[PATCH] x86/uaccess: Avoid barrier_nospec() in copy_from_user()
Linus Torvalds
torvalds at linux-foundation.org
Thu Oct 17 09:32:32 AEDT 2024
On Wed, 16 Oct 2024 at 15:03, Andrew Cooper <andrew.cooper3 at citrix.com> wrote:
>
> That doesn't have the same semantics, does it?
Correct. It just basically makes all positive addresses be force-canonicalized.
> If AMD think it's appropriate, then what you probably want is the real
> branch as per before (to maintain architectural user behaviour), and
> then use a trick such as this one in place of the LFENCE for speed in
> the common case.
The problem with the branch is that it really can only branch on the
sign bit - because of LAM.
So with LAM, those bits are pretty much ignored anyway.
> > So that barrier really *is* very expensive. Surprisingly so.
>
> 7% performance is what it costs to maintain the security barrier we were
> sold originally.
Absolutely. And the masking was something that basically says "we get
it all back" (with "all" being just this part, of course - never mind
all the other workarounds).
> Forgive me if I think that we (the SW people) are getting the raw end of
> the deal here, while vendors keep selling more and more expensive chips
> that don't work safely.
I'm 100% with you.
My preference would actually be to do nothing, on the assumption that
the AMD issue is actually impossible to trigger (due to CLAC/STAC
serializing memory address checks - which the timings certainly imply
they do).
But if we have to do magic bit masking, I'd rather it be *fast* magic
bit masking.
Linus
More information about the Linuxppc-dev
mailing list