or do it live https://access.redhat.com/articles/3311301
# echo 0 > /sys/kernel/debug/x86/pti_enabled
# echo 0 > /sys/kernel/debug/x86/ibpb_enabled
# echo 0 > /sys/kernel/debug/x86/ibrs_enabled
stijn
On 01/05/2018 12:54 PM, David wrote:
> Hi!
>
> nopti or pti=off in kernel options should disable some of the kpti.
> I haven't tried it yet though, so give it a whirl.
>
> https://en.wikipedia.org/wiki/Kernel_page-table_isolation
> <https://en.wikipedia.org/wiki/Kernel_page-table_isolation>
>
> Kind Regards,
>
> David Majchrzak
>
>
>> 5 jan. 2018 kl. 11:03 skrev Xavier Trilla <xavier.tri...@silicontower.net>:
>>
>> Hi Nick,
>>
>> I'm actually wondering about exactly the same. Regarding OSDs, I agree,
>> there is no reason to apply the security patch to the machines running the
>> OSDs -if they are properly isolated in your setup-.
>>
>> But I'm worried about the hypervisors, as I don't know how meltdown or
>> Spectre patches -AFAIK, only Spectre patch needs to be applied to the host
>> hypervisor, Meltdown patch only needs to be applied to guest- will affect
>> librbd performance in the hypervisors.
>>
>> Does anybody have some information about how Meltdown or Spectre affect ceph
>> OSDs and clients?
>>
>> Also, regarding Meltdown patch, seems to be a compilation option, meaning
>> you could build a kernel without it easily.
>>
>> Thanks,
>> Xavier.
>>
>> -----Mensaje original-----
>> De: ceph-users [mailto:ceph-users-boun...@lists.ceph.com] En nombre de Nick
>> Fisk
>> Enviado el: jueves, 4 de enero de 2018 17:30
>> Para: 'ceph-users' <ceph-users@lists.ceph.com>
>> Asunto: [ceph-users] Linux Meltdown (KPTI) fix and how it affects
>> performance?
>>
>> Hi All,
>>
>> As the KPTI fix largely only affects the performance where there are a large
>> number of syscalls made, which Ceph does a lot of, I was wondering if
>> anybody has had a chance to perform any initial tests. I suspect small write
>> latencies will the worse affected?
>>
>> Although I'm thinking the backend Ceph OSD's shouldn't really be at risk
>> from these vulnerabilities, due to them not being direct user facing and
>> could have this work around disabled?
>>
>> Nick
>>
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@lists.ceph.com
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>> _______________________________________________
>> ceph-users mailing list
>> ceph-users@lists.ceph.com
>> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
>
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
