Get the most out of your Centmin Mod LEMP stack
Become a Member

Security Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 3, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Linode Blog » An Update to Meltdown: Mitigation Deployed


     
  2. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    The impromptu Slack war room where ‘Net companies unite to fight Spectre-Meltdown

     
  3. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Linux 3.17 To 4.15 Kernel Benchmarks On Intel Gulftown & Haswell - Phoronix
     
  4. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
  5. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Intel reportedly notified Chinese companies of chip security flaw before the U.S. government

     
  6. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
  7. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Small Datum: Meltdown vs storage

     
  8. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Finding out the MySQL performance regression due to kernel mitigation for Meltdown CPU vulnerability – I used to be a MySQL DBA for Hire

     
  9. Xon

    Xon Active Member

    173
    61
    28
    Nov 16, 2015
    Ratings:
    +229
    Local Time:
    6:09 AM
    1.15.x
    MariaDB 10.3.x
    @eva2000 you can load tcmalloc into MariaDB very easily without recompiling;

    Code:
    yum install -y gperftools-libs.x86_64
    Append to /etc/my.cnf or /etc/my.cnf.d/server.cnf
    Code:
    [mysqld_safe]
    malloc-lib=/usr/lib64/libtcmalloc_minimal.so.4
    
    Restarting mysql will then show something like:
    Code:
    >service mysql restart
    Shutting down MySQL.. SUCCESS!
    Starting MySQL.180203 07:47:29 mysqld_safe Adding '/usr/lib64/libtcmalloc_minimal.so.4' to LD_PRELOAD for mysqld
    180203 07:47:29 mysqld_safe Logging to '/var/log/mysql/mysqld.log'.
    180203 07:47:29 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
    
    Double check via:
    Code:
    > pmap `pidof mysqld` | grep libtcmalloc
    00007f9c8180e000    152K r-x--  /usr/lib64/libtcmalloc_minimal.so.4.1.0
    00007f9c81834000   2048K -----  /usr/lib64/libtcmalloc_minimal.so.4.1.0
    00007f9c81a34000      8K rw---  /usr/lib64/libtcmalloc_minimal.so.4.1.0
    
    This can also be done with jemalloc too

    A brief look shows Mariadb 10.1.x use jemalloc, while Mariadb 10.2.x do not
     
    Last edited: Feb 3, 2018
  10. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Cheers @Xon yeah i have dabbled with malloc-lib in the past just didn't recall the change in mariadb 10.2. Will have revisit some mysql testing i guess.

    Centmin Mod MariaDB 10.0/10.1 and Nginx already use jemalloc instead of glibc

    Code (Text):
    lsof | grep jemalloc
    nginx     21955            root  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21956           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21957           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21958           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21960           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21961           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21962           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21964           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21965           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21967           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582           mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30583     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30584     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30585     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30586     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30587     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30588     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30589     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30590     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30591     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30592     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30593     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30594     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30595     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30597     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30598     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30599     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30600     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30601     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30602     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30603     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30604     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30605     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30606     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30607     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30608     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30609     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30610     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30611     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30879     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
     
  11. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities - Phoronix

     
  12. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Amazon EC2 Cloud Compute Performance: December vs. February - Phoronix

    Ouch Redis definitely got hammered by Spectre/Meltdown Kernel patches in terms of reduced performance

    upload_2018-2-12_3-20-48.png upload_2018-2-12_3-21-15.png
     
  13. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    KPTI/KAISER Meltdown Initial Performance Regressions

     
  14. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Love the benchmarks that Phoronix does 19-Way CPU Comparison On Ubuntu With Linux 4.15 - Phoronix

    upload_2018-2-13_10-22-33.png

    Apachebench Nginx tests were single threaded so only really testing each cpu's single threaded performance.

    upload_2018-2-13_10-24-14.png
     
  15. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    woah huge overhead for MyISAM

    MyISAM and KPTI - Performance Implications From The Meltdown Fix - MariaDB.org

    upload_2018-2-15_12-34-1.png
     
  16. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Good news on Kernel front Spectre & KPTI Get More Fixes In Linux 4.16, Offsets Some KVM Performance Losses - Phoronix

     
  17. Xon

    Xon Active Member

    173
    61
    28
    Nov 16, 2015
    Ratings:
    +229
    Local Time:
    6:09 AM
    1.15.x
    MariaDB 10.3.x
    I've noticed my XenForo dev environment @ home is now vastly slower when doing template rebuilds :(
     
  18. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Yeah the impact is being felt everywhere :( Redis server got hit hard too so I suspect it is also affecting Redis Xenforo caching performance too.
     
  19. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    seems like round 2 is about to start Meltdown-Spectre flaws: We've found new attack variants, say researchers | ZDNet

     
  20. eva2000

    eva2000 Administrator Staff Member

    50,473
    11,662
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,084
    Local Time:
    8:09 AM
    Nginx 1.25.x
    MariaDB 10.x
    Woah Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it. Bad Intel !