Learn about Centmin Mod LEMP Stack today
Become a Member

Security August 2018: Kernel Security Update: L1TF - L1 Terminal Fault Attack CVE-2018-3620 & CVE-2018-3646

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Aug 15, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    39,742
    8,765
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,486
    Local Time:
    4:59 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    hmm Debian and Intel not having a nice time for microcode updates Use Debian? Want Intel's latest CPU patch? Small print sparks big problem

    comments highlight the chaged license restriction that Debian objects to
    prevent folks from publicly benchmarking or sharing before and after results of microcode updates ! Like Phoronix does
     
  2. eva2000

    eva2000 Administrator Staff Member

    39,742
    8,765
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,486
    Local Time:
    4:59 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  3. eva2000

    eva2000 Administrator Staff Member

    39,742
    8,765
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,486
    Local Time:
    4:59 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    RamNode email update for L1TF related maintenance
     
  4. eva2000

    eva2000 Administrator Staff Member

    39,742
    8,765
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,486
    Local Time:
    4:59 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Intel back tracks on updated microcode license agreement Intel rips up microcode security fix license that banned benchmarking
     
  5. eva2000

    eva2000 Administrator Staff Member

    39,742
    8,765
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,486
    Local Time:
    4:59 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Benchmarks Of Intel's Latest Linux Microcode Update - Phoronix
    Also get to see bare metal dedicated vs KVM virtualization performance overhead !

    upload_2018-8-28_11-33-35.png

    upload_2018-8-28_11-34-40.png

    upload_2018-8-28_11-35-3.png

    Interesting for Nginx KVM server with better performance ?

    upload_2018-8-28_11-35-46.png
     
  6. eva2000

    eva2000 Administrator Staff Member

    39,742
    8,765
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,486
    Local Time:
    4:59 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    The Performance Cost Of Spectre / Meltdown / Foreshadow Mitigations On Linux 4.19 - Phoronix. Though absolute numbers still show Intel leading performance even with reduced performance Linux 4.19 - Xeon Vs. EPYC Spectre / Meltdown Benchmarks Performance - OpenBenchmarking.org

    upload_2018-8-31_4-13-44.png

    upload_2018-8-31_4-14-19.png

    Note other Linux distributions' provided Nginx binaries previously also reported 21-26% reduction in performance with meltdown fixes, but Centmin Mod Nginx on i7 4790K at least only saw ~5.5% reduction in performance due to Centmin Mod Nginx using jemalloc memory allocator instead of normal glibc malloc that most Nginx binaries use.
     
    Last edited: Aug 31, 2018
..