Re: [PLUG] Retbleed, improve performance

Rich Freeman via plug on 18 Jul 2022 08:21:29 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Retbleed, improve performance

From: Rich Freeman via plug <plug@lists.phillylinux.org>
To: jeffv <jeffv@op.net>
Subject: Re: [PLUG] Retbleed, improve performance
Date: Mon, 18 Jul 2022 11:21:13 -0400
Cc: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Reply-to: Rich Freeman <r-plug@thefreemanclan.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Mon, Jul 18, 2022 at 9:59 AM jeffv via plug
<plug@lists.phillylinux.org> wrote:
>
> Improve Linux performance with this one weird trick
>
> https://www.theregister.com/2022/07/18/improve_linux_performance/
>
> Unless anyone else ever accesses your PC in any way

So, I'd probably read the fine print before doing that.  First I'd
confirm exactly what the performance boost will be.  Some mitigations
are expensive, and others are cheap, and it varies by CPU model.  If
they're all cheap on your CPU then the value of disabling them to
avoid speculative execution attacks is dubious.

That said, I do know of at least one serious enterprise application
where they were considering disabling mitigations on an isolated
system used to do a workload that would have been severely impacted
(this was on an Intel CPU that had expensive mitigation cost).

In addition to depending on CPU model, the cost of mitigations can
also vary based on workload.

In general though speculative execution is a threat if you run
untrusted code on a system.  That could be from less-trusted users
executing arbitrary code as non-root, or it could be from proprietary
software you don't completely trust in a mixed environment, or it
could be from sandboxed code like javascript/etc in a browser.  If you
have a host that runs everything under a single UID, or uses UID 0 for
the OS and a single UID for everything else and the host really only
does one thing, and nothing is untrusted/sandboxed, then speculative
execution threats aren't really a serious problem.  If a host only
runs one service and that service is compromised, the entire host is
effectively compromised anyway.  If somebody hacks into your database
it is because they want to read the stuff in your database, not the
contents of /var/log.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Retbleed, improve performance
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>

References:
- [PLUG] Retbleed, improve performance
  - From: jeffv via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] Retbleed, improve performance
Next by Date: [PLUG] HPLIP printing
Previous by thread: [PLUG] Retbleed, improve performance
Next by thread: Re: [PLUG] Retbleed, improve performance
Index(es):
- Date
- Thread