On Tue, Jun 11, 2019 at 08:00:49PM +0200, Davide Prina wrote:
On 10/06/19 20:31, Michael Stone wrote:On Mon, Jun 10, 2019 at 07:46:47PM +0200, Davide Prina wrote:On 10/06/19 13:16, Michael Stone wrote:Your CPU is not supported my Intel, so you either accept the risk or buy a new one.you have another choice: disable the SMP & C. and all mitigation form LinuxThat's not correct, but will set your performance back 20 years.why is it not correct?I have read that most of this hardware bug is related to the execution of the possible future operation, while the system is executing the actual operation.OK this solution will slow down a lot your CPU.
It's simply not correct that every one of these hardware bugs can be mitigated by running on only a single thread. I think you're confusing SMP (multiple processors) with speculative execution (within a processor), but this really isn't the right forum to sort that out.
* you will get only mitigation and not bug correction. Mitigation == the attack is more hard, but it can be done successfully. I don't haveThat is also not correct.why?
Because "mitigation" simply does not mean "the attack...can be done successfully". In some cases the mitigations make an attack unlikely, in other cases the mitigations change the behavior of the system to make an attack impossible, and in some cases the mitigations add capabilities which can be used to prevent attacks but which require additional changes in programs.
* your CPU run slower because of these mitigation (I have rad that for some task you can have 50% or less performance),That depends on the CPU, some see significant impacts, others see none or were never vulnerable to some of these issues.that true, but I never read that a processor type with a spectre/meltdown/& C. have been released with a new CPU version that is immune to this bug, so you always need this software mitigation.
"etc" covers a lot of ground when we're talking about (currently) 12 seperately-identified vulnerabilities. Many CPUs weren't vulnerable to every one of the vulnerabilities. Getting one not vulnerable to the vulnerabilities that are most expensive to mitigate is a good starting place. Some have functionality that makes the mitigations less expensive than others. Again, this isn't the right place to tell people what CPU to buy or to discuss the performance characteristics of more than half a dozen different CPU families. As a specific example, AMD processors were not vulnerable to the "meltdown" bug. As a further specific example, some vulnerable intel CPUs support the PCID instructions which make the mitigation much less expensive by allowing the kernel to selectively flush the TLB rather than flushing the whole thing. So just for that one vulnerability the cost ranges from "nothing/not vulnerable" to "modest" to "severe"--though the cost is also heavily dependent on the workload and whether a single user thread does most of the work or whether there are frequent system calls or contention on the system.
There's enough misinformation about this class of attacks without spreading more...I have try to read the research that describe those hardware bugs, probably I don't have understand all or I don't have read all the document
Then it's probably best that you not tell thousands of people the wrong information.