Walt Mankowski via plug on 18 Jul 2022 12:10:44 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Retbleed, improve performance


On Mon, Jul 18, 2022, at 11:21 AM, Rich Freeman via plug wrote:
On Mon, Jul 18, 2022 at 9:59 AM jeffv via plug
<plug@lists.phillylinux.org> wrote:
>
> Improve Linux performance with this one weird trick
>
https://www.theregister.com/2022/07/18/improve_linux_performance/
>
> Unless anyone else ever accesses your PC in any way

So, I'd probably read the fine print before doing that.  First I'd
confirm exactly what the performance boost will be.  Some mitigations
are expensive, and others are cheap, and it varies by CPU model.  If
they're all cheap on your CPU then the value of disabling them to
avoid speculative execution attacks is dubious.

That said, I do know of at least one serious enterprise application
where they were considering disabling mitigations on an isolated
system used to do a workload that would have been severely impacted
(this was on an Intel CPU that had expensive mitigation cost).

In addition to depending on CPU model, the cost of mitigations can
also vary based on workload.

In general though speculative execution is a threat if you run
untrusted code on a system.  That could be from less-trusted users
executing arbitrary code as non-root, or it could be from proprietary
software you don't completely trust in a mixed environment, or it
could be from sandboxed code like _javascript_/etc in a browser.  If you
have a host that runs everything under a single UID, or uses UID 0 for
the OS and a single UID for everything else and the host really only
does one thing, and nothing is untrusted/sandboxed, then speculative
execution threats aren't really a serious problem.  If a host only
runs one service and that service is compromised, the entire host is
effectively compromised anyway.  If somebody hacks into your database
it is because they want to read the stuff in your database, not the
contents of /var/log.

I’ll also add that if your computer seems slow, there’s an excellent chance that it’s caused by something other than the raw speed of your CPU. Most of the time the problem is going to be network lag, or excessive disk access, or bloated websites, etc. Do your due diligence and check all those things first before even thinking about implementing any of these fixes.

Walt
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug