lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 31 Dec 2018 09:10:31 -0800
From:   Arjan van de Ven <arjan@...ux.intel.com>
To:     Ben Greear <greearb@...delatech.com>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Thomas Gleixner <tglx@...utronix.de>
Cc:     Jiri Kosina <jikos@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Ingo Molnar <mingo@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Andrea Arcangeli <aarcange@...hat.com>,
        David Woodhouse <dwmw@...zon.co.uk>,
        Andi Kleen <ak@...ux.intel.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Asit Mallick <asit.k.mallick@...el.com>,
        Jon Masters <jcm@...hat.com>,
        Waiman Long <longman9394@...il.com>,
        Greg KH <gregkh@...uxfoundation.org>,
        Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
        x86@...nel.org, stable@...r.kernel.org
Subject: Re: [PATCH] x86/speculation: Add document to describe Spectre and its
 mitigations

On 12/31/2018 8:22 AM, Ben Greear wrote:
> 
> 
> On 12/21/2018 05:17 PM, Tim Chen wrote:
>> On 12/21/18 1:59 PM, Ben Greear wrote:
>>> On 12/21/18 9:44 AM, Tim Chen wrote:
>>>> Thomas,
>>>>
>>>> Andi and I have made an update to our draft of the Spectre admin guide.
>>>> We may be out on Christmas vacation for a while.  But we want to
>>>> send it out for everyone to take a look.
>>>
>>> Can you add a section on how to compile out all mitigations that have anything
>>> beyond negligible performance impact for those running systems where performance
>>> is more important than security?
>>>
>>
>> If you don't worry about security and performance is paramount, then
>> boot with "nospectre_v2".  That's explained in the document.
> 
> There seem to be lots of different variants of this type of problem.  It was not clear
> to me that just doing nospectre_v2 would be sufficient to get back full performance.
> 
> And anyway, I would like to compile the kernel to not need that command-line option,
> so I am still interesting in what compile options need to be set to what values...

the cloud people call this scenario "single tenant".. there might be different "users" in the uid
sense, but they're all owned by the same folks


it would not be insane to make a CONFIG_SINGLE_TENANT kind of option under which we can group thse kind of things
(and likely others)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ