[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=whH2daKsZTqVPb-G9mJ1g15XMse7j-9YqN+yBYk7M9=Dw@mail.gmail.com>
Date: Sun, 18 Nov 2018 14:00:03 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Jiri Kosina <jikos@...nel.org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
David Woodhouse <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
Tim Chen <tim.c.chen@...ux.intel.com>,
Casey Schaufler <casey.schaufler@...el.com>,
Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
"the arch/x86 maintainers" <x86@...nel.org>, stable@...r.kernel.org
Subject: Re: STIBP by default.. Revert?
On Sun, Nov 18, 2018 at 1:49 PM Jiri Kosina <jikos@...nel.org> wrote:
>
> > So why do that STIBP slow-down by default when the people who *really*
> > care already disabled SMT?
>
> BTW for them, there is no impact at all.
Right. People who really care about security and are anal about it do
not see *any* advantage of the patch.
But people who aren't that worried suddenly see potentially huge slowdowns.
In other words, the behavior of the patch is basically essentially
exactly the reverse of what you'd want. You penalize the people who
don't even want it and don't care.
> STIBP is only activated on systems with HT on; plus odds are that people
> who don't care about spectrev2 already have 'nospectre_v2' on their
> command-line, so they are fine as well.
I'm talking about *normal* people. People who simply aren't all that
invested in this all. People who just want to get their work done.
> So, I think it's as theoretical as any other spectrev2 (only with the
> extra "HT" condition added on top).
What? No.
It's *way* more theoretical than something like meltdown, which could
be trivially used to get data from another protection domain.
Have you seen any actual realistic attacks for normal human users?
Things where the *kernel* should actually care?
The javascript thing is for the browser to fix up, not for the kernel
to say "now everything should run up to 50% slower".
Linus
Powered by blists - more mailing lists