From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mentalic To: development@lists.ipfire.org Subject: RE: Disabling SMT by default on affected Intel processors Date: Mon, 27 May 2019 10:31:36 -0500 Message-ID: <000201d514a1$482e9440$d88bbcc0$@net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3280046962127917909==" List-Id: --===============3280046962127917909== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable So far I'm not seeing a major impact on my system x86_64 Intel(R) Core(TM)2 D= uo CPU E8400 @ 3.00GHz. Running ClamAV and IPS, typical load is still under 5% even when running inte= rnet speed tests, most of the time its less than 1%. Only time I see load is = when applying IPS rules, 40-60% peak. Regards Wayne -----Original Message----- From: Development [mailto:development-bounces(a)lists.ipfire.org] On Behalf O= f Michael Tremer Sent: Monday, May 20, 2019 4:57 PM To: IPFire: Development-List Subject: Disabling SMT by default on affected Intel processors Hello guys, It is quite late and I am pretty tired because Intel allowed me to spend anot= her evening investigating what they did wrong. So here is just the short vers= ion of this: I had a call with Peter and Arne today and we discussed what we can do to act= ually fix the latest Intel vulnerabilities. There is only one option which is= to disable SMT - or rather known as Intel Hyper-Threading by default. This will decrease performance by at least 40%. I think with our workload it = might be worse. There is a new CGI which allows you to see how your hardware is affected and = it allows you to force HT on if you really really want it and do not care abo= ut people breaking into your firewall. The code has just been pushed into next. Because I want to get this update ou= t as soon as possible, please help me testing it and maybe if you have the ti= me to do some benchmarks, that would be good to know how much performance we = are actually losing. If you have questions, please don=E2=80=99t hesitate to ask. I am going to bed now :) -Michael=3D --===============3280046962127917909==--