
Hi Russell, all
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
Lev just tweeted the above links. This is annoying, it means rebooting all systems with Intel CPUs for which security is important and also ongoing performance loss for all modern systems with Intel CPUs.
A nuisance indeed, most hosted VMs will be impacted - with the % performance loss, companies may need to scale up or out additionally, incurring extra cost. This won't create happiness.
People who care about performance not security (EG gamers and people who mostly do compiles) could run in a less secure mode (run an old kernel or maybe a newer kernel patched to turn off this security feature).
This raises the interesting question: will distros start to provide separate kernel packages for Intel and AMD CPUs. I'd guess they will, as the performance hit of the KPTI workaround is significant. I use AMD desktops and servers at my home office, and naturally I'd like to keep the performance they deliver. While I'm quite capable of compiling my own kernel, I tend to not bother with that in recent years. Regards, Arjen.