Announcement

Collapse
No announcement yet.

Spectre/Meltdown Mitigations Can Now Be Toggled With Convenient "mitigations=" Option

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spectre/Meltdown Mitigations Can Now Be Toggled With Convenient "mitigations=" Option

    Phoronix: Spectre/Meltdown Mitigations Can Now Be Toggled With Convenient "mitigations=" Option

    Beginning with the Linux 5.2 kernel, it will be easier to disable Spectre, Meltdown, and other CPU vulnerability mitigations if you prefer maximum performance out of your system instead...

    http://www.phoronix.com/scan.php?pag...Easy-Switch-52

  • #2
    Originally posted by Michael
    It's too bad (and surprising) that it took a year and a half after Spectre/Meltdown came to light for having such an easy global switch.
    Mostly geeks want/need this flag which is why no one implemented it earlier.

    Comment


    • #3
      Originally posted by birdie View Post

      Mostly geeks want/need this flag which is why no one implemented it earlier.
      I set my bootloader up so I have both unmitigated and mitigated options. Only reason is if a game stutters or gets low FPS, I can try it unmitigated and see if that's the cause....it hasn't been the cause yet.

      While helpful, all this does is make some my kernel command lines shorter.

      Comment


      • #4
        Originally posted by debianxfce View Post
        "It's too bad (and surprising) that it took a year and a half after Spectre/Meltdown came to light for having such an easy global switch."

        Not surprising at all. IBM developers are non pro. No other kernel module throws a boot flashing error message when it is disabled in the kernel configuration. That is why they developed silent boot to hide their bad programming style.
        Personally, I think things like the S/M mitigations need the error messages when not in use. It's like the kernel is saying "Hey, yo! You about to get all up in that unwrapped. You could get digi-AIDS. "

        Comment


        • #5
          Originally posted by debianxfce View Post
          "It's too bad (and surprising) that it took a year and a half after Spectre/Meltdown came to light for having such an easy global switch."

          Not surprising at all. IBM developers are non pro. No other kernel module throws a boot flashing error message when it is disabled in the kernel configuration. That is why they developed the silent boot to hide their bad programming style.

          Code:
          --- a/arch/x86/kernel/cpu/bugs.c
          +++ b/arch/x86/kernel/cpu/bugs.c
          @@ -521,7 +521,7 @@
          goto retpoline_auto;
          break;
          }
          - pr_err("Spectre mitigation: kernel not compiled with retpoline; no mitigation available!");
          + // pr_err("Spectre mitigation: kernel not compiled with retpoline; no mitigation available!");
          return;
          I'm not sure there are other things in the kernel that deliberately leave it vulnerable when disabled - I also can't believe you're still bitching about this when you've removed the "offending" line yourself. In the famous words of Queen Elsa - "Let it go"

          Comment


          • #6
            Never have understood if Desktop users need this mitigation enabled...

            Comment


            • #7
              Friends don't let friends use Spectre/Meltdown mitigations.
              Can't remember who said it, but it's become a saying at work.

              Comment


              • #8
                Originally posted by debianxfce View Post

                Thinking is not allowed in IBM Vogsphere and IBM poetry tortures you.
                Now I am even more confused...
                Let me just say that I use Debian with Xfce4...

                Comment


                • #9
                  Originally posted by Danielsan View Post
                  Never have understood if Desktop users need this mitigation enabled...
                  https://spectreattack.com/spectre.pdf
                  The serous answer is in the spectre white paper. Turns out meltdown and spectre attacks can be performed from java-script inside your web browser.

                  Yes particular news sites covered it.
                  https://www.tomshardware.com/news/me...ipt,36221.html

                  Welcome to fun reality. Are you really sure you should turn them off? You do need to think serous-ally. Like if I have a machine running a blender render on a secure network turning these mitigation off for performance is safe. Now as a desktop user going on the internet with the mitigation turned off might be why your system ends up exploited and infected.

                  Originally posted by debianxfce View Post
                  Thinking is not allowed in IBM Vogsphere and IBM poetry tortures you.
                  Do me a favour and don't answer these security topic again until after you have read up on them. This is not IBM or Redhat harming anyone this is you being a moron who had no clue of the security risk. Something you did not consider is how many kernel modules are developed by Redhat/IBM developers and change settings without displaying warning. The fact they decided to include a error message about it was in fact it was critical the attack surface to exploit spectre and meltdown is huge thinking it works from in browser javascript, game map scripting.......


                  Comment


                  • #10
                    Originally posted by debianxfce View Post
                    When it takes a half year to implement simple value to disable it, you do really must believe that IBM code is safe. Welcome to the reality, no computer system connected to the internet is ever 100% safe. That is why you run Clamtk in the ~/cache folder regularly.
                    Please explain what does that line of code have todo with IBM/Redhat. The line you commented out is by David Woodhouse of amazon uk.
                    https://lore.kernel.org/patchwork/patch/873383/
                    Above is the patch. Not a single person who approved it for Include in the Linux kernel has a single thing todo with IBM/Redhat.

                    Redhat and IBM basically have no code in the spectre/meltdown code. Horrible fact is Redhat had to revert all their spectre/meltdown code out their enterprise kernels and switch to third party made because third party made was better constructed and covered more cases.

                    No it did not take half a year to implement either was released in stable kernels well before 5.1 kernel release. So this is more formal notice of a forwards ported patch from Linux kernel LTS to Linux kernel mainline. This does not happen that often.

                    Told you to read up before posting another comment. Really debianxfce stop giving IBM credit for work they never did because you fail at doing you homework on who did what.

                    Comment

                    Working...
                    X