On Wed, Jan 10, 2018 at 09:01:02AM +0100, Ingo Molnar wrote: > > * Willy Tarreau <[email protected]> wrote: > > > [...] If we had "pit_enabled", something like this could be confusing > > because > > it's not obvious whether this pti_enabled *enforces* PTI or if its absence > > disables it : > > > > cmpb $0, PER_CPU_VAR(pti_enabled) > > jz .Lend\@ > > The natural sequence would be: > > cmpb $1, PER_CPU_VAR(pti_enabled) > jne .Lend\@ > > which is not confusing to me at all.
In fact I think I know now why it still poses me a problem : this pti_enabled flag alone is not sufficient to enable PTI, it's just part of the condition, as another part comes from the X86_FEATURE_PTI flag. However, pti_disabled is sufficient to disable PTI so actually its effect matches its name (note BTW that I called it "pti_disable" as a verb indicating an action -- "I want to disable pti", and not as a past form "pti is disabled"). Willy
