On 12.08.2020 19:13, Jason Long wrote:
> Yes.
There are many, many advisories that are related to Intel vulns and I
believe, including the more recent ones, not only Spectre & Meltdown.
I've read a few of the advisories and it seems there's a performance
impact, as some optimizations are now disabled by default.
In case you have concerns regarding security, just keeping your setup
up-to-date should be good enough, be it using some distro's binaries or
from source.
In case you are rather concerned about performance, that's another
story. I suppose one would need to double-check many options to see if
he's affected by specific optimization he would like to re-enable. I am
thinking of e.g. `smt=1 ept=exec-sp` *1. I myself wonder how dangerous
this is (anybody?). Note there are also embedded mitigations in the
Linux kernel, which can be disabled by adding `mitigations=off` as a
boot argument *2.
*1
http://xenbits.xen.org/docs/unstable/misc/xen-command-line.html *2
https://make-linux-fast-again.com/ I would be happy to see another thread or some guide tackling the XEN
performance tuning vs security topic, and hopefully some gurus would
enlighten us (in what situation can we disable those mitigations?).
That's just my two cents. I would be glad to proceed with some
benchmarks, though, to measure the negative performance impact of those
mitigations.
Best regards,
--
Pierre-Philipp
>
>
>
>
>
>
> On Wednesday, August 12, 2020, 01:08:47 PM GMT+4:30, Charles Gonçalves <charles.fg@gmail.com> wrote:
>
>
>
>
>
> Are you referring to Spectre and meltdown ?
>
> On Wed, Aug 12, 2020, 05:46 David Kahurani <k.kahurani@gmail.com> wrote:
>> On Mon, Aug 03, 2020 at 07:24:11AM +0000, Jason Long wrote:
>>> Hello,When the Intel security vulnerability discovered then how long did it take to solve?
>>
>> Hello
>>
>> You mean CPU specific bugs? Most bugs/vulnerabilities rely on technicalities and are therefore easy to fix/solve.
>>
>>
>>> Thanks.
>>
>>