I appreciate it. I saw that but was a little exhausted to process when I posted
There's a bit of hand waving around this it seems lol
I have a modern/current kernel (4.x is ancient) built with the option enabled, my command line lacks nopti, yet I do not see the protection message. That's the root of my confusion.
When I get back to my machine I'll check the sysfs file
Some googling suggests that flag is whether the kernel is compiled with support, not whether it's turned on. You'd need to force boot flag "pti=on" for an AMD system. Postmark or a database benchmark would be a good bench for you to compare, probably.
(apparently "kpti=on" is aarch64-specific, other uarchs use "pti" instead, seems kind of odd)
It doesn't paint AMD in any better of a light, but it may not be so dire.
The distributions at the top don't usually run a mainstream [vanilla] kernel. Consequently, neither do their children/derivatives.
For example, the kernel configs for my distribution (Fedora 35) show it as enabled - unless I'm missing some further step:
I ask and remain somewhat curious partly because I don't see the messages in the ring buffer I'd expect(based on some cursory research)
reply