Announcement

Collapse
No announcement yet.

The Performance Hit For A Xeon-Backed Ubuntu Linux VM With L1TF / Foreshadow Patches

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Performance Hit For A Xeon-Backed Ubuntu Linux VM With L1TF / Foreshadow Patches

    Phoronix: The Performance Hit For A Xeon-Backed Ubuntu Linux VM With L1TF / Foreshadow Patches

    Last week L1 Terminal Fault (a.k.a. L1TF and Foreshadow) was made public as the latest set of speculative execution vulnerabilities affecting Intel processors. This Meltdown-like issue was met by same-day Linux kernel patches for mitigating the problem and does introduce another performance penalty but in this case is at least only limited to virtual machines. Last week I posted some initial L1TF-mitigated KVM-based VM benchmark results using a Core i7 CPU but the results for sharing today are using a much more powerful dual Xeon server.

    http://www.phoronix.com/vr.php?view=26741

  • #2
    Nice to see these figures. Another percent or two on average I guess, unless you go full mitigation and turn off SMT.

    It would be nice to have the pre-meltdown/spectre results in as well to see the cumulative effect the past 10 months have had on Intel CPU performance.

    Comment


    • #3
      Just curious, the TTSIOD results looked odd - more than 50% loss for disabling SMT ?

      Comment


      • #4
        Originally posted by bridgman View Post
        Just curious, the TTSIOD results looked odd - more than 50% loss for disabling SMT ?
        Yeah the TTSIOD results were surprising but reproducible. Unfortunately I don't know enough about the TTSIOD design to speculate why it may have been so greatly impacted.
        Michael Larabel
        http://www.michaellarabel.com/

        Comment


        • #5
          Originally posted by sykobee View Post
          It would be nice to have the pre-meltdown/spectre results in as well to see the cumulative effect the past 10 months have had on Intel CPU performance.
          +1, I would love to see benchmarks with *ALL* the patches disabled as well.
          ## VGA ##
          AMD: X1950XTX, HD3870, HD5870
          Intel: GMA45, HD3000 (Core i5 2500K)

          Comment


          • #6
            Originally posted by sykobee View Post
            Nice to see these figures. Another percent or two on average I guess, unless you go full mitigation and turn off SMT.

            It would be nice to have the pre-meltdown/spectre results in as well to see the cumulative effect the past 10 months have had on Intel CPU performance.
            Yes that will be coming in a separate article soon.
            Michael Larabel
            http://www.michaellarabel.com/

            Comment


            • #7
              Nice write-up. The full mitigation results are scary.

              Comment


              • #8
                Interesting why Linux folks derived from their previous "slow but safe in default configuration" stance.

                I get why most folks who don't run virtual machines with untrusted code would be hurt by l1tf=full unnecessarily. But those should turn it off after they verified that it is indeed unnecessary, rather than letting unsuspecting users set up VMs that are less secure than they expect.

                I hope future Phoronix benchmarks on VMs include tests with and without l1tf mitigation, so that a fair comparison (between OSes with/without mitigation, and vulnerable/non-vulnerable CPUs) is possible.

                Comment


                • #9
                  Originally posted by Michael View Post
                  Yes that will be coming in a separate article soon.
                  Also, please compare it with AMD (from pre-Spectre to patched kernel with full L1TE mitigation).

                  Comment


                  • #10
                    Originally posted by darkbasic View Post
                    I would love to see benchmarks with *ALL* the patches disabled for both Intel and AMD cpus as well.
                    And I would like to see instructions for disabling *ALL* the patches. I do not purchase cpus so I can stick crippleware on them as some weird kind of money and time -wasting amusement (and no, I am not running an internet-facing server).

                    Comment

                    Working...
                    X