* L1TF: Disabling EPT / performance-impact
@ 2018-08-16 11:41 Rainer Fiebig
2018-08-16 11:47 ` Greg KH
0 siblings, 1 reply; 3+ messages in thread
From: Rainer Fiebig @ 2018-08-16 11:41 UTC (permalink / raw)
To: stable; +Cc: Thorsten Leemhuis
Hi!
According to 1), disabling EPT offers the same maximum protection against L1TF as disabling SMT but
has a severe performance impact.
FWIW: With EPT disabled (2)), I can *not* confirm any performance-degradation for the VirtualBox
Windows- or Linux-VMs that I use. Those VMs are for desktop-use, though.
So to me it seems that the performance impact depends on the use case and in a desktop-setting
disabling EPT may offer a simple max-protection-option with the advantage of still enabled
hyperthreading.
I have tried this with 4.18.1 and 4.14.63.
Rainer Fiebig
***
1) https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html#mitigation-selection-guide
2) kvm-intel.ept=0
> tail /sys/devices/system/cpu/vulnerabilities/*
==> /sys/devices/system/cpu/vulnerabilities/l1tf <==
Mitigation: PTE Inversion; VMX: EPT disabled
==> /sys/devices/system/cpu/vulnerabilities/meltdown <==
Mitigation: PTI
==> /sys/devices/system/cpu/vulnerabilities/spec_store_bypass <==
Mitigation: Speculative Store Bypass disabled via prctl and seccomp
==> /sys/devices/system/cpu/vulnerabilities/spectre_v1 <==
Mitigation: __user pointer sanitization
==> /sys/devices/system/cpu/vulnerabilities/spectre_v2 <==
Mitigation: Full generic retpoline, IBPB, IBRS_FW
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: L1TF: Disabling EPT / performance-impact
2018-08-16 11:41 L1TF: Disabling EPT / performance-impact Rainer Fiebig
@ 2018-08-16 11:47 ` Greg KH
2018-08-16 11:57 ` Rainer Fiebig
0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2018-08-16 11:47 UTC (permalink / raw)
To: Rainer Fiebig; +Cc: stable, Thorsten Leemhuis
On Thu, Aug 16, 2018 at 01:41:26PM +0200, Rainer Fiebig wrote:
> Hi!
>
> According to 1), disabling EPT offers the same maximum protection against L1TF as disabling SMT but
> has a severe performance impact.
>
> FWIW: With EPT disabled (2)), I can *not* confirm any performance-degradation for the VirtualBox
> Windows- or Linux-VMs that I use. Those VMs are for desktop-use, though.
>
> So to me it seems that the performance impact depends on the use case and in a desktop-setting
> disabling EPT may offer a simple max-protection-option with the advantage of still enabled
> hyperthreading.
>
> I have tried this with 4.18.1 and 4.14.63.
Why are you sending this to the stable@ list? There's nothing we can do
here, sorry.
greg k-h
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: L1TF: Disabling EPT / performance-impact
2018-08-16 11:47 ` Greg KH
@ 2018-08-16 11:57 ` Rainer Fiebig
0 siblings, 0 replies; 3+ messages in thread
From: Rainer Fiebig @ 2018-08-16 11:57 UTC (permalink / raw)
To: Greg KH; +Cc: stable, Thorsten Leemhuis
Greg KH schrieb:
> On Thu, Aug 16, 2018 at 01:41:26PM +0200, Rainer Fiebig wrote:
>> Hi!
>>
>> According to 1), disabling EPT offers the same maximum protection against L1TF as disabling SMT but
>> has a severe performance impact.
>>
>> FWIW: With EPT disabled (2)), I can *not* confirm any performance-degradation for the VirtualBox
>> Windows- or Linux-VMs that I use. Those VMs are for desktop-use, though.
>>
>> So to me it seems that the performance impact depends on the use case and in a desktop-setting
>> disabling EPT may offer a simple max-protection-option with the advantage of still enabled
>> hyperthreading.
>>
>> I have tried this with 4.18.1 and 4.14.63.
>
> Why are you sending this to the stable@ list? There's nothing we can do
> here, sorry.
>
> greg k-h
>
Sorry, wrong target-group then.
Have a good day!
Rainer Fiebig
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-08-16 14:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-16 11:41 L1TF: Disabling EPT / performance-impact Rainer Fiebig
2018-08-16 11:47 ` Greg KH
2018-08-16 11:57 ` Rainer Fiebig
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.