Linus Torvalds 关于 Intel Meltdown/Spectre 补丁的评论
首页 > 观测 > 数码科技    作者:剧毒术士马文   2018年1月22日 17:50 星期一   热度:634°   11条评论    
时间:2018-1-22 17:50   热度:634° 

On Sun, Jan 21, 2018 at 12:28 PM, David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:

> On Sun, 2018-01-21 at 11:34 -0800, Linus Torvalds wrote:
>> All of this is pure garbage.
>>
>> Is Intel really planning on making this shit architectural? Has anybody talked to them and told them they are f*cking insane?
>>
>> Please, any Intel engineers here - talk to your managers.
>
> If the alternative was a two-decade product recall and giving everyone free CPUs, I'm not sure it was entirely insane.

You seem to have bought into the cool-aid. Please add a healthy dose of critical thinking. Because this isn't the kind of cool-aid that makes for a fun trip with pretty pictures. This is the kind that melts your brain.

> Certainly it's a nasty hack, but hey â the world was on fire and in the  end we didn't have to just turn the datacentres off and go back to goat farming, so it's not all bad.

It's not that it's a nasty hack. It's much worse than that.

> As a hack for existing CPUs, it's just about tolerable â as long as it  can die entirely by the next generation.

That's part of the big problem here. The speculation control cpuid stuff shows that Intel actually seems to plan on doing the right thing for meltdown (the main question being _when_). Which is not a huge surprise, since it should be easy to fix, and it's a really honking big hole to drive through. Not doing the right thing for meltdown would be completely unacceptable.

So the IBRS garbage implies that Intel is _not_ planning on doing the right thing for the indirect branch speculation.

Honestly, that's completely unacceptable too.

> So the part is I think is odd is the IBRS_ALL feature, where a future  CPU will advertise "I am able to be not broken" and then you have to set the IBRS bit once at boot time to *ask* it not to be broken. That part is weird, because it ought to have been treated like the RDCL_NO bit â just "you don't have to worry any more, it got better".

It's not "weird" at all. It's very much part of the whole "this is complete garbage" issue.

The whole IBRS_ALL feature to me very clearly says "Intel is not serious about this, we'll have a ugly hack that will be so expensive that we don't want to enable it by default, because that would look bad in benchmarks".

So instead they try to push the garbage down to us. And they are doing it entirely wrong, even from a technical standpoint.

I'm sure there is some lawyer there who says "we'll have to go through motions to protect against a lawsuit". But legal reasons do not make for good technology, or good patches that I should apply.

> We do need the IBPB feature to complete the protection that retpoline gives us â it's that or rebuild all of userspace with retpoline.

BULLSHIT.

Have you _looked_ at the patches you are talking about? You should have - several of them bear your name.

The patches do things like add the garbage MSR writes to the kernel entry/exit points. That's insane. That says "we're trying to protect the kernel". We already have retpoline there, with less overhead.

So somebody isn't telling the truth here. Somebody is pushing complete garbage for unclear reasons. Sorry for having to point that out.

If this was about flushing the BTB at actual context switches between different users, I'd believe you. But that's not at all what the
patches do.

As it is, the patches are COMPLETE AND UTTER GARBAGE.

They do literally insane things. They do things that do not make sense. That makes all your arguments questionable and suspicious. The patches do things that are not sane.

WHAT THE F*CK IS GOING ON?

And that's actually ignoring the much _worse_ issue, namely that the whole hardware interface is literally mis-designed by morons.

It's mis-designed for two major reasons:

- the "the interface implies Intel will never fix it" reason.

See the difference between IBRS_ALL and RDCL_NO. One implies Intel will fix something. The other does not.

Do you really think that is acceptable?

- the "there is no performance indicator".

The whole point of having cpuid and flags from the microarchitecture is that we can use those to make decisions.

But since we already know that the IBRS overhead is huge on existing hardware, all those hardware capability bits are just complete and utter garbage. Nobody sane will use them, since the cost is too damn high. So you end up having to look at "which CPU stepping is this" anyway.

I think we need something better than this garbage.

Linus


【LMAO

via:https://www.reddit.com/r/Amd/comments/7s3rnr/linus_torvalds_on_current_meltdownspectre_patches

source:http://lkml.iu.edu/hypermail/linux/kernel/1801.2/04628.html



二维码加载中...
本文作者:剧毒术士马文      文章标题: Linus Torvalds 关于 Intel Meltdown/Spectre 补丁的评论
本文地址:http://www.moepc.net/?post=4180
声明:若无注明,本文皆为“MoePC.net”原创,转载请保留文章出处。

WRITTEN BY

avatar
theLastWishGoogle Chrome 58.0.3029.110Windows 102018-01-23 12:11
对于amd来讲蓝厂还未必比绿厂难对付,别看蓝厂现在家大业大的...
剧毒术士马文2018-01-23 21:34
@theLastWish:NV目前...可能没人能对付
wangbaisen1990SouGou Browser 2.XWindows 102018-01-22 19:33
INTEL假装他们修复了漏洞???????????
gnattuSafari 604.4.7Mac OSX 10_13_22018-01-23 14:58
@wangbaisen1990:大致看了一下,Intel做的事情有两个:

提供了一个性能开销极大的“能让系统安全的”workaround,但是该workaround默认不开启,因为性能影响非常大。

另一个是提供平台特定代码在内核entrypoint里阻止分支目标注入操作。问题在于,这些代码毫无意义,对于这个问题已经有性能更好的修复方式(retpoline)。

Linus对于该问题主要愤怒的核心在于,Intel这个补丁的态度很成问题,意思很明显就是“爱修不修”。而且不对潜在性能影响给出明确的指示,让用户始终蒙在鼓里,影响购买决策。
wangbaisen1990SouGou Browser 2.XWindows 102018-01-23 19:01
@gnattu:卧槽这不就是和没修复一样吗
gnattuSafari 604.4.7Mac OSX 10_13_22018-01-23 19:38
@wangbaisen1990:也不全是,至少影响性能的那个workaround是理论上足够安全的,系统管理员就放着让他默认不开启的话,那确实和没修复一样了。
wangbaisen1990Google Chrome 57.0.2987.108Linux2018-01-23 21:04
@gnattu:是啊默认不开启和没修复一样的……简直神奇
剧毒术士马文2018-01-23 21:14
@gnattu:是的
所以加了一句补充
两个补丁,一个补丁默认不开,要让你来开
一个很shit的内核补丁,已经有了overhead更低的Retpoline为何还要靠Intel

Intel对Meltdown的态度是:可能修复,不知何时

对Spectre:没打算修复,装一下

Intel打算把两件事混为一谈,蒙混过关
轮子妈Google Chrome 57.0.2987.132Linux2018-01-24 20:36
@剧毒术士马文:问题在于对于Skylake+来说Retpoline无效,只能用IBPB这种很shit的办法。
另外对于农企的所有U来说Retpoline都有一个共用的简化版,性能损失更少。
轮子妈Google Chrome 57.0.2987.132Linux2018-01-24 20:38
@轮子妈:另外牙膏厂没有要返工“9th Gen”的意思。
剧毒术士马文2018-01-24 23:11
@轮子妈:当然没这意思,CNL-U/Y都已经PRQ了,来不及的

另外CNL之前已经返工过一次了(笑)

返回顶部    首页     管理   注册   
版权声明       pw:mykancolle.com或moepc.net (有时需加www.) 若被菊爆请留言补档
内容来源于网络,并不代表本站赞同其观点和对其真实性负责。
如涉及作品内容、版权和其它问题,请在30日内与本站联系,我们将在第一时间删除内容。
本站资源仅为个人学习测试使用,请在下载后24小时内删除,不得用于商业用途,否则后果自负,请支持正版!
illust@mocha/Ryohka
Feel free to use your Adblock, we don't have any ads.
Foreign visitors, if you have any questions, feel free to leave a comment in English/Japanese/German.
(just copy and paste one Chinese character cauze the anti-spam settings.)   sitemap