| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Nov 2018 10:59:25 -0800
From: Tim Chen <tim.c.chen@...ux.intel.com>
To: Jiri Kosina <jikos@...nel.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org, stable@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>,
Peter Zijlstra <peterz@...radead.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
WoodhouseDavid <dwmw@...zon.co.uk>,
Andi Kleen <ak@...ux.intel.com>,
SchauflerCasey <casey.schaufler@...el.com>,
Dave Stewart <david.c.stewart@...el.com>
Subject: Re: [PATCH 4.19 041/361] x86/speculation: Enable cross-hyperthread
spectre v2 STIBP mitigation
On 11/21/2018 10:21 AM, Jiri Kosina wrote:
> On Wed, 21 Nov 2018, Tim Chen wrote:
>
>>> Is it reverted in Linus's tree? If not, then anything that comes "later
>>> on" will not apply here, right?
>>>
>>> I see the thread asking about this, but I got really conflicting
>>> messages here, and now it's in all of the latest releases, and no
>>> testing seems to have uncovered issues. Is it just a "slow down"
>>> problem?
>>
>> Greg,
>>
>> It could be a big slow down in excess of 20% for some applications.
>> And cross sibling Spectre v2 attack is quite hard to pull off.
>>
>> So till we have the accompanying patchset that only apply STIBP on processes
>> that really need it instead of universally, it should be withheld from
>> stable.
>
> Agreed; it will be trivially reintroduced with the rest, once it's ready.
> It's being built on top of that patch.
>
Thanks. Appreciate it.
Tim
Powered by blists - more mailing lists