| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Feb 2018 10:37:36 -0500
From: Brian Gerst <brgerst@...il.com>
To: Pavel Machek <pavel@....cz>
Cc: Tom Lendacky <thomas.lendacky@....com>,
"the arch/x86 maintainers" <x86@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...hat.com>,
Andy Lutomirski <luto@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...e.de>
Subject: Re: [PATCH] x86/cpu, x86/pti: Do not enable PTI on AMD processors
On Mon, Feb 12, 2018 at 10:26 AM, Pavel Machek <pavel@....cz> wrote:
> On Tue 2017-12-26 23:43:54, Tom Lendacky wrote:
>> AMD processors are not subject to the types of attacks that the kernel
>> page table isolation feature protects against. The AMD microarchitecture
>> does not allow memory references, including speculative references, that
>> access higher privileged data when running in a lesser privileged mode
>> when that access would result in a page fault.
>>
>> Disable page table isolation by default on AMD processors by not setting
>> the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
>> is set.
>
> PTI was originally meant to protect KASLR from memory leaks, before
> Spectre was public. I guess that's still valid use on AMD cpus?
> Pavel
KASLR leaks are a much lower threat than Meltdown. Given that no AMD
processor supports PCID, enabling PTI has a much more significant
performance impact for a much smaller benefit. For the paranoid user
they still have the option to enable PTI at boot, but it should not be
on by default.
--
Brian Gerst
Powered by blists - more mailing lists