From: Mentalic <mentalic@cox.net>
To: development@lists.ipfire.org
Subject: RE: Disabling SMT by default on affected Intel processors
Date: Mon, 27 May 2019 10:31:36 -0500 [thread overview]
Message-ID: <000201d514a1$482e9440$d88bbcc0$@net> (raw)
In-Reply-To: <E6CB11C5-A56A-43F8-8B42-CFBAC16B869E@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 1631 bytes --]
So far I'm not seeing a major impact on my system x86_64 Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz.
Running ClamAV and IPS, typical load is still under 5% even when running internet speed tests, most of the time its less than 1%. Only time I see load is when applying IPS rules, 40-60% peak.
Regards
Wayne
-----Original Message-----
From: Development [mailto:development-bounces(a)lists.ipfire.org] On Behalf Of Michael Tremer
Sent: Monday, May 20, 2019 4:57 PM
To: IPFire: Development-List
Subject: Disabling SMT by default on affected Intel processors
Hello guys,
It is quite late and I am pretty tired because Intel allowed me to spend another evening investigating what they did wrong. So here is just the short version of this:
I had a call with Peter and Arne today and we discussed what we can do to actually fix the latest Intel vulnerabilities. There is only one option which is to disable SMT - or rather known as Intel Hyper-Threading by default.
This will decrease performance by at least 40%. I think with our workload it might be worse.
There is a new CGI which allows you to see how your hardware is affected and it allows you to force HT on if you really really want it and do not care about people breaking into your firewall.
The code has just been pushed into next. Because I want to get this update out as soon as possible, please help me testing it and maybe if you have the time to do some benchmarks, that would be good to know how much performance we are actually losing.
If you have questions, please don’t hesitate to ask.
I am going to bed now :)
-Michael=
prev parent reply other threads:[~2019-05-27 15:31 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-20 21:56 Michael Tremer
2019-05-27 15:31 ` Mentalic [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000201d514a1$482e9440$d88bbcc0$@net' \
--to=mentalic@cox.net \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox