MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On
Written by Michael Larabel in Linux Security on 16 May 2019 at 03:37 PM EDT. 56 Comments
LINUX SECURITY --
The default Linux mitigations for the new Microarchitectural Data Sampling (MDS) vulnerabilities (also known as "Zombieload") do incur measurable performance cost out-of-the-box in various workloads. That's even with the default behavior where SMT / Hyper Threading remains on while it becomes increasingly apparent if wanting to fully protect your system HT must be off.

MDS was announced on Tuesday and I am running a number of MDS/Zombieload mitigation benchmarks including the likes now of comparing the overall Spectre/Meltdown/L1TF/MDS impact and also if going the "full" route of disabling Hyper Threading. Tomorrow will be the first featured (multi-page) article with MDS data on multiple systems while here are some initial numbers I am seeing when just looking at the new default cost of this MDS mitigation.

These initial results are from the Core i9 7980XE given its speed while the follow-up tests will be from various systems. These results are using Ubuntu 19.04 with its now patched kernel and updated Intel microcode. These benchmarks are looking at the default/out-of-the-box kernel and then when rebooting with mds=off from the command-line just for seeing that impact with this new kernel code disabled while the other CPU mitigations are left enabled.






There's certainly a measurable difference on top of all the other mitigations over the past year and a half.


Even code compilation performance did see a measurable difference.

The Hackbench Linux kernel scheduler benchmark is particularly hurt.



PostgreSQL takes another hit...

Redis is also pushing lower.





Ouch.


Memcached is another real-world workload affected.



Obviously if going the route of disabling Hyper Threading, the multi-threaded workloads will be even more impacted. Stay tuned for the complete scoop that should be out tomorrow on the initial batch of MDS mitigation testing.
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Linux Security News
Popular News This Week