Announcement

Collapse
No announcement yet.

TLB State Access Being Tightened Up On Linux For Better Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • TLB State Access Being Tightened Up On Linux For Better Security

    Phoronix: TLB State Access Being Tightened Up On Linux For Better Security

    The latest Linux kernel security work being pursued by Thomas Gleixner is tightening up access around the kernel's per-CPU TLB state access for the translation lookaside buffer...

    http://www.phoronix.com/scan.php?pag...x86-TLB-Access

  • #2
    as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me

    Comment


    • #3
      Originally posted by Aryma View Post
      as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me
      https://make-linux-fast-again.com/
      This should take care of that.

      Comment


      • #4
        Originally posted by Aryma View Post
        as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me
        That's a bit like saying "as someone who rarely drives my car on the road i would like options to get rid of all the crumple zones, seat belts and airbags because they're useless to me"

        Unless your machine is never used to browse the web or run of any software that wasn't written by you while connected to the internet it's not a good idea to remove fixes for vulnerabilities with working proof-of-concept attacks.

        Comment


        • #5
          Originally posted by L_A_G View Post

          That's a bit like saying "as someone who rarely drives my car on the road i would like options to get rid of all the crumple zones, seat belts and airbags because they're useless to me"

          Unless your machine is never used to browse the web or run of any software that wasn't written by you while connected to the internet it's not a good idea to remove fixes for vulnerabilities with working proof-of-concept attacks.
          Atleast chrome has own mitigations for spectre so there is no need to run the kernel with all the security fixes. If you want to be safe sure use them.

          Comment


          • #6
            Originally posted by Aryma View Post
            as someone who rarely web browsing from my PC i would like options to disable all this security patches because it's useless to me
            As far as I can tell, this patch has no negative performance impact. It's not clearing TLB on context switches or anything like that. Simply limiting what functions/data are exported to only be those which are required by KVM.

            Comment


            • #7
              Originally posted by L_A_G View Post
              That's a bit like saying "as someone who rarely drives my car on the road i would like options to get rid of all the crumple zones, seat belts and airbags because they're useless to me"
              Technically speaking, that's exactly how the law works.
              If you aren't driving on a road you can drive whatever the fuck insane non-certified shit you want.
              As anything that happens is going to be your own (or your family's) problem, or covered already by other laws.

              Comment


              • #8
                Originally posted by dispat0r View Post
                Atleast chrome has own mitigations for spectre so there is no need to run the kernel with all the security fixes. If you want to be safe sure use them.
                I trust more kernel than chrome developers, that said, there is really no reason to disable security mitigations for browsing performance or normal day-to-day software use.

                It makes sense only for systems doing a very specific job (workstation applications, compile or render machines)

                Comment


                • #9
                  Originally posted by starshipeleven View Post
                  Technically speaking, that's exactly how the law works.
                  If you aren't driving on a road you can drive whatever the fuck insane non-certified shit you want.
                  As anything that happens is going to be your own (or your family's) problem, or covered already by other laws.
                  You seem to have missed the point that it's still a network connected machine that gets occasionally used for browsing the web. That's a bit like using your competition rally car (which were I'm from aren't road legal due having stripped out things like the airbags) to occasionally drive to work on public roads.

                  Comment

                  Working...
                  X