Announcement

Collapse
No announcement yet.

STIBP Patches Updated One Last Time Before Heading To Linux 4.20

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • STIBP Patches Updated One Last Time Before Heading To Linux 4.20

    Phoronix: STIBP Patches Updated One Last Time Before Heading To Linux 4.20

    Thomas Gleixner on Sunday sent out the second version of the cleaned up patches around lowering the overhead of STIBP "Single Thread Indirect Branch Predictors" and the related IBPB "Indirect Branch Predictor Barrier" for Linux 4.20...

    http://www.phoronix.com/scan.php?pag...-Linux-4.20-V2

  • #2
    Typo:

    Originally posted by phoronix View Post
    Gleixner anticipates these V2 patches to be "hppefully the final version",

    Comment


    • #3
      To make the Linux 4.20 kernel silent and fast:
      https://kernel.googlesource.com/pub/...nel/cpu/bugs.c

      Unselect CONFIG_RETPOLINE from the kernel configuration and comment out:

      line 512: pr_err("Spectre mitigation: kernel not compiled with retpoline; no mitigation available!");

      Please report this to the kernel mailing list if you are there. My mail to the developer was rejected by his mailing system.
      Last edited by debianxfce; 11-26-2018, 04:23 AM.

      Comment


      • #4
        Originally posted by debianxfce View Post
        My mail to the developer was rejected by his mailing system.
        Hmm, I wonder why ...

        Comment


        • #5
          "So let's document reality rather than Intel's Pollyanna world-view."

          Thank you Linus for not making me loose my faith in you.
          On a more serious side I really like this cleanup.
          It's a more reasonable trade-of to stupid security by default mode.

          Comment


          • #6
            Running with l1tf=full spec_store_bypass_disable=on spectre_v2=on nosmt=force for a couple of weeks now, and I can't say I've noticed any significant changes or speed degradation in my normal IntelliJ/Firefox etc... workflow. Yes, SMT is off, but with 4 cores still available on this mobile i7 haswell, I haven't noticed a difference. Maybe this will be different if I ever want to transcode some Video, or play more games on this machine.

            grep . /sys/devices/system/cpu/vulnerabilities/*
            /sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: cache flushes, SMT disabled
            /sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
            /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled
            /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization
            /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB, IBRS_FW

            The full mitigations for Spectre v2, v4, l1tf with SMT off, aren't too bad if you've already got a 4+ core system I'd say. STIBP won't change this, since you'll still be SMT vulnerable on l1tf if you turn SMT back on. Clearly the threats are relative among these bugs, but I mostly want the security I thought I was getting when I bought the system. Performance on many real workloads is umm.. "subjective."

            Comment

            Working...
            X