From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Disabling SMT by default on affected Intel processors Date: Mon, 20 May 2019 22:56:37 +0100 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2615217558518760906==" List-Id: --===============2615217558518760906== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello guys, It is quite late and I am pretty tired because Intel allowed me to spend anot= her evening investigating what they did wrong. So here is just the short vers= ion of this: I had a call with Peter and Arne today and we discussed what we can do to act= ually fix the latest Intel vulnerabilities. There is only one option which is= to disable SMT - or rather known as Intel Hyper-Threading by default. This will decrease performance by at least 40%. I think with our workload it = might be worse. There is a new CGI which allows you to see how your hardware is affected and = it allows you to force HT on if you really really want it and do not care abo= ut people breaking into your firewall. The code has just been pushed into next. Because I want to get this update ou= t as soon as possible, please help me testing it and maybe if you have the ti= me to do some benchmarks, that would be good to know how much performance we = are actually losing. If you have questions, please don=E2=80=99t hesitate to ask. I am going to bed now :) -Michael --===============2615217558518760906==--