Announcement

Collapse
No announcement yet.

An Initial Look At Spectre V4 "Speculative Store Bypass" With AMD On Linux

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • An Initial Look At Spectre V4 "Speculative Store Bypass" With AMD On Linux

    Phoronix: An Initial Look At Spectre V4 "Speculative Store Bypass" With AMD On Linux

    Yesterday the latest Spectre vulnerability was disclosed as Spectre Variant 4 also known as "Speculative Store Bypass" as well as the less talked about Spectre Variant 3A "Rogue System Register Read". Here are my initial tests of a patched Linux kernel on AMD hardware for Spectre V4.

    http://www.phoronix.com/vr.php?view=26335

  • #2
    so, generally, only a small performance impact.

    I just hope that the next gen CPU designs get the revisits they need to stop this speculative stuff from being abused

    Comment


    • #3
      at least some good news after all...

      Comment


      • #4
        Michael,
        Could you create a guide how to disable all those mitigations in a Linux system in order to restore performance as it should have been?
        Those vulnerabilities are mostly irrelevant for the single user PC while they hurt performance significantly.

        I would be happy to see a guide with performance effect of each setting in the guide.

        Comment


        • #5
          Originally posted by Royi View Post
          Michael,
          Could you create a guide how to disable all those mitigations in a Linux system in order to restore performance as it should have been?
          Those vulnerabilities are mostly irrelevant for the single user PC while they hurt performance significantly.

          I would be happy to see a guide with performance effect of each setting in the guide.
          I second this. I use my machine for testing purposes and can live without these patches. including original spectre/meltdown ones.

          Comment


          • #6
            Originally posted by Royi View Post
            Could you create a guide how to disable all those mitigations in a Linux system in order to restore performance as it should have been?
            Just boot a kernel with nothis nothat parameters:

            Code:
            nopti nospectre_v2 nospec_store_bypass_disable
            or if you does not like nothis nothat then do this=off that=off

            Code:
            pti=off spectre_v2=off spec_store_bypass_disable=off
            After booting check info what is enabled/disabled, what you are vulnerable or not currently, what mitigation is used or so, just run:

            Code:
            cat /sys/devices/system/cpu/vulnerabilities/*
            On enabled mitigations lines would start with Mitigation: blah blah otherwise Vulnerable or Not affected

            For microcode based mitigations some distros do things on their own so provide nospec or whatever parameter or one can just remove firmware, revert to older one if available, etc...
            Last edited by dungeon; 05-23-2018, 03:49 AM.

            Comment


            • #7
              IOZone looks like



              Smart Prefetch

              Sophisticated learning algorithms understand the inner workings of your applications and anticipate what data they might need. Smart Prefetch predictively brings that data into the AMD Ryzen™ processor for fast and responsive computing.



              For Zen+ is affected by this mitigation at very high level

              Comment


              • #8
                Originally posted by Royi View Post
                Those vulnerabilities are mostly irrelevant for the single user PC while they hurt performance significantly.
                "single user PC" is not relevant to what these vulnerabilities do, applications can use them to pwn the OS or other applications regardless of the amount of users in the system.

                Comment


                • #9
                  Originally posted by starshipeleven View Post
                  "single user PC" is not relevant to what these vulnerabilities do, applications can use them to pwn the OS or other applications regardless of the amount of users in the system.
                  It does because they require elevated privileges and if you're the user of the PC and some unwanted software gained elevated privileges you're doomed whether you're patched to those vulnerabilities or not.

                  The problem in multi user case (Multi user in the sense at the same time, like in Cloud VM providers) that one user which compromised can be a risk to other users due to leaks of data.

                  Comment


                  • #10
                    Originally posted by dungeon View Post

                    Just boot a kernel with nothis nothat parameters:

                    Code:
                    nopti nospectre_v2 nospec_store_bypass_disable
                    or if you does not like nothis nothat then do this=off that=off

                    Code:
                    pti=off spectre_v2=off spec_store_bypass_disable=off
                    After booting check info what is enabled/disabled, what you are vulnerable or not currently, what mitigation is used or so, just run:

                    Code:
                    cat /sys/devices/system/cpu/vulnerabilities/*
                    On enabled mitigations lines would start with Mitigation: blah blah otherwise Vulnerable or Not affected

                    For microcode based mitigations some distros do things on their own so provide nospec or whatever parameter or one can just remove firmware, revert to older one if available, etc...
                    First, thank you for sharing this, I'm gonna do that now.
                    Am I right those should be updated in the GRUB file by sudo nano /etc/default/grub and then looking for GRUB_CMDLINE_LINUX_DEFAULT="<Kernel Parameters>"?

                    For instance:

                    Code:
                    GRUB_CMDLINE_LINUX_DEFAULT="quiet splash elevator=cfq pti=off spectre_v2=off spec_store_bypass_disable=off"
                    What I'd like to see is the performance impact of each flag (8 Combinations).
                    Also I wonder if it makes sense to turn those off while the MicroCode is updated (Does that hurt performance?).
                    Last edited by Royi; 05-25-2018, 12:15 PM.

                    Comment

                    Working...
                    X