Arm2Arm: Enable or disable Meltdown and Spectre attack protection on CentOS

After kernel and microcode update one can enable or disable the protection:
Enable:
sh ./set-protection.sh 1
or
Disable:
sh ./set-protection.sh 0

And the script content is:

#!/bin/bash

[ ! -d /sys/kernel/debug/x86 ]&& mount -t debugfs debugfs /sys/kernel/debug
echo $1 > /sys/kernel/debug/x86/pti_enabled
echo $1 > /sys/kernel/debug/x86/ibrs_enabled
echo $1 > /sys/kernel/debug/x86/ibpb_enabled

Q:Why should I disable the protection?
A: If you enable the protection you might accounter the performance degradation.
For some tasks one can enable or disable it:
Synthetic test iperf3 shows network performance over IB degradation about x2:
node01:iperf3 -s
node02:iperf3 -c node01.ib

Enabled:

[ ID] Interval           Transfer     Bandwidth       Retr
[ 4]   0.00-10.00 sec 8.70 GBytes 7.48 Gbits/sec    0             sender
[ 4]   0.00-10.00 sec 8.70 GBytes 7.47 Gbits/sec                  receiver

Disabled:
[ ID] Interval           Transfer     Bandwidth       Retr
[ 4]   0.00-10.00 sec 17.6 GBytes 15.1 Gbits/sec    0             sender
[ 4]   0.00-10.00 sec 17.6 GBytes 15.1 Gbits/sec                  receiver

[node01~]#ibstat
CA 'mlx4_0'
    CA type: MT4099
    Number of ports: 1
    Firmware version: 2.40.7000
    Hardware version: 0
    Node GUID: 0xXXXXXXX
    System image GUID: 0xXXXXXXX
    Port 1:
        State: Active
        Physical state: LinkUp
        Rate: 56
        Base lid: 338
        LMC: 0
        SM lid: 3
        Capability mask: 0xXXXXXX
        Port GUID: 0xXXXXXXX
        Link layer: InfiniBand

Arm2Arm

Mittwoch, 10. Januar 2018

Enable or disable Meltdown and Spectre attack protection on CentOS

Keine Kommentare:

Über mich

Blog-Archiv