Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Should I get retpoline?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
saturnalia0
Tux's lil' helper
Tux's lil' helper


Joined: 13 Oct 2016
Posts: 134
PostPosted: Thu Jun 07, 2018 9:48 am    Post subject: Should I get retpoline? Reply with quote
I was updating my kernel today after a long period of inactivity and was presented with the following option:

Code:

Avoid speculative indirect branches in kernel (RETPOLINE) [Y/n/?] (NEW)


As I understand it this is related to spectre. I found the following article, which mentions that:

Code:

The strategies used to make this prediction vary between hardware implementations, they are commonly not isolated between security domains to reduce complexity and improve performance. 

https://support.google.com/faqs/answer/7625886

So I assume enabling this would have an impact in performance. This is a home computer. It only uses a web browser with javascript disabled and some trusted(TM) applications to connect to the internet. Is spectre such a worry in this case such that retpoline should be enable, or is the performance impact negligible enough to enable it nevertheless?
Back to top
View user's profile Send private message
Perfect Gentleman
Veteran
Veteran


Joined: 18 May 2014
Posts: 1246
PostPosted: Thu Jun 07, 2018 11:14 am    Post subject: Reply with quote
Quote:
Compile kernel with the retpoline compiler options to guard against kernel-to-user data leaks by avoiding speculative indirect branches. Requires a compiler with -mindirect-branch=thunk-extern support for full protection. The kernel may run slower.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3509
PostPosted: Thu Jun 07, 2018 1:56 pm    Post subject: Reply with quote
If this is just a home system, and if you're not a gamer looking for every last fps of performance, I'd let the retpoline be turned on. As much as you think you've done everything you can to restrict internet access to safe programs, better safe than sorry.

If I had a "must have every last spec of performance" situation, I'd be inclined to have that on a more tightly-controlled installation. Maybe no web browser installed, maybe firewalled with only white-list access so you can only get in and out via known service paths.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy