MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On
![LINUX SECURITY](/assets/categories/linuxsecurity.webp)
MDS was announced on Tuesday and I am running a number of MDS/Zombieload mitigation benchmarks including the likes now of comparing the overall Spectre/Meltdown/L1TF/MDS impact and also if going the "full" route of disabling Hyper Threading. Tomorrow will be the first featured (multi-page) article with MDS data on multiple systems while here are some initial numbers I am seeing when just looking at the new default cost of this MDS mitigation.
These initial results are from the Core i9 7980XE given its speed while the follow-up tests will be from various systems. These results are using Ubuntu 19.04 with its now patched kernel and updated Intel microcode. These benchmarks are looking at the default/out-of-the-box kernel and then when rebooting with mds=off from the command-line just for seeing that impact with this new kernel code disabled while the other CPU mitigations are left enabled.
There's certainly a measurable difference on top of all the other mitigations over the past year and a half.
Even code compilation performance did see a measurable difference.
The Hackbench Linux kernel scheduler benchmark is particularly hurt.
PostgreSQL takes another hit...
Redis is also pushing lower.
Ouch.
Memcached is another real-world workload affected.
Obviously if going the route of disabling Hyper Threading, the multi-threaded workloads will be even more impacted. Stay tuned for the complete scoop that should be out tomorrow on the initial batch of MDS mitigation testing.
57 Comments