Received: by 10.223.176.46 with SMTP id f43csp2191609wra; Sun, 21 Jan 2018 13:37:04 -0800 (PST) X-Google-Smtp-Source: AH8x226q3qDWW0praUkeC9ycxfWCB9ry0+0Zck1FVQHhIRnqMLqKroerWpCnOSBDRRPejQJP+EyC X-Received: by 10.99.51.203 with SMTP id z194mr4272053pgz.217.1516570624653; Sun, 21 Jan 2018 13:37:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516570624; cv=none; d=google.com; s=arc-20160816; b=QY+OsIdTVpf/LcR/3V52OE9hCdfW1zEc7x2BIrp0nFEf0iR6TaBF3sxIu9y8xBYngV /7V+MSwkneuO7S1Q+fyEUGOWoKdR5J30EM4WUjAXDZhEqUZSch57kKhDEpjEvfkOx4+K 84x/6NBu2GDdeC8e9WWE/3lh3KNPe1x8BA46QOZZvBFAGdGE9OQChZM+IVObbb1So/4H lMi2sjFFqRVQBiWT7eej2d7ZaK9c/VKve0UvrmaiBije9Rwdq0cVXARfRqHFzWEO4ZCj m8fW/wtU4DpnCNXnWMiHQ4EH/NVAyWaON6/YLndhQhrVqsV+mlOZST3NnhAC2XGfvJ00 09cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=TvsOqBDACbdaX5+4c0EVJSR1s8kRAd+FLG9R8nASfsk=; b=GHD+K/baWXGm2/ry+Ev4twPv5w5PjbzDJyR2x/+tFdAmlGus6T2pMFyNqCGATtEiqT DBDrASJUa6LnDwuy9na59c7zBUwMCYgCnyw66cE02gfidFfxqY46MItmNuU4cuiNIC6D xvlkaZd9ZD/Wj+wUNLPUWpz93k1MyTUXOP7hO0kRMj40D04T8QJMNGViGaYnio+Sc0oV phfPzr/RyXnNPzGpJk61Q9LvQwGqBMtFNuzIf2K+PyTMR03CkBr64qRSEhtFKog4UU4B WvMnZKP1KnazxbVfshdnzPxd0ibwqpK7PorcNxDB4c7e1eWlzFaEvw29I7Dfm5lzQBqi WErA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=GICaBT4c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f12si12890899pga.22.2018.01.21.13.36.50; Sun, 21 Jan 2018 13:37:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=GICaBT4c; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750981AbeAUVgC (ORCPT + 99 others); Sun, 21 Jan 2018 16:36:02 -0500 Received: from mail-it0-f47.google.com ([209.85.214.47]:40929 "EHLO mail-it0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750877AbeAUVgA (ORCPT ); Sun, 21 Jan 2018 16:36:00 -0500 Received: by mail-it0-f47.google.com with SMTP id 196so7680036iti.5; Sun, 21 Jan 2018 13:36:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=TvsOqBDACbdaX5+4c0EVJSR1s8kRAd+FLG9R8nASfsk=; b=GICaBT4cQ0C5AEj9z2Tr8lofAkZCEaOcS1qJocSmUUZWqJRx7jkZ2Vn91mvc6o21vO LzpfapVVoSnUqESfMkJGEYzOPZgQzShI2XLVmQpnump/b6s1wBcz51XGfQz+TP/Y4yGv JPiclGeYpNBmQu7Bnv6HkmA2AMOin7CZbYVa3gZ0hveGPrH2ZUPpVMa1tJpQ6B0LTJli S5P/biixlux85TB6iqyirkXEXCwtOzlOkSO20WlXh79Wtwf6QDsPvA2JYczY182YZ26R NpvbF0BlRmejm0du0mvm9/nxiEzuWlCYCZEHKXfujSJep2mMIodmx9B2bMQqX966ZD54 K7AQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=TvsOqBDACbdaX5+4c0EVJSR1s8kRAd+FLG9R8nASfsk=; b=SClYFtWRAywW1HiAxL8d1+LXWa2grw7XbS/se5cuK+SQlcJ4dnY3DgI+nIjn2wKos6 LNgqEYGSFyVh2TohEKbJkBMzOn+rLDfbs1ff+ocYb9D83XeGW+8uj+pVeEuNCaBDIyPC ou+f40ceNpaycVZBOVEqgkopjY4cDjSgl/yLKojDUoR1125Rp3T8pD5WlnVbp8ekbrXL Dfdb1T/G2AsmXuXm6yBTOnKg581NNBPpzkCLAZomrAERFH6tgdh7pP7r1dyxMtJc78JJ PoI5FtZgnnY1f5j7kpWiNsIz4tLSFcUOXW1O0FWrJdSrOHS8Y/UOD7rLpmbX0uOjMs9k sfPA== X-Gm-Message-State: AKwxytcI11jmxVy82/fKt1xZbObr4YqPcN+8tnT/IOL2IBW9tQEkoPF3 XxB/zuypIyqcA57bGhZwZfTHl6QXawkDIYDEp3Q= X-Received: by 10.36.175.88 with SMTP id l24mr5961170iti.139.1516570559524; Sun, 21 Jan 2018 13:35:59 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.59.196 with HTTP; Sun, 21 Jan 2018 13:35:59 -0800 (PST) In-Reply-To: <1516566497.9814.78.camel@infradead.org> References: <1516476182-5153-1-git-send-email-karahmed@amazon.de> <1516476182-5153-10-git-send-email-karahmed@amazon.de> <1516566497.9814.78.camel@infradead.org> From: Linus Torvalds Date: Sun, 21 Jan 2018 13:35:59 -0800 X-Google-Sender-Auth: 4hE-ysKXHW_VzFVbRcJJ_bXwG4Y Message-ID: Subject: Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation To: David Woodhouse Cc: KarimAllah Ahmed , Linux Kernel Mailing List , Andi Kleen , Andrea Arcangeli , Andy Lutomirski , Arjan van de Ven , Ashok Raj , Asit Mallick , Borislav Petkov , Dan Williams , Dave Hansen , Greg Kroah-Hartman , "H . Peter Anvin" , Ingo Molnar , Janakarajan Natarajan , Joerg Roedel , Jun Nakajima , Laura Abbott , Masami Hiramatsu , Paolo Bonzini , Peter Zijlstra , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Thomas Gleixner , Tim Chen , Tom Lendacky , KVM list , "the arch/x86 maintainers" , Arjan Van De Ven Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jan 21, 2018 at 12:28 PM, David Woodhouse wro= te: > On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote: >> All of this is pure garbage. >> >> Is Intel really planning on making this shit architectural? Has >> anybody talked to them and told them they are f*cking insane? >> >> Please, any Intel engineers here - talk to your managers. > > If the alternative was a two-decade product recall and giving everyone > free CPUs, I'm not sure it was entirely insane. You seem to have bought into the cool-aid. Please add a healthy dose of critical thinking. Because this isn't the kind of cool-aid that makes for a fun trip with pretty pictures. This is the kind that melts your brain. > Certainly it's a nasty hack, but hey =E2=80=94 the world was on fire and = in the > end we didn't have to just turn the datacentres off and go back to goat > farming, so it's not all bad. It's not that it's a nasty hack. It's much worse than that. > As a hack for existing CPUs, it's just about tolerable =E2=80=94 as long = as it > can die entirely by the next generation. That's part of the big problem here. The speculation control cpuid stuff shows that Intel actually seems to plan on doing the right thing for meltdown (the main question being _when_). Which is not a huge surprise, since it should be easy to fix, and it's a really honking big hole to drive through. Not doing the right thing for meltdown would be completely unacceptable. So the IBRS garbage implies that Intel is _not_ planning on doing the right thing for the indirect branch speculation. Honestly, that's completely unacceptable too. > So the part is I think is odd is the IBRS_ALL feature, where a future > CPU will advertise "I am able to be not broken" and then you have to > set the IBRS bit once at boot time to *ask* it not to be broken. That > part is weird, because it ought to have been treated like the RDCL_NO > bit =E2=80=94 just "you don't have to worry any more, it got better". It's not "weird" at all. It's very much part of the whole "this is complete garbage" issue. The whole IBRS_ALL feature to me very clearly says "Intel is not serious about this, we'll have a ugly hack that will be so expensive that we don't want to enable it by default, because that would look bad in benchmarks". So instead they try to push the garbage down to us. And they are doing it entirely wrong, even from a technical standpoint. I'm sure there is some lawyer there who says "we'll have to go through motions to protect against a lawsuit". But legal reasons do not make for good technology, or good patches that I should apply. > We do need the IBPB feature to complete the protection that retpoline > gives us =E2=80=94 it's that or rebuild all of userspace with retpoline. BULLSHIT. Have you _looked_ at the patches you are talking about? You should have - several of them bear your name. The patches do things like add the garbage MSR writes to the kernel entry/exit points. That's insane. That says "we're trying to protect the kernel". We already have retpoline there, with less overhead. So somebody isn't telling the truth here. Somebody is pushing complete garbage for unclear reasons. Sorry for having to point that out. If this was about flushing the BTB at actual context switches between different users, I'd believe you. But that's not at all what the patches do. As it is, the patches are COMPLETE AND UTTER GARBAGE. They do literally insane things. They do things that do not make sense. That makes all your arguments questionable and suspicious. The patches do things that are not sane. WHAT THE F*CK IS GOING ON? And that's actually ignoring the much _worse_ issue, namely that the whole hardware interface is literally mis-designed by morons. It's mis-designed for two major reasons: - the "the interface implies Intel will never fix it" reason. See the difference between IBRS_ALL and RDCL_NO. One implies Intel will fix something. The other does not. Do you really think that is acceptable? - the "there is no performance indicator". The whole point of having cpuid and flags from the microarchitecture is that we can use those to make decisions. But since we already know that the IBRS overhead is huge on existing hardware, all those hardware capability bits are just complete and utter garbage. Nobody sane will use them, since the cost is too damn high. So you end up having to look at "which CPU stepping is this" anyway. I think we need something better than this garbage. Linus