* Disabling SMT by default on affected Intel processors
@ 2019-05-20 21:56 Michael Tremer
2019-05-27 15:31 ` Mentalic
0 siblings, 1 reply; 2+ messages in thread
From: Michael Tremer @ 2019-05-20 21:56 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1056 bytes --]
Hello guys,
It is quite late and I am pretty tired because Intel allowed me to spend another evening investigating what they did wrong. So here is just the short version of this:
I had a call with Peter and Arne today and we discussed what we can do to actually fix the latest Intel vulnerabilities. There is only one option which is to disable SMT - or rather known as Intel Hyper-Threading by default.
This will decrease performance by at least 40%. I think with our workload it might be worse.
There is a new CGI which allows you to see how your hardware is affected and it allows you to force HT on if you really really want it and do not care about people breaking into your firewall.
The code has just been pushed into next. Because I want to get this update out as soon as possible, please help me testing it and maybe if you have the time to do some benchmarks, that would be good to know how much performance we are actually losing.
If you have questions, please don’t hesitate to ask.
I am going to bed now :)
-Michael
^ permalink raw reply [flat|nested] 2+ messages in thread
* RE: Disabling SMT by default on affected Intel processors
2019-05-20 21:56 Disabling SMT by default on affected Intel processors Michael Tremer
@ 2019-05-27 15:31 ` Mentalic
0 siblings, 0 replies; 2+ messages in thread
From: Mentalic @ 2019-05-27 15:31 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1631 bytes --]
So far I'm not seeing a major impact on my system x86_64 Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz.
Running ClamAV and IPS, typical load is still under 5% even when running internet speed tests, most of the time its less than 1%. Only time I see load is when applying IPS rules, 40-60% peak.
Regards
Wayne
-----Original Message-----
From: Development [mailto:development-bounces(a)lists.ipfire.org] On Behalf Of Michael Tremer
Sent: Monday, May 20, 2019 4:57 PM
To: IPFire: Development-List
Subject: Disabling SMT by default on affected Intel processors
Hello guys,
It is quite late and I am pretty tired because Intel allowed me to spend another evening investigating what they did wrong. So here is just the short version of this:
I had a call with Peter and Arne today and we discussed what we can do to actually fix the latest Intel vulnerabilities. There is only one option which is to disable SMT - or rather known as Intel Hyper-Threading by default.
This will decrease performance by at least 40%. I think with our workload it might be worse.
There is a new CGI which allows you to see how your hardware is affected and it allows you to force HT on if you really really want it and do not care about people breaking into your firewall.
The code has just been pushed into next. Because I want to get this update out as soon as possible, please help me testing it and maybe if you have the time to do some benchmarks, that would be good to know how much performance we are actually losing.
If you have questions, please don’t hesitate to ask.
I am going to bed now :)
-Michael=
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-05-27 15:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-20 21:56 Disabling SMT by default on affected Intel processors Michael Tremer
2019-05-27 15:31 ` Mentalic
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox