not work.