Disabling SMT by default on affected Intel processors

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Disabling SMT by default on affected Intel processors
Date: Mon, 20 May 2019 22:56:37 +0100	[thread overview]
Message-ID: <E6CB11C5-A56A-43F8-8B42-CFBAC16B869E@ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1056 bytes --]

Hello guys,

It is quite late and I am pretty tired because Intel allowed me to spend another evening investigating what they did wrong. So here is just the short version of this:

I had a call with Peter and Arne today and we discussed what we can do to actually fix the latest Intel vulnerabilities. There is only one option which is to disable SMT - or rather known as Intel Hyper-Threading by default.

This will decrease performance by at least 40%. I think with our workload it might be worse.

There is a new CGI which allows you to see how your hardware is affected and it allows you to force HT on if you really really want it and do not care about people breaking into your firewall.

The code has just been pushed into next. Because I want to get this update out as soon as possible, please help me testing it and maybe if you have the time to do some benchmarks, that would be good to know how much performance we are actually losing.

If you have questions, please don’t hesitate to ask.

I am going to bed now :)

-Michael

next             reply	other threads:[~2019-05-20 21:56 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-20 21:56 Michael Tremer [this message]
2019-05-27 15:31 ` Mentalic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E6CB11C5-A56A-43F8-8B42-CFBAC16B869E@ipfire.org \
    --to=michael.tremer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox