[afnog] Security Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign
Philip Paeps
philip at trouble.is
Thu Jan 4 19:09:06 UTC 2018
On 2018-01-04 17:55:47 (+0100), Loganaden Velvindron wrote:
> On Thu, Jan 4, 2018 at 5:27 PM, Patrick Lufundisu
> <patrickluf at gmail.com> wrote:
>> https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
>> https://security.googleblog.com/
>> https://meltdownattack.com/
>>
>> Happy new year 2018
>
> We've been looking into doing some benchmarks such as Linux kernel
> compilation with KPTI enabled. We are getting a 5% performance hit
> [0]:
Is that a relevant benchmark though? Unless you're a kernel developer,
chances are that compiling kernels doesn't come up much.
What's the performance hit like on your actual workloads: DNS, HTTP,
SMTP, etc, etc...?
> We use VoidLinux to avoid relying on systemd :)
You could run FreeBSD (or another BSD) and avoid the many other nasty
things in Linux too! ;-) (But I don't need to tell you that).
> [I would suggest people run their benchmarks on development physical
> machines to quantify performance hit and how much they need to budget
> to compensate for the performance hit. You can check if it's enabled
> on your linux kernel using dmesg: sudo dmesg | grep -i isolation
> [ 0.000000] Kernel/User page tables isolation: enabled] ]
But please run benchmarks that are relevant to your workload! There is
little reason to panic if compiling your kernel is 5% slower on your DNS
server but serving DNS queries is only (hypothetically) 1.8% slower.
Unless you don't have 1.8% headroom on your DNS server that is...
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
More information about the afnog
mailing list