From Linus Torvalds <> Date Sun, 18 Nov 2018 14:00:03 -0800 Subject Re: STIBP by default.. Revert? On Sun, Nov 18, 2018 at 1:49 PM Jiri Kosina <jikos@kernel.org> wrote:

>

> > So why do that STIBP slow-down by default when the people who *really*

> > care already disabled SMT?

>

> BTW for them, there is no impact at all.



Right. People who really care about security and are anal about it do

not see *any* advantage of the patch.



But people who aren't that worried suddenly see potentially huge slowdowns.



In other words, the behavior of the patch is basically essentially

exactly the reverse of what you'd want. You penalize the people who

don't even want it and don't care.



> STIBP is only activated on systems with HT on; plus odds are that people

> who don't care about spectrev2 already have 'nospectre_v2' on their

> command-line, so they are fine as well.



I'm talking about *normal* people. People who simply aren't all that

invested in this all. People who just want to get their work done.



> So, I think it's as theoretical as any other spectrev2 (only with the

> extra "HT" condition added on top).



What? No.



It's *way* more theoretical than something like meltdown, which could

be trivially used to get data from another protection domain.



Have you seen any actual realistic attacks for normal human users?

Things where the *kernel* should actually care?



The javascript thing is for the browser to fix up, not for the kernel

to say "now everything should run up to 50% slower".



Linus



