
Linus Torvalds: After big Linux performance hit, Spectre v2 patch needs curbs - walterbell
https://www.zdnet.com/article/linus-torvalds-after-big-linux-performance-hit-spectre-v2-patch-needs-curbs/
======
mhkool
The default kernel settings should be secure. So if the current STIBP is too
expensive and SMT-disable is less expensive, I have no issue with disabling
STIBP provided that SMT is also disabled to make sure that the default kernel
is safe.

------
vectorEQ
i'm curious to any public cases of systems / companies or anything . getting
into trouble due to being pwned via an exploit like spectre where that exploit
was really the key to the whole shenanigans.... i would say a system engineer
is responsible for system configuration ,and if it's requirements call for it,
disable smt or enable this muck?

Is there even a valid real-life case that supports enabling of these measures
apart from some marketing stunt vuln disclosure? there have been many cpu bugs
and issues in the past, but post these suddenly it's all on the band-wagon to
be hyper paranoid on hw exploits... not all bad,, but maybe a bit over-
reacting? in the past these issues were just silently patched in microcode or
ignored. i remember reading about one with cache issues on xbox where they
just decided not to generate the instructions which could cause it in
compilers :')... silly but effective for the platform... and that's the thing.
i think there's hardly anyone who should worry about these kind of exploits.
rather worry about the more mundane and common ones first?

