https://meltdownattack.com/

Started by opnsense_user12123, January 04, 2018, 04:35:00 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
January 16, 2018, 07:52:51 PM #30
Sounds like good stuff.  How big is "rather large" in terms of percent performance impact?
January 16, 2018, 08:10:43 PM #31
`make -sj6 buildworld` on my Intel Xeon E3-1505M v5 @ 2.80GHz laptop went from 1.5 hours to about 2.25 hours with PTI enabled. retpoline didn't increase the time.
January 16, 2018, 08:39:21 PM #32
I'm very interested to find out how all these changes will impact packets per second, throughput in terms of bandwidth and VPN bandwidth etc.  I'm hoping it won't be huge.

I'm assuming that more packages, more filtering, more processing will equal more impact, but I'm just guessing and hoping it is less than initially thought.
January 16, 2018, 08:53:06 PM #33
That's a really good question, one that I cannot answer right now. Once PTI becomes available for 11.1-RELEASE, we at OPNsense will definitely have to do one or more "Call For Testing" rounds.
January 16, 2018, 10:08:06 PM #34
Well, thanks for banging away on it.
January 17, 2018, 03:08:52 PM #35
The amd64 PTI patch has landed in FreeBSD HEAD, disabled by default: https://svnweb.freebsd.org/base?view=revision&revision=328083

We'll enable it by default in HardenedBSD.
January 23, 2018, 11:33:13 AM #36
January 23, 2018, 04:31:21 PM #37
Update: PTI is now enabled by default on HardenedBSD 12-CURRENT/amd64. The retpoline patch has landed in both upstream llvm (https://reviews.llvm.org/D41723) HEAD and HardenedBSD 12-CURRENT/amd64. Packages are building with retpoline applied to the entire package repo.

HardenedBSD will likely be the first OS to ship with retpoline applied to the entirety of the operating system, spanning not only world and kernel, but also third-party applications in its package repository.
January 23, 2018, 05:57:04 PM #38
@xinnan:

Much better, there WAS NEVER anything to fix. Intel hardware all OK.

No joke:

https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html

One day in the not-so-far future I will end with Parkinsons' from the all-day head shaking....
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 23, 2018, 07:14:21 PM #39
But Intel proposing an OPT-IN hardware flag for "this cpu is insecure, please make it safe and slow" is no indication of lawyer-based R&D and general "cover-my-ass"ing for having done nothing wrong whatsoever? It seems silly on the surface to even entertain the idea of it, the malice hidden beneath if baked into actual hardware... "you can't sue us if you don't use the secure mode -- also we are fast by default, slow is merely your fault -- both issues are not linked if you try to imply that".

https://news.ycombinator.com/item?id=16202205


Cheers,
Franco
Print
Go Up Pages 1 2 3
User actions