From: Ben Greear <greearb@candelatech.com>
To: Tim Chen <tim.c.chen@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>
Cc: Jiri Kosina <jikos@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Andrea Arcangeli <aarcange@redhat.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Andi Kleen <ak@linux.intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Arjan van de Ven <arjan@linux.intel.com>,
Jon Masters <jcm@redhat.com>, Waiman Long <longman9394@gmail.com>,
Greg KH <gregkh@linuxfoundation.org>,
Borislav Petkov <bp@alien8.de>,
linux-kernel@vger.kernel.org, x86@kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] x86/speculation: Add document to describe Spectre and its mitigations
Date: Tue, 8 Jan 2019 16:58:26 -0800 [thread overview]
Message-ID: <234fe108-1cdd-b97e-4c19-a0be6d5858d5@candelatech.com> (raw)
In-Reply-To: <0d89b5a0-01d3-4927-ce59-fd9dc24c53b3@linux.intel.com>
On 1/7/19 9:57 AM, Tim Chen wrote:
> On 12/31/18 8:22 AM, Ben Greear wrote:
>>
>>
>> On 12/21/2018 05:17 PM, Tim Chen wrote:
>>>
>>> If you don't worry about security and performance is paramount, then
>>> boot with "nospectre_v2". That's explained in the document.
>>
>> There seem to be lots of different variants of this type of problem. It was not clear
>> to me that just doing nospectre_v2 would be sufficient to get back full performance.
>
> The performance penalty comes from retpoline penalizing indirect branch predictions in kernel.
> With nospectre_v2, retpoline is disabled so you should get all the performance
> back from spectre mitigation.
>
> This does not disable kernel page table isolation for meltdown mitigation, which also
> needs to be turned off if you want to get the full performance back. That's somewhat
> beyond the scope of this doc on Spectre.
The two bug families (spectre and meltdown) are conflated in my mind, at least.
For those of us who do not really understand this stuff in detail, it would
be good to at least mention some notes about Meltdown I think.
>> And anyway, I would like to compile the kernel to not need that command-line option,
>> so I am still interesting in what compile options need to be set to what values...
>>
>
> If you just want to disable spectre mitigation, setting CONFIG_RETPOLINE=n should do
> the trick. If you also want to disable meltdown mitigation,
> set CONFIG_PAGE_TABLE_ISOLATION=n.
Ok, are there any other CONFIG options that relate to fixing security bugs that
have noticeable performance impacts or are these two the complete list?
Thanks,
Ben
--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
next prev parent reply other threads:[~2019-01-09 0:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-21 17:44 [PATCH] x86/speculation: Add document to describe Spectre and its mitigations Tim Chen
2018-12-21 21:59 ` Ben Greear
2018-12-22 1:17 ` Tim Chen
2018-12-31 16:22 ` Ben Greear
2018-12-31 17:10 ` Arjan van de Ven
2019-01-07 17:57 ` Tim Chen
2019-01-09 0:58 ` Ben Greear [this message]
2019-01-09 1:35 ` Tim Chen
2018-12-23 23:11 ` Alexei Starovoitov
2019-01-08 21:12 ` Tim Chen
2019-01-09 1:11 ` Alexei Starovoitov
2019-01-09 1:41 ` Tim Chen
2019-01-09 2:42 ` Alexei Starovoitov
2018-12-28 17:34 ` Jonathan Corbet
2019-01-08 21:18 ` Tim Chen
2019-01-13 23:10 ` Pavel Machek
2019-01-13 23:12 ` Jiri Kosina
2019-01-14 12:01 ` Pavel Machek
2019-01-14 12:06 ` Jiri Kosina
2019-01-14 13:01 ` Pavel Machek
2019-01-14 13:06 ` Jiri Kosina
2019-01-14 14:39 ` Arjan van de Ven
2019-01-30 0:12 ` Thomas Gleixner
2019-02-12 12:00 ` Thomas Gleixner
2019-02-12 17:36 ` Tim Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=234fe108-1cdd-b97e-4c19-a0be6d5858d5@candelatech.com \
--to=greearb@candelatech.com \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan@linux.intel.com \
--cc=asit.k.mallick@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=jcm@redhat.com \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=longman9394@gmail.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).