Tuesday, December 4, 2018

Linus releases RC5 of Linux patches to fix SPECTREv2

Linus releases RC5 of Linux patches to fix SPECTREv2

Abstract:

A new set of Intel based vulnerabilities had been discovered Every security release for Linux had creates slower versions of the Operating System. Linux even started shipping their Operating System with security disabled, by default. This latest release candidate disables another item.
[Penguin courtesy TheRegister]

November Release

Linus released a kernel patch to fix a November Release issue.
In November, it emerged that Spectre Version 2 fixes in the Linux kernel were a performance nightmare. Single Thread Indirect Branch Predictors (STIBP) were the culprit: they didn't play well with symmetrical multi-threading (SMT), and performance took a 50 per cent hit.



People were not very happy about this latest fix.


[SPECTRE logo]

December Release

What is contained in this Intel Linux release candidate:
The workaround was to disable STIBP while waiting for a fix, and that's what landed in Linux 4.20-rc5. Phoronix described the fix as “processes opting into [STIBP] (via prctl interface and defaulting it on for SECCOMP processes”, rather than applying SMT to all threads.
 This latest fix attempt is not without pain.
Torvalds remarked that this release candidate has lots of code: “rc5 is the biggest rc so far (with the obvious exception of rc1), and it looks fairly unusual in the diffstat too, with almost a third being arch updates."
Merry Christmas - The Intel security nightmare continues.



[Oracle SPARC Hardware Family]

SPARC Solaris Fast & Secure

As mentioned earlier in Network Management, Oracle SPARC T4, T5, M5, M6, M7, S7, and M8 had been patched at the Firmware Level, making their systems secure for the hosted Solaris Operating System... while all older Sun 64 bit SPARC Processors were immune.


As existing Intel hardware continues to get slower with every patch, SPARC processors, which were faster to begin with, continue to show performance gains, by merely existing as a more secure alternative.

Conclusions

While the rest of the world is still struggling with Linux on Intel processors, SPARC based Data Centers continue to run. Running in security & safety under SPARC is quite normal.



No comments:

Post a Comment