Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp792385ybg; Mon, 1 Jun 2020 14:45:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJweTBPuKZnm1bzrsYwukEriQEP5NPnSCC0Igo+wJCCO170Q8jYZtRIe8wW++/r26iCl5dsj X-Received: by 2002:a17:906:9254:: with SMTP id c20mr22055149ejx.540.1591047952478; Mon, 01 Jun 2020 14:45:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591047952; cv=none; d=google.com; s=arc-20160816; b=MWwywZs5EEz0hZdhJvqH8hJAVUhyY6GjdkG5ItahQGxwFJvAyz1dXwgLi6exPIu+tL 2oabMWztJej3imG2PNggzAdMDnzVFZS4B8i9B7BxNtWzfCyiqZHeLUmTMn1yJfys7Nra vXe4GJPnbc6Rp1LBV3muM3hJbL6ETOdldj/I8BkmYvy7TKeBvQsTqKsrQN8MLwouBJlA kRIxWmmgpEBJBsUj8vCSEv8zj/pwk216Nf+5V/e4owFqlMaRBEVTeRlcyY63d+dGjt67 RzOcsbn9/ifvMHWhdyoJD/oPqI13ksbmuQBfjtkMmAU6CAXDSoAdpB4jBeuORWrgZxd1 YTlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=0E8dX6z5svaGKiQ4AWeQa42pJuIWCtwm9+P3KiJSxhU=; b=T/UFLgnfEXcJshRMgDviRDcK0CrpFlS1P59okaIaQs7H6ZqPB/G7E0mou5RXdnnrsu d9oTl776dwo1HQaPY91FxbvIKmK/niD3X5XfL+oCsZuZ3Q5SuzVX/XAsbk5L6hOOmUJj LqprbmAVA2MEwannUU9ifLSPRUcCnn04yuHieQJKBPdHz1KjYQCFGZnzJhbxzPc9vJBa bLgH66y6Hx+YJByYjMX9eqqm7S6asPQ50ZJ+uo8Un3SY+3LV+aL6OcZ1eu9Iog4u9fhc OfD9Yzj4Usp+4MwjnLbAPi6//0OLwCNwfdMQWBlQnE26hG+19f84Juyqmn06YDzHGKzj QGcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hWVFzywM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f25si403692ejf.743.2020.06.01.14.45.29; Mon, 01 Jun 2020 14:45:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=hWVFzywM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728870AbgFAVnW (ORCPT + 99 others); Mon, 1 Jun 2020 17:43:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44310 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728360AbgFAVnV (ORCPT ); Mon, 1 Jun 2020 17:43:21 -0400 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF4EFC061A0E for ; Mon, 1 Jun 2020 14:43:19 -0700 (PDT) Received: by mail-lj1-x242.google.com with SMTP id c17so4306993lji.11 for ; Mon, 01 Jun 2020 14:43:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0E8dX6z5svaGKiQ4AWeQa42pJuIWCtwm9+P3KiJSxhU=; b=hWVFzywMhMvmiNOyDM1CxkS5a54IlqLtLluSwao6THnPiBIP5d3Fdj4PUdUeY+R1kt F9X5M0VxlW8BhlAM6mkFHlg2mixVbfFe6jv0yfMyTguEaM+7N3A/72Jq7WaXmAc59hBX turVdOh+NWFtRBemH/W4UGQRptwOLUNT5yvYY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0E8dX6z5svaGKiQ4AWeQa42pJuIWCtwm9+P3KiJSxhU=; b=ENe9+8ABA3ObzL6JXlvuDzpZsPlhwMwPxZmehz3eYMEt5GGzrBvTA3A8WrNo7o1VHY 6JIgabrDLsZn/RN3pBp2Nyvf1irWshLEgAoGpudi+XN+SIcH/YBcxfcnBoqy3FstiLA7 j3JqiOHXZG4N3Ri/dt04mhKR/BzN3xMOv5s4Kpq2iSAOXS2DHkfosgFxFLjOp+n7amNh bCrECN/g+dPKFHs34yNKyNjdf6d+vnnLZa0m8p8RKq+EVLUYsVwXhU7ku+MyTEL+aPNI HpVnv9xoe+j7+b+49/MAx+P5s2n19KZXzOiqmJNA2nUli6rRp85GgeEpniDIRD6uwKKI amsw== X-Gm-Message-State: AOAM5305nDbGKSxGRIHbPvjMysNRBOUDDhBI0i8iCHYDk8mCcRNJ7fSD 62fbLg8m07KqXzOrHxWKf1ATntaofBY= X-Received: by 2002:a05:651c:1207:: with SMTP id i7mr11338343lja.86.1591047796950; Mon, 01 Jun 2020 14:43:16 -0700 (PDT) Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com. [209.85.167.41]) by smtp.gmail.com with ESMTPSA id u15sm183397lfg.92.2020.06.01.14.43.15 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Jun 2020 14:43:16 -0700 (PDT) Received: by mail-lf1-f41.google.com with SMTP id e125so4861532lfd.1 for ; Mon, 01 Jun 2020 14:43:15 -0700 (PDT) X-Received: by 2002:ac2:5a0a:: with SMTP id q10mr12359143lfn.142.1591047795340; Mon, 01 Jun 2020 14:43:15 -0700 (PDT) MIME-Version: 1.0 References: <20200601170102.GA1346815@gmail.com> In-Reply-To: <20200601170102.GA1346815@gmail.com> From: Linus Torvalds Date: Mon, 1 Jun 2020 14:42:59 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [GIT PULL] x86/mm changes for v5.8 To: Ingo Molnar Cc: Linux Kernel Mailing List , Thomas Gleixner , Borislav Petkov , Peter Zijlstra , Andrew Morton , Andy Lutomirski Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 1, 2020 at 10:01 AM Ingo Molnar wrote: > > - Provide an opt-in (prctl driven) mechanism to flush the L1D cache on context switch. > The goal is to allow tasks that are paranoid due to the recent snoop assisted data > sampling vulnerabilites, to flush their L1D on being switched out. Am I mis-reading this? Because it looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say "slow down anybody else I schedule with too". I don't see a way for a system admin to say "this is stupid, don't do it". In other words, from what I can tell, this takes the crazy "Intel ships buggy CPU's and it causes problems for virtualization" code (which I didn't much care about), and turns it into "anybody can opt in to this disease, and now it affects even people and CPU's that don't need it and configurations where it's completely pointless". To make matters worse, it has that SW flushing fallback that isn't even architectural from what I remember of the last time it was discussed, but most certainly will waste a lot of time going through the motions that may or may not flush the L1D after all. I don't want some application to go "Oh, I'm _soo_ special and pretty and such a delicate flower, that I want to flush the L1D on every task switch, regardless of what CPU I am on, and regardless of whether there are errata or not". Because that app isn't just slowing down itself, it's slowing down others too. I have a hard time following whether this might all end up being predicated on the STIBP static branch conditionals and might thus at least be limited only to CPU's that have the problem in the first place. But I ended up unpulling it because I can't figure that out, and the explanations in the commits don't clarify (and do imply that it's regardless of any other errata, since it's for "undiscovered future errata"). Because I don't want a random "I can make the kernel do stupid things" flag for people to opt into. I think it needs a double opt-in. At a _minimum_, SMT being enabled should disable this kind of crazy pseudo-security entirely, since it is completely pointless in that situation. Scheduling simply isn't a synchronization point with SMT on, so saying "sure, I'll flush the L1 at context switch" is beyond stupid. I do not want the kernel to do things that seem to be "beyond stupid". Because I really think this is just PR and pseudo-security, and I think there's a real cost in making people think "oh, I'm so special that I should enable this". I'm more than happy to be educated on why I'm wrong, but for now I'm unpulling it for lack of data. Maybe it never happens on SMT because of all those subtle static branch rules, but I'd really like to that to be explained. Linus