[elrepo] kernel-lt and kernel-ml updates for Meltdown and Spectre

Dave Chiluk dchiluk at indeed.com
Tue Mar 13 15:50:16 EDT 2018 

Those articles are all well and good, but the direction that upstream
took for enabling/disabling ibpb and ibrs are available in
Documentation/admin-guide/kernel-parameters.txt.  The RHEL sysfs
mechanisms do not exist in the mainline kernels.

Here's the relevant portion of the admin guide.

"
    spectre_v2= [X86] Control mitigation of Spectre variant 2
            (indirect branch speculation) vulnerability.

            on   - unconditionally enable
            off  - unconditionally disable
            auto - kernel detects whether your CPU model is
                   vulnerable

            Selecting 'on' will, and 'auto' may, choose a
            mitigation method at run time according to the
            CPU, the available microcode, the setting of the
            CONFIG_RETPOLINE configuration option, and the
            compiler with which the kernel was built.

            Specific mitigations can also be selected manually:

            retpoline     - replace indirect branches
            retpoline,generic - google's original retpoline
            retpoline,amd     - AMD-specific minimal thunk

            Not specifying this option is equivalent to
            spectre_v2=auto.
"

Let us know if/when you get benchmarks as I think we'd all like to know.

Happy benching.

Dave.

On Sat, Mar 10, 2018 at 3:39 AM Phil Perry <phil at elrepo.org> wrote:
>
> On 10/03/18 01:23, David Ranch wrote:
> >
> > Thanks for the news!
> >
> > Now the next big question, taking a kernel compile as the use case: does
> > anyone have any benchmarks on the built time pre and post BIOS, CPU
> > Instruction, and Compiler fixes say for a non-cutting edge CPU from Intel?
> >
> > --David
> >
> >
> >  > STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)
> >
>
> Hi David,
>
> We have not done any specific performance measurements, but I note a
> couple of Red Hat articles on the subject:
>
> https://access.redhat.com/articles/3307751
> https://access.redhat.com/articles/3311301
>
> and there could be further differences between RHEL and elrepo kernels
> which may or may not be Meltdown/Spectre/retpoline related.
>
> Google will no doubt find you more articles, and you now have the tools
> to make your own assessment for the throughputs and benchmarks that
> matter to you.
>
> The only benchmark I routinely run is glmark2 for our nvidia driver
> releases and I haven't observed any measurable differences pre/post
> Meltdown/Spectre that do not fall within normal tolerances of the tests.
>
> _______________________________________________
> elrepo mailing list
> elrepo at lists.elrepo.org
> http://lists.elrepo.org/mailman/listinfo/elrepo

More information about the elrepo mailing list