> On Jan 9, 2018, at 2:06 PM, Willy Tarreau <[email protected]> wrote: > >> On Tue, Jan 09, 2018 at 10:46:02PM +0100, Borislav Petkov wrote: >>> On Tue, Jan 09, 2018 at 10:32:27PM +0100, Willy Tarreau wrote: >>> Requiring a reboot just to fix a performance problem you've discovered >>> the hard way is not the most friendly way to help users I'm afraid. >> >> That's a very strange argument: if you know you'd need max perf, you >> boot with pti=allow_optout. >> >> Color me confused. > > That's very simple : you first know you need more perf when you see the > name of your boss on your phone asking what's happening with the site > suddenly crawling at the worst possible moment, when everyone is there > to see it dead. Performance is something that's tuned at runtime, always, > not via random reboots. When you have 10 servers running at 100% CPU, > the last thing you're thinking about is to remove one of them so that > the 9 remaining ones are at 110% while you reboot :-/
Here's another idea: make it a module To enable it, you do modprobe pti_control allow_privileged_prctl=1.
