On Wed, Jan 10, 2018 at 05:09:22PM +0100, Borislav Petkov wrote: > On Wed, Jan 10, 2018 at 04:39:46PM +0100, Willy Tarreau wrote: > > For production, disabling PTI system-wide when I'm supposed to know what > > performance critical processes should be exempted doesn't appeal me very > > much, especially if it can happen by accident. So in the end I think that > > "pti=off" on the cmdline should be the only way to disable it system-wide > > as it doesn't represent a reasonable production case. Disabling it per > > process should be allowed via a sysctl, which would also be locked disabled > > for safety purposes. > > It still might make sense to be able to disable it system-wide without > having to reboot. Imagine a bunch of processes showing performance > regressions and you want to disable PTI completely to rule it out > causing that regression. Then you toggle the master switch.
Well, indeed. It will never be 100% equivalent to pti=off however since the alternative code will remain in place, but why not. Or maybe we have a way to change the alternatives at run time by changing a sysctl, but that doesn't please me a lot. I'll check this after the rest however, as I'm not sure about the code implications in the entry code (i.e. we'd rather not check a system wide variable, or we might need another per-CPU one). We could also just mention that the setting only applies to future processes, which will be much easier and probably sufficient. Willy
