Article 4SG7K HOWTO Make Linux Run Blazing Fast (Again) on Intel CPUs

HOWTO Make Linux Run Blazing Fast (Again) on Intel CPUs

by
chromas
from SoylentNews on (#4SG7K)

upstart writes for Bytram:

HOWTO make Linux run blazing fast (again) on Intel CPUs

It's just been one security disaster after another for Intel the last few years. Meltdown, Spectre variant after variant and this week the "Microarchitectural Data Sampling" aka Zombieload attack have all required performance-degrading fixes and workarounds. There is no way around turning hyperthreading off to be safe from MDS/Zombieload and this is a rather high performance-price to pay. So what if you don't want to?

[...] If you're not into currency trading or high finance or military contracting or anything of that nature and you'd just like to get maximum performance for your Steam games then adding this is simple switch to your kernel parameters will leave you wide open to all the security risks for maximum excitement and squeeze back every bit of performance you used to get from your Intel CPU:

mitigations=off

If you are using a kernel older than 5.1.13 then you should use this rather long one-liner instead:

noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off

Add either mitigations=off or that long one-liner to your /etc/sysconfig/grub and re-generate grub's configuration file with grub2-mkconfig (your distributions procedure will vary) and you're all set. Do note that the latest stable branch kernels (4.14.x, 4.19.x) do have mitigations=off so that alone is enough on kernels newer than 5.1.13 and later versions of stable branch kernels such as 4.19.60+.

[...] Intel CPUs are not alone in having some security issues. There are problems with other CPUs too. The mitigations=off can be used on any CPU but what it does, if anything, will depend on what CPU you are using. It can be used to slightly increase performance on Intel, AMD, ARM and even PowerPC architectures.

[...] The performance gained by disabling workarounds for the mostly Intel CPU security flaws are not all that impressive in all workloads. The reason is that the most performance-hampering measure required to safely use a Intel CPU is to disable SMT (HyperThreading). Doing so crushes performance in a really noticeable way, so much so that the Linux kernel developers decided to leave SMT enabled by default (unlike some *BSD variants who do disable SMT). Newer Linux kernels will by default use mds=full and not the safer mds=full,nosmt parameter which banks and financial institutions should be using. There is a different between default performance and performance with mitigations=off but it is nowhere near as large as the difference between mitigations=off and mds=full,nosmt.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments