Written byMichael Larabel inLinux Kernel on 1 June 2020 at 06:03 PM EDT.23 Comments
As part of the initial set of changes merged today for Linux 5.8 was the x86/mm material that included the controversial feature of opt-in flushing of the L1 data cache on context switching . Linus Torvalds ended up deciding to revert this functionality as for now at least he views it as crazy.
While this feature is opt-in via new prctl options and not enabled by default and done in the name of helping those concerned about snoop assisted data sampling vulnerabilities or cache leakage via side channels and yet to be uncovered CPU vulnerabilities, for the time being Linux creator Linus Torvalds is not convinced.
Here are the highlights of his commentary he just posted to the kernel mailing list from this change in the x86/mm PR:
Am I mis-reading this?
Because it looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say "slow down anybody else I schedule with too".
I don't see a way for a system admin to say "this is stupid, don't do it".
In other words, from what I can tell, this takes the crazy "Intel ships buggy CPU's and it causes problems for virtualization" code (which I didn't much care about), and turns it into "anybody can opt in to this disease, and now it affects even people and CPU's that don't need it and configurations where it's completely pointless".
To make matters worse, it has that SW flushing fallback that isn't even architectural from what I remember of the last time it was discussed, but most certainly will waste a lot of time going through the motions that may or may not flush the L1D after all.
I don't want some application to go "Oh, I'm _soo_ special and pretty and such a delicate flower, that I want to flush the L1D on every task switch, regardless of what CPU I am on, and regardless of whether there are errata or not".
Because that app isn't just slowing down itself, it's slowing down others too.
I have a hard time following whether this might all end up being predicated on the STIBP static branch conditionals and might thus at least be limited only to CPU's that have the problem in the first place.
But I ended up unpulling it because I can't figure that out, and the explanations in the commits don't clarify (and do imply that it's regardless of any other errata, since it's for "undiscovered future errata").
Because I don't want a random "I can make the kernel do stupid things" flag for people to opt into. I think it needs a double opt-in.
At a _minimum_, SMT being enabled should disable this kind of crazy pseudo-security entirely, since it is completely pointless in that situation. Scheduling simply isn't a synchronization point with SMT on, so saying "sure, I'll flush the L1 at context switch" is beyond stupid.
I do not want the kernel to do things that seem to be "beyond stupid".
Because I really think this is just PR and pseudo-security, and I think there's a real cost in making people think "oh, I'm so special that I should enable this".
I'm more than happy to be educated on why I'm wrong, but for now I'm unpulling it for lack of data.
Maybe it never happens on SMT because of all those subtle static branch rules, but I'd really like to that to be explained.
We'll see if the Amazon engineer responsible for this original patch work, the others involved in reviewing the code, or Intel's open-source team, have enough justification to get this code back into the mainline Linux kernel.
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
网红经济3.0 自媒体时代的掘金机会
王先明、陈建英 / 当代世界出版社 / 2016-9-1 / 42
深入剖析网红经济的商业模式和整体产业链! 正在崛起的网红经济,打造出多元化的盈利模式,催生了众多新兴的产业投资机会,成为移动互联网时候的资本新风口一起来看看 《网红经济3.0 自媒体时代的掘金机会》 这本书的介绍吧!