On Sun, Jan 7, 2018 at 11:47 AM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Sat, Jan 6, 2018 at 10:33 PM, Willy Tarreau <w@xxxxxx> wrote:
>>
>> To be fair there's overreaction on both sides. The vast majority of
>> users need to get a 100% safe system and will never notice any
>> difference.
>
> There is no such thing as a "100% safe system". Never will be - unless
> you make sure you have no users.
>
> Also, people definitely *are* noticing the performance issues with the
> current set of patches, and they are causing real problems. Go search
> for reports of Amazon AWS slowdowns.
>
> So this whole "security is so important that performance doesn't
> matter" mindset is pure and utter garbage.
>
> And the whole "normal people won't even notice" is pure garbage too.
> Don't spread that bullshit when you see actual normal people
> complaining.
>
> Performance matters. A *LOT*.
I'm thinking we should provide the option to at least build the
hot-path nospec_array_ptr() usages without an lfence.
CONFIG_SPECTRE1_PARANOIA_SAFE
CONFIG_SPECTRE1_PARANOIA_PERF
...if only for easing performance testing and let the distribution set
its policy.
Where hot-path usages can do:
nospec_relax(nospec_array_ptr())
...to optionally ellide the lfence.
