On Sat, Jan 20, 2018 at 03:26:27PM +0100, Ingo Molnar wrote: > > * Nadav Amit <nadav.a...@gmail.com> wrote: > > > > So we are trading a 5-15% slowdown (PTI) for another 5-15% slowdown, plus > > > we > > > are losing the soft-SMEP feature on older CPUs that PTI enables, which is > > > a > > > pretty powerful mitigation technique. > > > > This soft-SMEP can be kept by keeping PTI if SMEP is unsupported. Although > > we > > trade slowdowns, they are different ones, which allows the user to make his > > best > > decision. > > Indeed, not allowing PTI to be disabled if SMEP is unavailable might be a > solution.
Well, I do not agree with this, for the simple reason that the SMEP-like protection provided by PTI was in fact a byproduct of the Meltdown mitigation, eventhough quite a valuable one. For me, disabling PTI means "I want to recover the performance I had on this workload before the PTI fixes because I value performance over security". By doing it per process we'll allow users to have both performance for a few processes and protection (including SMEP-like) for the rest of the system. Their only other choice will be to completely disable PTI, thus removing all protection and losing the SMEP emulation. Best regards, Willy
