Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
https://meltdownattack.com/
« previous
next »
Print
Pages:
1
2
[
3
]
Author
Topic: https://meltdownattack.com/ (Read 18643 times)
xinnan
Full Member
Posts: 125
Karma: 13
Re: https://meltdownattack.com/
«
Reply #30 on:
January 16, 2018, 07:52:51 pm »
Sounds like good stuff. How big is "rather large" in terms of percent performance impact?
Logged
lattera
Full Member
Posts: 207
Karma: 82
Re: https://meltdownattack.com/
«
Reply #31 on:
January 16, 2018, 08:10:43 pm »
`make -sj6 buildworld` on my Intel Xeon E3-1505M v5 @ 2.80GHz laptop went from 1.5 hours to about 2.25 hours with PTI enabled. retpoline didn't increase the time.
Logged
xinnan
Full Member
Posts: 125
Karma: 13
Re: https://meltdownattack.com/
«
Reply #32 on:
January 16, 2018, 08:39:21 pm »
I'm very interested to find out how all these changes will impact packets per second, throughput in terms of bandwidth and VPN bandwidth etc. I'm hoping it won't be huge.
I'm assuming that more packages, more filtering, more processing will equal more impact, but I'm just guessing and hoping it is less than initially thought.
Logged
lattera
Full Member
Posts: 207
Karma: 82
Re: https://meltdownattack.com/
«
Reply #33 on:
January 16, 2018, 08:53:06 pm »
That's a really good question, one that I cannot answer right now. Once PTI becomes available for 11.1-RELEASE, we at OPNsense will definitely have to do one or more "Call For Testing" rounds.
Logged
xinnan
Full Member
Posts: 125
Karma: 13
Re: https://meltdownattack.com/
«
Reply #34 on:
January 16, 2018, 10:08:06 pm »
Well, thanks for banging away on it.
Logged
lattera
Full Member
Posts: 207
Karma: 82
Re: https://meltdownattack.com/
«
Reply #35 on:
January 17, 2018, 03:08:52 pm »
The amd64 PTI patch has landed in FreeBSD HEAD, disabled by default:
https://svnweb.freebsd.org/base?view=revision&revision=328083
We'll enable it by default in HardenedBSD.
Logged
xinnan
Full Member
Posts: 125
Karma: 13
Re: https://meltdownattack.com/
«
Reply #36 on:
January 23, 2018, 11:33:13 am »
https://www.theverge.com/2018/1/22/16919426/intel-advises-pause-deployment-of-spectre-patch
https://techcrunch.com/2018/01/22/linus-torvalds-declares-intel-fix-for-meltdown-spectre-complete-and-utter-garbage/
https://gizmodo.com/intel-is-trying-to-fix-the-biggest-problem-with-its-spe-1822305604
All fixed!
Logged
lattera
Full Member
Posts: 207
Karma: 82
Re: https://meltdownattack.com/
«
Reply #37 on:
January 23, 2018, 04:31:21 pm »
Update: PTI is now enabled by default on HardenedBSD 12-CURRENT/amd64. The retpoline patch has landed in both upstream llvm (
https://reviews.llvm.org/D41723
) HEAD and HardenedBSD 12-CURRENT/amd64. Packages are building with retpoline applied to the entire package repo.
HardenedBSD will likely be the first OS to ship with retpoline applied to the entirety of the operating system, spanning not only world and kernel, but also third-party applications in its package repository.
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: https://meltdownattack.com/
«
Reply #38 on:
January 23, 2018, 05:57:04 pm »
@xinnan:
Much better, there WAS NEVER anything to fix. Intel hardware all OK.
No joke:
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
One day in the not-so-far future I will end with Parkinsons' from the all-day head shaking....
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: https://meltdownattack.com/
«
Reply #39 on:
January 23, 2018, 07:14:21 pm »
But Intel proposing an OPT-IN hardware flag for "this cpu is insecure, please make it safe and slow" is no indication of lawyer-based R&D and general "cover-my-ass"ing for having done nothing wrong whatsoever? It seems silly on the surface to even entertain the idea of it, the malice hidden beneath if baked into actual hardware... "you can't sue us if you don't use the secure mode -- also we are fast by default, slow is merely your fault -- both issues are not linked if you try to imply that".
https://news.ycombinator.com/item?id=16202205
Cheers,
Franco
Logged
Print
Pages:
1
2
[
3
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
https://meltdownattack.com/