On Fri, 26 Jan 2018 13:14:46 +0100 Yves-Alexis Perez <cor...@debian.org> wrote:
> On Wed, 2018-01-24 at 16:57 +0000, David Woodhouse wrote: > > Some old Atoms, anything in family 5 or 4, and newer CPUs when they > > advertise > > the IA32_ARCH_CAPABILITIES MSR and it has the RDCL_NO bit set, are not > > vulnerable. > > > > Roll the AMD exemption into the x86_match_cpu() table too. > > > > Based on suggestions from Dave Hansen and Alan Cox. > > Hi David, > > I know we'll still be able to manually enable PTI with a command line option, > but it's also a hardening feature which has the nice side effect of emulating > SMEP on CPU which don't support it (e.g the Atom boxes above). > > Couldn't we keep the “default on”? Or maybe on boxes which also have CPID (in > order to limit the performance cost)? For the old atom processors you really don't want the extra cost as a default. These are older much slower devices and don't have PCID. Alan