21 Jul
2018
21 Jul
'18
12:02 p.m.
On 07/19/2018 11:56 PM, Ralf Mardorf wrote:
On Fri, 20 Jul 2018 11:24:57 +0200, David Kastrup
wrote:
The Spectre mitigations don't seem to affect the performance on my
desktop, which is running with PTI off but with the mitigation microcode
patches. I also have Spectre mitigations on my Intel laptop with no
performance impact.
--
David W. Jones
gnome(a)hawaii.rr.com
authenticity, honesty, community
http://dancingtreefrog.com
So the idea to take this into low-latency realms
with a view on
realtime effects seems a bit optimistic indeed.
;)
On Thu, 19 Jul 2018 22:52:45 -1000, _another_ david wrote:
I first tried it with 4.13.x and decided that
items like random
kernel panios, system freezes and crashes weren't very good ways to
defend against Spectre/Meltdown/DOS. ;)
Actually freezes and crashes do defend against attacks :D. But you are
right, for Claws and Firefox I'm experiencing way to often serious
issues and for virtualbox at least way to often an annoyance for an
unexplained reason.
I at least should test using it with PTI disabled.
The current default on my machine is:
[rocketmouse@archlinux ~]$ ls -hAl /sys/devices/system/cpu/vulnerabilities/; cat
/sys/devices/system/cpu/vulnerabilities/*
total 0
-r--r--r-- 1 root root 4.0K Jul 20 10:12 meltdown
-r--r--r-- 1 root root 4.0K Jul 20 10:12 spec_store_bypass
-r--r--r-- 1 root root 4.0K Jul 20 10:12 spectre_v1
-r--r--r-- 1 root root 4.0K Jul 20 10:12 spectre_v2
Mitigation: PTI
Vulnerable
Mitigation: __user pointer sanitization
Mitigation: Full generic retpoline, IBPB, IBRS_FW
'nopti' only would disable PTI, but keep the spectre mitigations. While
PTI is part of the kernel, the spectre mitigations are likely part
of the µcode. However, if I would run my CPU without the µcode, I
perhaps would get rid of the spectre mitigation, but IIRC I
unfortunately would get rid of TSC, too.