[附新内核牺牲安全换性能方法]最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

[科学之子]

最新版Linux内核各位用了感觉有多少性能下降(就是那个传说影响性能的Intel漏洞)

Wed Jan 10 18:14:01 CST 2018补充:
https://www.zhihu.com/question/26501250 ... /288239171
https://www.google.com/search?newwindow ... yJZEEo-4vk
https://askubuntu.com/questions/991874/ ... -intel-cpu
本来以后要被迫编译内核了,现在看起来只要内核引导参数加上"pti=off"就可以了
如果要进行怕被窃取的敏感操作就"pti=on"或"pti=auto"启动.
https://patchwork.kernel.org/patch/10107415/

Wed Aug 8 19:39:23 CST 2018补充{
https://www.kernel.org/doc/html/latest/ ... eters.html

代码： 全选

nospectre_v2
nopti

内核加上这两个参数, spectre 和 meltdown 的补丁貌似应该就能全关掉了.
}

[qy117121]

南瓜说没感觉有影响

[funicorn]

30%

[科学之子]

30%

意思是性能下降30%对您来说是实际情况?

[poloshiao]

有關消息彙總

http://news.softpedia.com/news/billions ... 9213.shtml
Billions of Devices at Risk of Attacks Because of Two Critical Hardware Bugs
These bugs affect all devices made in the last 25 years

http://news.softpedia.com/news/many-int ... 9206.shtml
"The extent of the problem is not really known"
From what it’s been revealed until now, the bug affects pretty many of the Intel CPUs launched in the past ten years. It’s believed that the impact on performance will vary, depending on the processor, and will range from 5% to 30%.

http://news.softpedia.com/news/linux-ke ... 9215.shtml
Linux Kernels 4.14.11, 4.9.74, 4.4.109, 3.16.52, and 3.2.97 Patch Meltdown Flaw
Linux kernel maintainers Greg Kroah-Hartman and Ben Hutchings have released new versions of the Linux 4.14, 4.9, 4.4, 3.16, 3.18, and 3.12 LTS (Long Term Support) kernel series that apparently patch one of the two critical security flaws affecting most modern processors.

http://news.softpedia.com/news/canonica ... 9234.shtml
Canonical Will Soon Patch all Supported Ubuntu Releases Against Meltdown/Spectre

http://news.softpedia.com/news/intel-pr ... 9237.shtml
Intel Promises It’ll Nearly Exterminate Meltdown and Spectre Bugs in a Few Days

[funicorn]

不是，新闻里说是30%.

30%

意思是性能下降30%对您来说是实际情况?

[科学之子]

https://www.zhihu.com/question/26501250 ... /288239171
https://www.google.com/search?newwindow ... yJZEEo-4vk
https://askubuntu.com/questions/991874/ ... -intel-cpu
本来以后要被迫编译内核了,现在看起来只要内核引导参数加上"pti=off"就可以了
如果要进行怕被窃取的敏感操作就"pti=on"或"pti=auto"启动.
https://patchwork.kernel.org/patch/10107415/

[astolia]

P9600上编译内核的时间没见有什么明显区别

[poloshiao]

1. Intel 已公佈 對於此事件的補釘
1-1. https://downloadcenter.intel.com/downlo ... -Data-File
Linux Processor Microcode Data File

2. 這是更新方法
http://news.softpedia.com/news/intel-re ... 9316.shtml
Intel Releases Processor Microcode Patch for Linux OSes, Here's How to Update

"Here's how to update the Intel CPU microcode on Linux"

The archive released by Intel for Linux OSes contains a microcode.dat file, which is available in a traditional text format and still used in some Linux distros, allowing users to update the Intel CPU microcode through the old microcode update interface that's available in the Linux kernel with and can be enabled with the CONFIG_MICROCODE_OLD_INTERFACE=y option.

To update the microcode.dat to the system, you will need to first ensure the existence of /dev/cpu/microcode and then write microcode.dat to the file with the dd if=microcode.dat of=/dev/cpu/microcode bs=1M command in a terminal emulator. Once the writing process is complete, you will have to reboot your computer for any changes to take effect.

The updated microcode archive also contains an intel-ucode folder, which is the second method of installing the microcode, supported by most modern GNU/Linux distributions. To update this way, ensure the existence of /sys/devices/system/cpu/microcode/reload, copy the entire intel-ucode directory to /lib/firmware, overwrite the files in /lib/firmware/intel-ucode/, write the reload interface to 1 to reload the microcode files (e.g. echo 1 > /sys/devices/system/cpu/microcode/reload), and reboot.

3. Ubuntu 推