MDS / Zombieload Mitigations Come At A Real Cost, Even If Keeping Hyper Threading On
The default Linux mitigations for the new Microarchitectural Data Sampling (MDS) vulnerabilities (also known as "Zombieload") do incur measurable performance cost out-of-the-box in various workloads. That's even with the default behavior where SMT / Hyper Threading remains on while it becomes increasingly apparent if wanting to fully protect your system HT must be off.
MDS was announced on Tuesday and I am running a number of MDS/Zombieload mitigation benchmarks including the likes now of comparing the overall Spectre/Meltdown/L1TF/MDS impact and also if going the "full" route of disabling Hyper Threading. Tomorrow will be the first featured (multi-page) article with MDS data on multiple systems while here are some initial numbers I am seeing when just looking at the new default cost of this MDS mitigation.
These initial results are from the Core i9 7980XE given its speed while the follow-up tests will be from various systems. These results are using Ubuntu 19.04 with its now patched kernel and updated Intel microcode. These benchmarks are looking at the default/out-of-the-box kernel and then when rebooting with mds=off from the command-line just for seeing that impact with this new kernel code disabled while the other CPU mitigations are left enabled.
There's certainly a measurable difference on top of all the other mitigations over the past year and a half.
Even code compilation performance did see a measurable difference.
The Hackbench Linux kernel scheduler benchmark is particularly hurt.
PostgreSQL takes another hit...
Redis is also pushing lower.
Ouch.
Memcached is another real-world workload affected.
Obviously if going the route of disabling Hyper Threading, the multi-threaded workloads will be even more impacted. Stay tuned for the complete scoop that should be out tomorrow on the initial batch of MDS mitigation testing.
MDS was announced on Tuesday and I am running a number of MDS/Zombieload mitigation benchmarks including the likes now of comparing the overall Spectre/Meltdown/L1TF/MDS impact and also if going the "full" route of disabling Hyper Threading. Tomorrow will be the first featured (multi-page) article with MDS data on multiple systems while here are some initial numbers I am seeing when just looking at the new default cost of this MDS mitigation.
These initial results are from the Core i9 7980XE given its speed while the follow-up tests will be from various systems. These results are using Ubuntu 19.04 with its now patched kernel and updated Intel microcode. These benchmarks are looking at the default/out-of-the-box kernel and then when rebooting with mds=off from the command-line just for seeing that impact with this new kernel code disabled while the other CPU mitigations are left enabled.
There's certainly a measurable difference on top of all the other mitigations over the past year and a half.
Even code compilation performance did see a measurable difference.
The Hackbench Linux kernel scheduler benchmark is particularly hurt.
PostgreSQL takes another hit...
Redis is also pushing lower.
Ouch.
Memcached is another real-world workload affected.
Obviously if going the route of disabling Hyper Threading, the multi-threaded workloads will be even more impacted. Stay tuned for the complete scoop that should be out tomorrow on the initial batch of MDS mitigation testing.
57 Comments