or do it live https://access.redhat.com/articles/3311301 # echo 0 > /sys/kernel/debug/x86/pti_enabled # echo 0 > /sys/kernel/debug/x86/ibpb_enabled # echo 0 > /sys/kernel/debug/x86/ibrs_enabled stijn On 01/05/2018 12:54 PM, David wrote: > Hi! > > nopti or pti=off in kernel options should disable some of the kpti. > I haven't tried it yet though, so give it a whirl. > > https://en.wikipedia.org/wiki/Kernel_page-table_isolation <https://en.wikipedia.org/wiki/Kernel_page-table_isolation> > > Kind Regards, > > David Majchrzak > > >> 5 jan. 2018 kl. 11:03 skrev Xavier Trilla <xavier.trilla@xxxxxxxxxxxxxxxx>: >> >> Hi Nick, >> >> I'm actually wondering about exactly the same. Regarding OSDs, I agree, there is no reason to apply the security patch to the machines running the OSDs -if they are properly isolated in your setup-. >> >> But I'm worried about the hypervisors, as I don't know how meltdown or Spectre patches -AFAIK, only Spectre patch needs to be applied to the host hypervisor, Meltdown patch only needs to be applied to guest- will affect librbd performance in the hypervisors. >> >> Does anybody have some information about how Meltdown or Spectre affect ceph OSDs and clients? >> >> Also, regarding Meltdown patch, seems to be a compilation option, meaning you could build a kernel without it easily. >> >> Thanks, >> Xavier. >> >> -----Mensaje original----- >> De: ceph-users [mailto:ceph-users-bounces@xxxxxxxxxxxxxx] En nombre de Nick Fisk >> Enviado el: jueves, 4 de enero de 2018 17:30 >> Para: 'ceph-users' <ceph-users@xxxxxxxxxxxxxx> >> Asunto: Linux Meltdown (KPTI) fix and how it affects performance? >> >> Hi All, >> >> As the KPTI fix largely only affects the performance where there are a large number of syscalls made, which Ceph does a lot of, I was wondering if anybody has had a chance to perform any initial tests. I suspect small write latencies will the worse affected? >> >> Although I'm thinking the backend Ceph OSD's shouldn't really be at risk from these vulnerabilities, due to them not being direct user facing and could have this work around disabled? >> >> Nick >> >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >> _______________________________________________ >> ceph-users mailing list >> ceph-users@xxxxxxxxxxxxxx >> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |