Re: [PATCH 0/7] IBRS patch series
From: David Woodhouse
Date: Fri Jan 05 2018 - 10:38:52 EST
On Fri, 2018-01-05 at 14:42 +0000, Van De Ven, Arjan wrote:
> This is why I said I would like to see retpoline be the default, with
> IBRS an opt-in for the paranoid. I guess David will turn that on ;-)
I can live with that.
It really depends how you look at it.
We had IBRS first, and especially on Broadwell and earlier, its
performance really is painful.
Then came retpoline, purely as an optimisation. A very *important*
performance improvement, but an optimisation nonetheless.
When looking at optimisations, it is rare for us to say "oh, well it
opens up only a *small* theoretical security hole, but it's faster so
that's OK".
Retpoline is sufficient on pre-Skylake. On Skylake... it's complicated,
and that's why my default position has always been that we should
prefer IBRS there. Especially as it isn't *even* as much of a
performance win there.
But you're right, the holes that it opens up when compared to IBRS are
minimal, and it *is* still a performance win (just less so than on
earlier CPUs). So if your recommendation is that we stick with
retpoline until IBRS_ATT comes along, I can live with that. People
always have the option to build without retpoline, and then they get to
use IBRS in the kernel if they want.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature