Announcement

Collapse
No announcement yet.

Linux 6.1 Adding Option To Disable Spectre-BHB On Arm Due To "Great Impact" On Performance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Turbine
    replied
    Originally posted by Aryma View Post
    do we really need this mitigation for normal user who only use youtube and steam and maybe some website
    Back in the HDD lower ram days, people used to run 2-3 antiviruses. Their PCs were so slow, they were unusable. Unfortunately these security patches target external & internal threats. External I can understand. But internal can only really be justified on mission critical systems. There's so many mitigation, if combined, that can be quite a hit.

    Remember on Linux we're pretty much all running systems with TPM full disk encryption disabled, some with secure boot disabled. No matter how much security you have, there'll always be a hole somewhere. Even if it's inside a compromised library from a trusted application.

    Leave a comment:


  • arQon
    replied
    Originally posted by Aryma View Post
    do we really need this mitigation for normal user who only use youtube and steam and maybe some website
    No. This is only an information-disclosure issue, not an RCE. (The amount of well-intentioned but severely ignorant responses here is pretty disappointing for a technology site, but I guess everyone has to start learning somewhere; and emotional drama clickbait is what drives the ad industry, so "consumer" PC sites have a monetary interest in hyping everything as The End Of The World rather framing things in a reasonable and proportional way).

    If you have nothing on that machine that you care about potentially being known (e.g. if it's mostly just an HTPC etc, not your main machine that you do your banking on etc) - especially when there's no actual exploit for it out in the wild (possibly "yet", but probably not ever) - and especially if you're not planning on installing random garbage from the internet on it like pirated Windows software, then you can ignore this entirely with absolutely no loss "safety" or security.

    Leave a comment:


  • ll1025
    replied
    Originally posted by Alex/AT View Post
    Yeah, go full throttle, install 1 core and non-speculative CPU. You'll be safe unless botnet uses holes in software, probability of which is 10^(large N) times higher.
    This snark only exists in a world where there is a tangible security benefit to going to a single core nonspeculative CPU. Turning off SELinux, running as root, and running in pure ring zero would absolutely provide a huge performance boost and would only really make you vulnerable to running untrusted code: mostly, the same things that spectre-type flaws exploit.

    There are workloads that are sensitive to speculative (hah) exploits that are not known, which do mandate the use of separate CPU cores / sockets / nodes for those tasks because things like Rowhammer and Spectre exist. They still allow multicore / speculation because security is layered and there is a reasonable trade-off to be had here.

    For the 99%, the risk posed by well-demonstrated speculative execution attacks is substantial enough and the penalty small enough that it is worth leaving enabled. Anyone using VMWare who will experience this severe performance hit is using a technical solution which rests on the assumption that VM boundaries are hard security boundaries against software exploits and these attacks blow that assumption out of the water. It is reckless to continue using any sort of virtualization system (outside of a pure, disconnected dev environment) without mitigating these attacks.

    At the other end of the spectrum, the impact of these patches on home users is ultimately negligible especially when compared with something like antivirus, which is simultaneously more costly for performance and less effective for security.

    We use things like AV, firewalls, IDS systems in order to catch the *unknown* flaws that might leave us open. What you seem to propose is leaving open a known flaw and hope that no one bothers to exploit it-- foolish, when everyone watching the landscape can see how many sysadmins are advocating turning the protections off. These attacks are going to be a dime a dozen in the coming years because of the high benefit-to-cost that comes with a huge target demographic.
    Last edited by ll1025; 14 September 2022, 09:31 AM.

    Leave a comment:


  • Alex/AT
    replied
    Originally posted by ll1025 View Post
    Another reason faster box = turn off security: the botnet your PC finds itself on will gain significantly more resources.
    Yeah, go full throttle, install 1 core and non-speculative CPU. You'll be safe unless botnet uses holes in software, probability of which is 10^(large N) times higher.

    Leave a comment:


  • ll1025
    replied
    Originally posted by Alex/AT View Post

    I've got a faster box (5950X). The more reason to do mitigations=off, as the relative impact is actually higher.
    Another reason faster box = turn off security: the botnet your PC finds itself on will gain significantly more resources.

    Leave a comment:


  • Alex/AT
    replied
    Originally posted by fitzie View Post
    If your system runs untrusted code, then yes, there is a danger. This includes javascript, so it is possible that just visiting a website could expose your system. There is some work being put in to web browsers to address that exposure. That being said, I run with mitigations=off, which disables all of these workarounds. maybe I'll turn them on when I get a faster box.
    I've got a faster box (5950X). The more reason to do mitigations=off, as the relative impact is actually higher.

    Leave a comment:


  • ll1025
    replied
    Originally posted by Aryma View Post
    do we really need this mitigation for normal user who only use youtube and steam and maybe some website
    Yes.

    You might as well ask whether we need ASLR, DEP, SELinux... heck, why do we even need sudo? Its not like you have state secrets on your laptop!

    It's incredible that after years of boasting about the superior security of Linux over Windows, the entire community seems to have adopted this anti-security mentality that would accept severe security vulnerabilities in order to preserve performance.

    Just run in ring 0 and we can entirely aoid context switches, I'm sure the performance will be great.

    Windows at this point has gone through significant battle hardening and I would not be surprised to see the next botnets largely made up of Linux hosts because of this common sentiment.

    Leave a comment:


  • pWe00Iri3e7Z9lHOX2Qx
    replied
    Originally posted by Dawn View Post

    No. Apple does not use ARM core IP and instead develops their own microarchitectures.
    I feel like this response could easily be misconstrued.

    Apple is one of several ARM architecture license holders. As Dawn said, they develop their own cores targeting the ARM ISA. Those cores might not be vulnerable to this particular Spectre variant, but all of Apple's designs aren't magically immune to these new speculative execution / side channel / timing attacks that have appeared over the last half decade (time flies doesn't it!). It takes several years for new CPU designs to make it to market, and we've basically been witnessing a game of whack-a-mole over the last few years as new designs have been trying to harden against these attacks.

    Apple has had to release software mitigations.

    https://support.apple.com/en-us/HT208394

    X86 has gotten the lion's share of research for these types of attacks, but more is definitely needed on the ARM side.

    https://misc0110.net/files/applespectre_dimva22.pdf

    Leave a comment:


  • Old Nobody
    replied
    Originally posted by Aryma View Post
    do we really need this mitigation for normal user who only use youtube and steam and maybe some website
    No. There's no known drive-by spectre-javascript-cryptotrojan attack or something similar.
    But the kernel devs also have to take care of all the big and small hosting providers. I would not bet they would all explicitly set a "mitigationsn" kernel parameter, and exploiting this Spectre/Meltdown stuff to take over a data center is not that hard.

    Leave a comment:


  • Dawn
    replied
    Originally posted by tunnelblick View Post
    Does that affect M1, too? Especially considering the benchmarks we saw for the Asahi Linux project on this site?
    No. Apple does not use ARM core IP and instead develops their own microarchitectures.

    Leave a comment:

Working...
X