VMware engineers have tested a Linux kernel patch that addresses the Retbleed side-channel problem. The researchers came to the disappointing conclusion that this fix can affect performance, reducing it immediately by 70%.
についても話したことを思い出させてください ライナス・トーバルズ Uses Linux on an Apple MacBook Air with an M2 Processor, そしてそれも P2P ボットネット ぱんちゃん Linuxサーバーへの攻撃.
Retbleed was discovered and described by experts from the ETH Zurich last summer. At the time, the bug was reported to affect インテル processors from 3 に 6 years old, as well as AMD processors from 1 に 11 years old. Experts immediately warned that fixing the bug could have a negative impact on performance.
Let me remind you that Retbleed consists of two vulnerabilities (CVE-2022-29900 for AMD and CVE-2022-29901 for Intel) and belongs to the Specter-BTI class of speculative attacks (variant 2). The name Retbleed refers to the Retpoline security solution, which was developed by グーグル で 2018 to combat the Meltdown and Specter processor vulnerabilities. It was in the work of the Retpoline protection that fresh problems were found.
として VMware engineers now report in the Linux Kernel mailing list, the Retbleed patches do cause a noticeable performance regression in the Linux 5.19 kernel. The company’s internal tests have shown that running Linux virtual machines with the ESXi hypervisor and Linux kernel version 5.19 results in a performance drop of up to 70% with a single vCPU, ある 30% drop in network performance, and up to 13% in storage performance.
If VMware testers disabled patches for Retbleed in the 5.19 kernel, ESXi performance returned to normal levels, as in version 5.18. The tests were conducted on Intel Skylake processors released between 2015 と 2017.
Since speculative computing was generally designed to speed up data processing, it is not surprising that disabling it has a very negative impact on performance. しかし, ある 70% performance drop is simply unacceptable for many business processes and is a big problem.
実際には, if the patches are not improved and revised, users are faced with a clear choice: 使用 5.19 kernel and still lose performance, or stay on the previous version and take the possible risks, relying on the fact that the Retbleed problem is not so easy to exploit.
コメントを残す