| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55e3ba77-a305-8abb-1506-5a8aabe24bf3@torproject.org>
Date: Sat, 10 Jul 2021 13:05:46 -0500
From: Jim Newsome <jnewsome@...project.org>
To: aarcange@...hat.com
Cc: YiFei Zhu <zhuyifei1999@...il.com>,
Linux Containers <containers@...ts.linux-foundation.org>,
YiFei Zhu <yifeifz2@...inois.edu>, bpf <bpf@...r.kernel.org>,
kernel list <linux-kernel@...r.kernel.org>
Subject: Re: RFC: default to spec_store_bypass_disable=prctl
spectre_v2_user=prctl
Is anything happening with this proposal? Is there anything I could do
to help it along?
My personal motivation is that I'm involved in developing and using the
[Shadow] simulator, which we use to run hours and days long simulations.
We're currently looking into running some simulations in gitlab CI
Docker runner to take advantage of shared hardware, but Docker currently
doesn't expose a way to opt out of these mitigations without turning off
seccomp altogether [Docker FR].
I've measured these mitigations to cause simulations to take 50% longer
[Overhead], so I'm pretty motivated to find a way to disable them :).
[Shadow]: https://shadow.github.io/
[Docker FR]: https://github.com/moby/moby/issues/42619
[Overhead]:
https://github.com/shadow/shadow/issues/1489#issuecomment-871445482
P.S. Attempting to respond to a thread without actually being subscribed
to the list; sorry if this ends up not threading correctly. The CC
header was truncated so also some original recipients have been dropped.
Original thread: https://lkml.org/lkml/2020/11/4/1135
Powered by blists - more mailing lists