Announcement

Collapse
No announcement yet.

MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On

    Phoronix: MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On

    The default Linux mitigations for the new Microarchitectural Data Sampling (MDS) vulnerabilities (also known as "Zombieload") do incur measurable performance cost out-of-the-box in various workloads. That's even with the default behavior where SMT / Hyper Threading remains on while it becomes increasingly apparent if wanting to fully protect your system HT must be off...

    http://www.phoronix.com/scan.php?pag...Initial-Impact

  • #2
    This is why AMD is better.

    Comment


    • #3
      Fuck computers let's just go back to using stone and wood.

      Comment


      • #4
        I think you should do benchmarks on Intel vs AMD, using kernel 5.1. But then comparing them with all mitigations both enabled and disabled (in both processors). I'm very interested to see the reactions of Intel owners...

        Comment


        • #5
          Originally posted by tildearrow View Post
          This is why AMD is better.
          Some people keep raising the possibility that with Intel having much more market share they are the ones primarily being targeted by research institutes for vulnerabilities.

          So my question is this really Intel taking shortcuts and producing less secure architectures than AMD? Or is it just that AMD is getting less hammered by researchers and hackers looking for vulnerabilities?

          Though even if that is the case I guess your argument still stands because it doesn't necessarily matter which is inherently more secure and what really matters is which one has more severe vulnerabilities known to hackers and the public.

          Comment


          • #6
            One of the Intel writeups said that their 8th and 9th gen processors have hardware mitigations, but my 8th gen processor defaulted to the same "Clear CPU buffers; SMT vulnerable". Is it safe to disable the MDS mitigations on 8th and 9th gen processors? Will less aggressive mitigations be possible on those in the future?

            Comment


            • #7
              If Ice Lake doesn't contain hardware mitigations for most Spectre/Meltdown/MDS/whatever vulnerabilities, I will stop buying Intel CPUs.
              Last edited by birdie; 05-17-2019, 05:21 AM. Reason: SkyLake -> Ice Lake

              Comment


              • #8
                Thanks for the heads up on this, Michael. Just added mds=off to my grub.

                GRUB_CMDLINE_LINUX_DEFAULT="quiet pti=off spectre_v2=off l1tf=off mds=off nospec_store_bypass_disable no_stf_barrier"

                Getting pretty ridiculous. Looking forward to using the cleaner, single flag when kernel 5.2 comes out.

                UPDATE: mitigations=off has been backported to all kernels.

                5.1.2 and newer have it
                5.0.16 and newer have it
                4.19.43 and newer have it
                4.14.119 and newer have it
                4.9.176 and newer have it
                4.4.180 and newer have it

                GRUB_CMDLINE_LINUX_DEFAULT="quiet mitigations=off"

                Much cleaner

                (be sure to run sudo update-grub2 after editing /etc/default/grub and then reboot)
                Last edited by perpetually high; 05-18-2019, 11:15 PM.

                Comment


                • #9
                  Would be good to see cumulative performance hit since before Spectre/Meltdown/etc and after these new issues.

                  Comment


                  • #10
                    Doubling of the context switch time, that's what's bleeding all the other results probably.

                    Comment

                    Working...
                    X