MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On

The default Linux mitigations for the new Microarchitectural Data Sampling (MDS) vulnerabilities (also known as "Zombieload") do incur measurable performance cost out-of-the-box in various workloads. That's even with the default behavior where SMT / Hyper Threading remains on while it becomes increasingly apparent if wanting to fully protect your system HT must be off.

MDS was announced on Tuesday and I am running a number of MDS/Zombieload mitigation benchmarks including the likes now of comparing the overall Spectre/Meltdown/L1TF/MDS impact and also if going the "full" route of disabling Hyper Threading. Tomorrow will be the first featured (multi-page) article with MDS data on multiple systems while here are some initial numbers I am seeing when just looking at the new default cost of this MDS mitigation.

These initial results are from the Core i9 7980XE given its speed while the follow-up tests will be from various systems. These results are using Ubuntu 19.04 with its now patched kernel and updated Intel microcode. These benchmarks are looking at the default/out-of-the-box kernel and then when rebooting with mds=off from the command-line just for seeing that impact with this new kernel code disabled while the other CPU mitigations are left enabled.






There's certainly a measurable difference on top of all the other mitigations over the past year and a half.


Even code compilation performance did see a measurable difference.

The Hackbench Linux kernel scheduler benchmark is particularly hurt.



PostgreSQL takes another hit...

Redis is also pushing lower.





Ouch.


Memcached is another real-world workload affected.



Obviously if going the route of disabling Hyper Threading, the multi-threaded workloads will be even more impacted. Stay tuned for the complete scoop that should be out tomorrow on the initial batch of MDS mitigation testing.