Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751470AbeAGBhC (ORCPT + 1 other); Sat, 6 Jan 2018 20:37:02 -0500 Received: from shards.monkeyblade.net ([184.105.139.130]:50208 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751105AbeAGBg7 (ORCPT ); Sat, 6 Jan 2018 20:36:59 -0500 Date: Sat, 06 Jan 2018 20:36:54 -0500 (EST) Message-Id: <20180106.203654.731754766847198456.davem@davemloft.net> To: w@1wt.eu Cc: gnomes@lxorguk.ukuu.org.uk, alexei.starovoitov@gmail.com, torvalds@linux-foundation.org, dan.j.williams@intel.com, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, ak@linux.intel.com, arnd@arndb.de, gregkh@linuxfoundation.org, peterz@infradead.org, netdev@vger.kernel.org, mingo@redhat.com, hpa@zytor.com, tglx@linutronix.de Subject: Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok From: David Miller In-Reply-To: <20180106204229.GD9075@1wt.eu> References: <20180106181331.mmrqwwbu2jcjj2si@ast-mbp> <20180106183859.1ad9ae37@alans-desktop> <20180106204229.GD9075@1wt.eu> X-Mailer: Mew version 6.7 on Emacs 25.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Sat, 06 Jan 2018 17:36:58 -0800 (PST) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: From: Willy Tarreau Date: Sat, 6 Jan 2018 21:42:29 +0100 > On Sat, Jan 06, 2018 at 06:38:59PM +0000, Alan Cox wrote: >> Normally people who propose security fixes don't have to argue about the >> fact they added 30 clocks to avoid your box being 0wned. > > In fact it depends, because if a fix makes the system unusable for its > initial purpose, this fix will simply not be deployed at all, which is > the worst that can happen. +1 I completely agree with Willy and Alexei. And the scale isn't even accurate, we're talking about at least hundreds upon hundreds of clocks, not 30, if we add an operation whose side effect is to wait for all pending loads to complete. So yeah this is going to be heavily scrutinized.