From: Pavel Machek <pavel@ucw.cz>
To: vbabka@suse.cz, mhocko@suse.com, hpa@zytor.com,
torvalds@linux-foundation.org, ak@linux.intel.com,
dave.hansen@intel.com, kernel list <linux-kernel@vger.kernel.org>,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de
Subject: l1tf: Kernel suggests I throw away third of my memory. I'd rather not
Date: Wed, 17 Oct 2018 12:56:10 +0200 [thread overview]
Message-ID: <20181017105610.GA4260@amd> (raw)
[-- Attachment #1: Type: text/plain, Size: 1230 bytes --]
Hi!
6a012288 suggests I throw away 1GB on RAM. On 3GB system.. that is not
going to be pleasant.
l1tf.html says:
# The Linux kernel contains a mitigation for this attack vector, PTE
# inversion, which is permanently enabled and has no performance
# impact.
I don't believe it has "no" performance impact, but I guess it is lost
in the noise.
# The kernel ensures that the address bits of PTEs, which are
# not marked present, never point to cacheable physical memory space.
# A system with an up to date kernel is protected against attacks from
# malicious user space applications.
These are not true.
cat /sys/devices/system/cpu/vulnerabilities/l1tf
Vulnerable
uname -a
Linux amd 4.19.0-rc8-next-20181017autobisect1539371050 #189 SMP Wed
Oct 17 12:04:23 CEST 2018 i686 GNU/Linux
Now question is... can we do better? Kernel stores information about
swapped-out pages there, right? That sounds like a cool hack, but
maybe it is time to get rid of that hack?
As a workaround, can I simply do swapoff -a to be safe for now?
Thanks,
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next reply other threads:[~2018-10-17 10:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 10:56 Pavel Machek [this message]
2018-10-17 11:15 ` l1tf: Kernel suggests I throw away third of my memory. I'd rather not Michal Hocko
2018-10-17 11:32 ` Pavel Machek
2018-10-17 12:17 ` Michal Hocko
2018-10-17 22:21 ` Dave Hansen
2018-10-18 7:10 ` Vlastimil Babka
2018-10-17 14:08 ` Andi Kleen
2018-10-17 14:13 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181017105610.GA4260@amd \
--to=pavel@ucw.cz \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.