Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752030AbeAEQFi (ORCPT <rfc822;ralf@linux-mips.org> + 1 other);
        Fri, 5 Jan 2018 11:05:38 -0500
Received: from mx1.redhat.com ([209.132.183.28]:33642 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751784AbeAEQFg (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Jan 2018 11:05:36 -0500
Date: Fri, 5 Jan 2018 17:05:34 +0100
From: Andrea Arcangeli <aarcange@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: "Van De Ven, Arjan" <arjan.van.de.ven@intel.com>,
        Paul Turner <pjt@google.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Tim Chen <tim.c.chen@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andy Lutomirski <luto@kernel.org>,
        Greg KH <gregkh@linuxfoundation.org>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        Andi Kleen <ak@linux.intel.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 0/7] IBRS patch series
Message-ID: <20180105160534.GR26807@redhat.com>
References: <cover.1515086770.git.tim.c.chen@linux.intel.com>
 <CA+55aFx+5dUyKRjXEavnxzfXbiQnrmiSCw3PgPtSb+6OP-Qhcg@mail.gmail.com>
 <1515093549.29312.11.camel@infradead.org>
 <CA+55aFz+QcnA91H=bUh_oUogwhOaCY9qPqQkTdbeM-VanYGJVA@mail.gmail.com>
 <CAPM31RJ6y=iz5QD2P1tRGsC3buYzHsQ2tBrQSzU5HtiVXJ3s3w@mail.gmail.com>
 <1515162514.29312.131.camel@infradead.org>
 <0575AF4FD06DD142AD198903C74E1CC87A56B309@ORSMSX103.amr.corp.intel.com>
 <1515166704.29312.140.camel@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1515166704.29312.140.camel@infradead.org>
User-Agent: Mutt/1.9.2 (2017-12-15)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 05 Jan 2018 16:05:36 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>

On Fri, Jan 05, 2018 at 03:38:24PM +0000, David Woodhouse wrote:
> We had IBRS first, and especially on Broadwell and earlier, its
> performance really is painful.
> 
> Then came retpoline, purely as an optimisation. A very *important*
> performance improvement, but an optimisation nonetheless.
>
> When looking at optimisations, it is rare for us to say "oh, well it
> opens up only a *small* theoretical security hole, but it's faster so
> that's OK".

I couldn't express any better than the above, the way I look at
repotlines.

Now seeing how this thing escalates with 2-way gcc code emission with
amd version that will not have ibrs at all to call it around the bios
etc... and IBRS skylake is still needed as a 3-way alternative and no
code exists to even patch it all at boot like that, and then qemu has
to be compiled with reptoline and 2-way alternative there too, to
achieve ibrs 2 ibpb 1, it's not looking like the way to go to me.

Not in the short term at least, and for the long term "reptoline" is
guaranteed a totally useless effort.

reptoline is like highmem kmap() etc... eventually nobody will ever
use reptoline. reptoline is more interesting for downstream in fact if
something where at least we won't have to deal with that forever where
there's more control on the toolchain used, and after a certain number
of years that code expires.

I can imagine we'll unfortunately have to deal with reptoline at some
point, but starting with reptoline at least looks backwards,
especially if it's the long term you're planning for.

Thanks,
Andrea