Rollback to Linux Kernel & Linux Firmware Prior to MeltDown & Spectre Fix

[Cosmo.]

In my understanding the last post says: I am still after another week not able to notice anything and only believe in what I read.

[Royi]

No, You're wrong.

Just like I feel the difference between Haswell and Coffee Lake which is ~10% I can feel those.
Yet indeed 10% becomes noticeable only when doing long tasks (More than few seconds).
I tend to do those hence I can feel the difference.

[Royi]

Another Spectre / MeltDown Variant Issue - Microsoft, Google: We've Found a Fourth Data Leaking Meltdown Spectre CPU Hole.

Of course it comes with another performance hit:

"This mitigation will be set to off-by-default, providing customers the choice of whether to enable it or not. We expect most industry software partners will likewise use the default-off option. In this configuration, we have observed no performance impact. If enabled, we’ve observed a performance impact of approximately 2-8 per cent based on overall scores for benchmarks like SYSmark 2014 SE and SPEC integer rate on client and server test systems."

Since those are irrelevant for the end user (Single User of a computer) I hope in Linux they will switch all of them OFF by default.
I really hate those performance hits.

[smurphos]

Since those are irrelevant for the end user (Single User of a computer) I hope in Linux they will switch all of them OFF by default.
I really hate those performance hits.

https://wiki.ubuntu.com/SecurityTeam/Kn ... e/Variant4

In Ubuntu, SSBD is OFF by default because it is not needed by most programs and carries a notable performance impact. A prctl() has been added (PR_SPEC_STORE_BYPASS) that enables developers to opt into the mitigation on a per process basis. Applications using a seccomp filter will be implicitly opted into the mitigations. This means that strict and devmode snaps, processes inside of LXD containers, sandboxed processes of the Firefox and Chromium browsers, among some other processes running in a default Ubuntu install on x86 processors, will have the SSBD mitigation enabled out of the box.

Users can explicitly opt-in to SSBD mitigations, on a system-wide basis, by booting with the spec_store_bypass_disable=on boot parameter. See the Mitigation Controls page for details on available boot options.

[Royi]

Since those are irrelevant for the end user (Single User of a computer) I hope in Linux they will switch all of them OFF by default.
I really hate those performance hits.

https://wiki.ubuntu.com/SecurityTeam/Kn ... e/Variant4

In Ubuntu, SSBD is OFF by default because it is not needed by most programs and carries a notable performance impact. A prctl() has been added (PR_SPEC_STORE_BYPASS) that enables developers to opt into the mitigation on a per process basis. Applications using a seccomp filter will be implicitly opted into the mitigations. This means that strict and devmode snaps, processes inside of LXD containers, sandboxed processes of the Firefox and Chromium browsers, among some other processes running in a default Ubuntu install on x86 processors, will have the SSBD mitigation enabled out of the box.

Users can explicitly opt-in to SSBD mitigations, on a system-wide basis, by booting with the spec_store_bypass_disable=on boot parameter. See the Mitigation Controls page for details on available boot options.

Yea, in the article above it was said this one will be Opt In only.
Yet I want to be able to disable all those Spectre / Meltdown protections and make them Opt In (Not only variant 4).

[michael louwe]

AFAIK, nearly all web-servers have applied the mitigations for Meltdown & Spectre = slower Internet. Most computer users have applied the same mitigations = slower computers. A Double Whammy.!

No thanks to the Speculative Execution feature in CPUs that gave a "false" performance boost. Intel had put performance ahead of security in her quest to out-market AMD during the 1990s. Isn't speculation a bad thing to do.? Does self-driving cars also use Speculative Execution.?