Code: Select all
MITIGATION=AUTO
Thanks,
D.
Code: Select all
MITIGATION=AUTO
Check for yourself:Danielsan wrote:are those mitigations now applied by default in Debian?
Code: Select all
grep -R . /sys/devices/system/cpu/vulnerabilities
With MITIGATION=AUTOHead_on_a_Stick wrote:Check for yourself:Danielsan wrote:are those mitigations now applied by default in Debian?Code: Select all
grep -R . /sys/devices/system/cpu/vulnerabilities
Code: Select all
grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:KVM: Mitigation: VMX disabled
/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/srbds:Mitigation: Microcode
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
Code: Select all
grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: conditional, RSB filling
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:KVM: Mitigation: VMX disabled
/sys/devices/system/cpu/vulnerabilities/mds:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT vulnerable
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/srbds:Mitigation: Microcode
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
Code: Select all
devices/system/cpu/smt/control = off
AMD processors are not susceptible to as wide a range of attacks as Intel's crap; this is from my Ryzen 2500U machine:LE_746F6D617A7A69 wrote:Not only Intel CPUs are prone to such kind of attacks, AMD is vulnerable as well - the only difference is that for AMD it's much harder to find the exact timing, so statistically, AMD CPUs are more safe (but f.e. even with mitigations applied, it's still possible to attack AMD Phenom CPUs)
Code: Select all
$ grep -R . /sys/devices/system/cpu/vulnerabilities
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/srbds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
$
If I disable that voice I drop down four cores entirely...Head_on_a_Stick wrote:As you appear to have been tricked into buying Intel's garbage I would recommend disabling SMT by adding this line to /etc/sysfs.conf (or in it's own file under /etc/sysfs.d/):OpenBSD have been doing this by default since Meltdown was discovered. It will reduce performance for multi-threaded applications but increase performance if only a single thread is being used.Code: Select all
devices/system/cpu/smt/control = off