The controversy around snaps is growing :-(

Ralf Mardorf kde.lists at yahoo.com
Mon May 4 17:22:07 UTC 2020 

On Mon, 4 May 2020 17:56:44 +0200, Ralf Mardorf wrote:
>It's just me, who still builds without. Maybe it still
>makes a difference when disabling mitigations. To be honest, I never
>tested it.

https://lists.archlinux.org/pipermail/arch-general/2018-September/045704.html

Hmm, my domain is pro audio. In general building with
  CONFIG_AUDIT is not set
seems not to bring back the moat fast path, but it still might have
some impact. I don't know.

Btw.

[rocketmouse at archlinux ~]$ grep k- .bashrc 
alias k-info='echo;echo $(uname -srvm;zgrep CONFIG_AUDIT\  /proc/config.gz || zgrep CONFIG_AUDIT= /proc/config.gz);echo;cat /proc/cmdline;echo;grep . /sys/devices/system/cpu/vulnerabilities/* | cut -d/ -f7;rtirq status|head -8;echo'
[rocketmouse at archlinux ~]$ k-info 

Linux 4.19.115-rt50-0-pussytoes #1 SMP PREEMPT RT Sat, 02 May 2020 09:05:39 +0200 x86_64 # CONFIG_AUDIT is not set

BOOT_IMAGE=../vmlinuz-linux-rt-pussytoes root=LABEL=s3.archlinux ro initrd=../intel-ucode.img,../initramfs-linux-rt-pussytoes.img

itlb_multihit:KVM: Mitigation: Split huge pages
l1tf:Mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled
mds:Mitigation: Clear CPU buffers; SMT disabled
meltdown:Mitigation: PTI
spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
spectre_v1:Mitigation: usercopy
spectre_v2:Mitigation: Full generic retpoline, IBPB: conditional, IBRS_FW, STIBP: disabled, RSB filling
tsx_async_abort:Not affected

    PID CLS RTPRIO  NI PRI %CPU STAT COMMAND	
    153 FF      90   - 130  0.0 S    irq/16-ehci_hcd	
    155 FF      90   - 130  0.0 S    irq/24-xhci_hcd	
    157 FF      89   - 129  0.0 S    irq/23-ehci_hcd	
    283 FF      85   - 125  0.0 S    irq/16-snd_hdsp	
    291 FF      80   - 120  0.0 S    irq/16-snd_ice1	
     42 FF      50   -  90  0.0 S    irq/9-acpi

IOW I build without audit and apparmor, but until now I always booted
with mitigations enabled, while I have got a menu entry to disable
mitigations, let alone that on Ubuntu I anyway use the repository's
lowlatency kernel, a kernel even without the RT patch.

More information about the ubuntu-users mailing list