Announcement

Collapse
No announcement yet.

Linux 6.8 x86/urgent Update Beefs Up Protection Against Side Channel CPU Bugs

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Linux 6.8 x86/urgent Update Beefs Up Protection Against Side Channel CPU Bugs

    Phoronix: Linux 6.8 x86/urgent Update Beefs Up Protection Against Side Channel CPU Bugs

    Sent in this morning via the "x86/urgent" pull request ahead of the Linux 6.8-rc6 kernel later today is a set of patches from Intel to ensure clearing of CPU buffers using the VERW instruction happens at the latest possible point in the return-to-userspace code path. This is being done to better protect against CPU bugs like Microarchitectural Data Sampling (MDS)...

    Linux 6.8 x86/urgent Update Beefs Up Protection Against Side Channel CPU Bugs - Phoronix
    https://www.phoronix.com/news/Linux-6.8-x86-Delay-VERW
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    mitigations=off i915.mitigations=off
    • Likes 10

    Comment

    • #3
      Originally posted by hf_139 View Post
      mitigations=off i915.mitigations=off
      Glad I'm on a brand new Ryzen now. Last time Michael benchmarked it, he found that turning off what mitigations actually apply to AMD CPUs actually made things slower. (Probably because the branch prediction had been tuned to expect them.)
      • Likes 7

      Comment

      • #4
        Originally posted by ssokolow View Post

        Glad I'm on a brand new Ryzen now. Last time Michael benchmarked it, he found that turning off what mitigations actually apply to AMD CPUs actually made things slower. (Probably because the branch prediction had been tuned to expect them.)
        ADL/RPL/MTL are quite OK'ish as well.
        • Likes 2

        Comment

        • #5
          Nice photo
          • Likes 4

          Comment

          • #6
            Originally posted by stqn View Post
            Nice photo
            Gosh darn people blocking my side channels. What the heck is an old retired engineer to do nowadays?

            Grrrr ...​

            Oh yeah, the photo

            Comment

            • #7
              Originally posted by hf_139 View Post
              mitigations=off i915.mitigations=off
              Why does i915 need its extra switch? When I say mitigations=off, I really mean it, I don't want to hunt down modules which think they're special.
              • Likes 2

              Comment

              • #8
                Originally posted by npwx View Post

                Why does i915 need its extra switch? When I say mitigations=off, I really mean it, I don't want to hunt down modules which think they're special.
                You're free to send a patch in for all the modules, it should be a relatively simple change of additionally just checking the cmdline for mitigations=off in each one, but don't be surprised that they get rejected. The documentation is very clear on what the top level mitigations parameter means.

                Code:
                mitigations=
[X86,PPC,S390,ARM64]
Control optional mitigations for CPU vulnerabilities.  This is a set of
curated, arch-independent options, each of which is an
aggregation of existing arch-specific options.

                Comment

                • #9
                  Originally posted by hf_139 View Post
                  mitigations=off i915.mitigations=off
                  I don’t use mitigations, btw

                  Comment

                  • #10
                    Originally posted by Namelesswonder View Post

                    You're free to send a patch in for all the modules, it should be a relatively simple change of additionally just checking the cmdline for mitigations=off in each one, but don't be surprised that they get rejected. The documentation is very clear on what the top level mitigations parameter means.

                    Code:
                    mitigations=
[X86,PPC,S390,ARM64]
Control optional mitigations for CPU vulnerabilities. This is a set of
curated, arch-independent options, each of which is an
aggregation of existing arch-specific options.
                    You're right, I thought it was just some i915 specific CPU bug mitigation. I didn't realize Intel invented yet another way to leak your data.
                    • Likes 2

                    Comment

                    Previous template Next
                    Working...
                    X