Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755341AbeAHCYS (ORCPT + 1 other); Sun, 7 Jan 2018 21:24:18 -0500 Received: from mail-pf0-f174.google.com ([209.85.192.174]:44203 "EHLO mail-pf0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754888AbeAHCYO (ORCPT ); Sun, 7 Jan 2018 21:24:14 -0500 X-Google-Smtp-Source: ACJfBoumG/YpS0aEewyUNG1N/BxR8Cw0M+OmQVQQ/eGIrKq9c8c5QMJPRZsGcmIG+4eMfkDVi7EZ+A== Date: Sun, 7 Jan 2018 18:24:11 -0800 From: Alexei Starovoitov To: Dan Williams Cc: Linus Torvalds , Willy Tarreau , Alan Cox , Linux Kernel Mailing List , linux-arch@vger.kernel.org, Andi Kleen , Arnd Bergmann , Greg Kroah-Hartman , Peter Zijlstra , Network Development , Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner Subject: Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok Message-ID: <20180108022409.q2riz6wzbcm3dkx6@ast-mbp> References: <20180106185134.dzn2en4vw2hj3p6h@ast-mbp> <20180106195551.3207f75d@alans-desktop> <20180106200912.zhzdt4qmfrojeeqe@ast-mbp> <20180106202213.23e553fb@alans-desktop> <20180106211729.cp5oet3at3hyce4o@ast-mbp> <20180106230507.3547c9a0@alans-desktop> <20180107033812.awq3vz4gdkps7tix@ast-mbp> <20180107063356.GA9425@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170421 (1.8.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Sun, Jan 07, 2018 at 12:15:40PM -0800, Dan Williams wrote: > > I'm thinking we should provide the option to at least build the > hot-path nospec_array_ptr() usages without an lfence. > > CONFIG_SPECTRE1_PARANOIA_SAFE > CONFIG_SPECTRE1_PARANOIA_PERF SAFE vs PERF naming is problematic and misleading, since users don't have the data to make a decision they will be forced to go with SAFE. What is not safe about array_access() macro with AND ? How lfence approach makes it safer ? Only because lfence was blessed by intel earlier when they couldn't figure out a different way? How about: CONFIG_SPECTRE1_WORKAROUND_INDEX_MASK CONFIG_SPECTRE1_WORKAROUND_LOAD_FENCE > ...if only for easing performance testing and let the distribution set > its policy. > > Where hot-path usages can do: > > nospec_relax(nospec_array_ptr()) AND approach doesn't prevent speculation hence nospec_ is an incorrect prefix. Alan's "speculation management" terminology fits well here. Can we keep array_access() name and change it underneath to either mask or lfence ?