On Mon, Sep 17, 2018 at 2:58 PM Wes Turner <wes.tur...@gmail.com> wrote:
> > I thought I read that RH has a kernel flag for userspace? > "Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables" https://access.redhat.com/articles/3311301 > Indirect Branch Restricted Speculation (ibrs) > [...] When ibrs_enabled is set to 1 (spectre_v2=ibrs) the kernel runs with indirect branch restricted speculation, which protects the kernel space from attacks (even from hyperthreading/simultaneous multi-threading attacks). When IBRS is set to 2 (spectre_v2=ibrs_always), both userland and kernel runs with indirect branch restricted speculation. This protects userspace from hyperthreading/simultaneous multi-threading attacks as well, and is also the default on certain old AMD processors (family 10h, 12h and 16h). This feature addresses CVE-2017-5715, variant #2. > [...] > echo 2 > /sys/kernel/debug/x86/ibrs_enabled https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown/MitigationControls > echo 2 > /proc/sys/kernel/ibrs_enabled will turn on IBRS in both userspace and kernel ... On Mon, Sep 17, 2018 at 5:26 AM Antoine Pitrou <solip...@pitrou.net> wrote: > If you want to push this forward, I suggest you measure performance of > Python compiled with and without the Spectre mitigation options, and > report the results here. That will help vendors and packagers decide > whether they want to pursue the route of enabling those options. "Speculative Execution Exploit Performance Impacts - Describing the performance impacts to security patches for CVE-2017-5754 CVE-2017-5753 and CVE-2017-5715" https://access.redhat.com/articles/3307751 - Revised worst-case peformance impact: 4-8%
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
