[附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

内核编译和嵌入式产品的设计与开发
科学之子
帖子: 2284
注册时间: 2013-05-26 6:58
系统: Debian 9

[附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

#1

帖子 科学之子 » 2018-01-06 14:48

最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

Wed Jan 10 18:14:01 CST 2018补充:
https://www.zhihu.com/question/26501250 ... /288239171
https://www.google.com/search?newwindow ... yJZEEo-4vk
https://askubuntu.com/questions/991874/ ... -intel-cpu
本来以后要被迫编译内核了,现在看起来只要内核引导参数加上"pti=off"就可以了
如果要进行怕被窃取的敏感操作就"pti=on"或"pti=auto"启动.
https://patchwork.kernel.org/patch/10107415/

Wed Aug 8 19:39:23 CST 2018补充{
https://www.kernel.org/doc/html/latest/ ... eters.html

代码: 全选

nospectre_v2
nopti
内核加上这两个参数, spectre 和 meltdown 的补丁貌似应该就能全关掉了.
}
上次由 科学之子 在 2018-08-08 19:42,总共编辑 2 次。
头像
qy117121
论坛版主
帖子: 50530
注册时间: 2007-12-14 13:40
系统: Winbuntu
来自: 志虚国乌由市
联系:

Re: 最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

#2

帖子 qy117121 » 2018-01-06 16:42

南瓜说没感觉有影响
渠月 · QY   
本人只会灌水,不负责回答问题
无聊可以点一下→ http://u.nu/ubuntu

Ubuntu 20.04 快速设置指南,请配合浏浏览器自动翻译使用

邮箱 chuan@ubuntu.org.cn
funicorn
帖子: 1318
注册时间: 2005-09-13 4:56
系统: Ubuntu Jammy Jellyfi

Re: 最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

#3

帖子 funicorn » 2018-01-06 16:50

30%
poloshiao
论坛版主
帖子: 18279
注册时间: 2009-08-04 16:33

Re: 最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

#5

帖子 poloshiao » 2018-01-06 18:59

有關消息彙總

http://news.softpedia.com/news/billions ... 9213.shtml
Billions of Devices at Risk of Attacks Because of Two Critical Hardware Bugs
These bugs affect all devices made in the last 25 years

http://news.softpedia.com/news/many-int ... 9206.shtml
"The extent of the problem is not really known"
From what it’s been revealed until now, the bug affects pretty many of the Intel CPUs launched in the past ten years. It’s believed that the impact on performance will vary, depending on the processor, and will range from 5% to 30%.

http://news.softpedia.com/news/linux-ke ... 9215.shtml
Linux Kernels 4.14.11, 4.9.74, 4.4.109, 3.16.52, and 3.2.97 Patch Meltdown Flaw
Linux kernel maintainers Greg Kroah-Hartman and Ben Hutchings have released new versions of the Linux 4.14, 4.9, 4.4, 3.16, 3.18, and 3.12 LTS (Long Term Support) kernel series that apparently patch one of the two critical security flaws affecting most modern processors.

http://news.softpedia.com/news/canonica ... 9234.shtml
Canonical Will Soon Patch all Supported Ubuntu Releases Against Meltdown/Spectre

http://news.softpedia.com/news/intel-pr ... 9237.shtml
Intel Promises It’ll Nearly Exterminate Meltdown and Spectre Bugs in a Few Days
funicorn
帖子: 1318
注册时间: 2005-09-13 4:56
系统: Ubuntu Jammy Jellyfi

Re: 最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

#6

帖子 funicorn » 2018-01-07 2:05

不是,新闻里说是30%.
科学之子 写了:
funicorn 写了:30%
意思是性能下降30%对您来说是实际情况?
头像
astolia
论坛版主
帖子: 6399
注册时间: 2008-09-18 13:11

Re: [附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏

#8

帖子 astolia » 2018-01-10 21:22

P9600上编译内核的时间没见有什么明显区别
poloshiao
论坛版主
帖子: 18279
注册时间: 2009-08-04 16:33

Re: [附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏

#9

帖子 poloshiao » 2018-01-11 10:57

1. Intel 已公佈 對於此事件的補釘
1-1. https://downloadcenter.intel.com/downlo ... -Data-File
Linux Processor Microcode Data File

2. 這是更新方法
http://news.softpedia.com/news/intel-re ... 9316.shtml
Intel Releases Processor Microcode Patch for Linux OSes, Here's How to Update

"Here's how to update the Intel CPU microcode on Linux"

The archive released by Intel for Linux OSes contains a microcode.dat file, which is available in a traditional text format and still used in some Linux distros, allowing users to update the Intel CPU microcode through the old microcode update interface that's available in the Linux kernel with and can be enabled with the CONFIG_MICROCODE_OLD_INTERFACE=y option.

To update the microcode.dat to the system, you will need to first ensure the existence of /dev/cpu/microcode and then write microcode.dat to the file with the dd if=microcode.dat of=/dev/cpu/microcode bs=1M command in a terminal emulator. Once the writing process is complete, you will have to reboot your computer for any changes to take effect.

The updated microcode archive also contains an intel-ucode folder, which is the second method of installing the microcode, supported by most modern GNU/Linux distributions. To update this way, ensure the existence of /sys/devices/system/cpu/microcode/reload, copy the entire intel-ucode directory to /lib/firmware, overwrite the files in /lib/firmware/intel-ucode/, write the reload interface to 1 to reload the microcode files (e.g. echo 1 > /sys/devices/system/cpu/microcode/reload), and reboot.

3. Ubuntu 推薦 使用者 立刻更新到
linux-image 4.4.0.109.114 (generic or lowlatency) # Ubuntu 16.04
linux-image 4.4.0-109.132~14.04.1 # Ubuntu 14.04
3-1. http://news.softpedia.com/news/canonica ... 9320.shtml
Canonical has released on Wednesday a new Linux kernel update for Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address a regression introduced with yesterday's security patch against the Meltdown vulnerability.

5. http://news.softpedia.com/news/intel-s- ... 9340.shtml
Intel's Microcode Update for Spectre Exploit Is Now Available in Ubuntu's Repos

Ubuntu 推薦 立刻更新套件 intel-microcode 到下述版本
3.20180108.0~ubuntu17.10.1 for Ubuntu 17.10, intel-microcode 3.20180108.0~ubuntu17.04.1 for Ubuntu 17.10, intel-microcode 3.20180108.0~ubuntu16.04.2 for Ubuntu 16.04 LTS, and intel-microcode 3.20180108.0~ubuntu14.04.2 for Ubuntu 14.04 LTS.

图片
funicorn
帖子: 1318
注册时间: 2005-09-13 4:56
系统: Ubuntu Jammy Jellyfi

Re: [附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏

#10

帖子 funicorn » 2018-01-11 11:22

你貌似是弄反了,不装补丁的时候,性能不会下降,是存在安全风险;装了补丁以后,消除了安全风险,性能下降30%。

所以补丁的说法不准确,“此事件”指的是安全隐患,还是性能下降,要说清楚。如果说的是性能下降,那不装补丁反而没事,装了才有事。
poloshiao 写了:1. Intel 已公佈 對於此事件的補釘
1-1. https://downloadcenter.intel.com/downlo ... -Data-File
Linux Processor Microcode Data File

2. 這是更新方法
http://news.softpedia.com/news/intel-re ... 9316.shtml
Intel Releases Processor Microcode Patch for Linux OSes, Here's How to Update

"Here's how to update the Intel CPU microcode on Linux"

The archive released by Intel for Linux OSes contains a microcode.dat file, which is available in a traditional text format and still used in some Linux distros, allowing users to update the Intel CPU microcode through the old microcode update interface that's available in the Linux kernel with and can be enabled with the CONFIG_MICROCODE_OLD_INTERFACE=y option.

To update the microcode.dat to the system, you will need to first ensure the existence of /dev/cpu/microcode and then write microcode.dat to the file with the dd if=microcode.dat of=/dev/cpu/microcode bs=1M command in a terminal emulator. Once the writing process is complete, you will have to reboot your computer for any changes to take effect.

3. Ubuntu 推薦 使用者 立刻更新到
linux-image 4.4.0.109.114 (generic or lowlatency) # Ubuntu 16.04
linux-image 4.4.0-109.132~14.04.1 # Ubuntu 14.04
3-1. http://news.softpedia.com/news/canonica ... 9320.shtml
Canonical has released on Wednesday a new Linux kernel update for Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address a regression introduced with yesterday's security patch against the Meltdown vulnerability.
poloshiao
论坛版主
帖子: 18279
注册时间: 2009-08-04 16:33

Re: [附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏

#11

帖子 poloshiao » 2018-01-11 14:35

你貌似是弄反了
所以补丁的说法不准确,“此事件”指的是安全隐患,还是性能下降,要说清楚。
上述貼文 只是提供文章連結 並沒有加上任何個人評論 所以不存在是否弄反的問題
詳細 請參閱 連結文章
沒說清楚 抱歉

補充說明
本篇貼文是接續
http://forum.ubuntu.com.cn/viewtopic.ph ... 0#p3200410
有關消息彙總
http://news.softpedia.com/news/intel-pr ... 9237.shtml
Intel Promises It’ll Nearly Exterminate Meltdown and Spectre Bugs in a Few Days
這裡的 補釘 patch 是 Intel 研發人員 提供
leslielg
帖子: 124
注册时间: 2008-08-30 10:52

Re: [附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏

#12

帖子 leslielg » 2018-01-11 15:30

https://www.phoronix.com/scan.php?page= ... arks&num=1

这里有一篇Linux打了补丁后的评测,磁盘读写性能下降有30%左右。

看补丁的做法,一个是会导致TLB频繁的flush,另一个是让流水线暂停,性能都应该是比较大的影响。
funicorn
帖子: 1318
注册时间: 2005-09-13 4:56
系统: Ubuntu Jammy Jellyfi

Re: [附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏

#13

帖子 funicorn » 2018-01-11 16:57

这么短的时间内,linux处的内核补丁值的信任吗?反正我是不敢装,cpu搞坏了他们又不赔。

装补丁也是装Intel的和windows的。
leslielg 写了:https://www.phoronix.com/scan.php?page= ... arks&num=1

这里有一篇Linux打了补丁后的评测,磁盘读写性能下降有30%左右。

看补丁的做法,一个是会导致TLB频繁的flush,另一个是让流水线暂停,性能都应该是比较大的影响。
onlylove
论坛版主
帖子: 5215
注册时间: 2007-01-14 16:23

Re: [附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏

#15

帖子 onlylove » 2018-01-11 19:48

funicorn 写了:这么短的时间内,linux处的内核补丁值的信任吗?反正我是不敢装,cpu搞坏了他们又不赔。

装补丁也是装Intel的和windows的。
leslielg 写了:https://www.phoronix.com/scan.php?page= ... arks&num=1

这里有一篇Linux打了补丁后的评测,磁盘读写性能下降有30%左右。

看补丁的做法,一个是会导致TLB频繁的flush,另一个是让流水线暂停,性能都应该是比较大的影响。
你随意,不过,听说微软的补丁把AMD的机器搞挂了,intel的补丁把ubuntu1604搞挂了
回复