Welcome to Centmin Mod Community
Register Now

Security Intel Processor Flaw 'kernel memory leaking' [Spectre & Meltdown]

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Jan 3, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Linode Blog » An Update to Meltdown: Mitigation Deployed


     
  2. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    The impromptu Slack war room where ‘Net companies unite to fight Spectre-Meltdown

     
  3. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Linux 3.17 To 4.15 Kernel Benchmarks On Intel Gulftown & Haswell - Phoronix
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Intel reportedly notified Chinese companies of chip security flaw before the U.S. government

     
  6. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Small Datum: Meltdown vs storage

     
  8. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Finding out the MySQL performance regression due to kernel mitigation for Meltdown CPU vulnerability – I used to be a MySQL DBA for Hire

     
  9. Xon

    Xon Active Member

    173
    61
    28
    Nov 16, 2015
    Ratings:
    +229
    Local Time:
    6:41 PM
    1.15.x
    MariaDB 10.3.x
    @eva2000 you can load tcmalloc into MariaDB very easily without recompiling;

    Code:
    yum install -y gperftools-libs.x86_64
    Append to /etc/my.cnf or /etc/my.cnf.d/server.cnf
    Code:
    [mysqld_safe]
    malloc-lib=/usr/lib64/libtcmalloc_minimal.so.4
    
    Restarting mysql will then show something like:
    Code:
    >service mysql restart
    Shutting down MySQL.. SUCCESS!
    Starting MySQL.180203 07:47:29 mysqld_safe Adding '/usr/lib64/libtcmalloc_minimal.so.4' to LD_PRELOAD for mysqld
    180203 07:47:29 mysqld_safe Logging to '/var/log/mysql/mysqld.log'.
    180203 07:47:29 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
    
    Double check via:
    Code:
    > pmap `pidof mysqld` | grep libtcmalloc
    00007f9c8180e000    152K r-x--  /usr/lib64/libtcmalloc_minimal.so.4.1.0
    00007f9c81834000   2048K -----  /usr/lib64/libtcmalloc_minimal.so.4.1.0
    00007f9c81a34000      8K rw---  /usr/lib64/libtcmalloc_minimal.so.4.1.0
    
    This can also be done with jemalloc too

    A brief look shows Mariadb 10.1.x use jemalloc, while Mariadb 10.2.x do not
     
    Last edited: Feb 3, 2018
  10. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Cheers @Xon yeah i have dabbled with malloc-lib in the past just didn't recall the change in mariadb 10.2. Will have revisit some mysql testing i guess.

    Centmin Mod MariaDB 10.0/10.1 and Nginx already use jemalloc instead of glibc

    Code (Text):
    lsof | grep jemalloc
    nginx     21955            root  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21956           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21957           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21958           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21960           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21961           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21962           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21964           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21965           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    nginx     21967           nginx  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582           mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30583     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30584     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30585     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30586     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30587     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30588     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30589     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30590     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30591     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30592     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30593     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30594     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30595     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30597     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30598     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30599     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30600     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30601     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30602     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30603     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30604     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30605     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30606     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30607     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30608     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30609     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30610     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30611     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
    mysqld    30582 30879     mysql  mem       REG                9,0    212096      18167 /usr/lib64/libjemalloc.so.1
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Jon Masters On Understanding Spectre & Meltdown CPU Vulnerabilities - Phoronix

     
  12. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Amazon EC2 Cloud Compute Performance: December vs. February - Phoronix

    Ouch Redis definitely got hammered by Spectre/Meltdown Kernel patches in terms of reduced performance

    upload_2018-2-12_3-20-48.png upload_2018-2-12_3-21-15.png
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    KPTI/KAISER Meltdown Initial Performance Regressions

     
  14. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Love the benchmarks that Phoronix does 19-Way CPU Comparison On Ubuntu With Linux 4.15 - Phoronix

    upload_2018-2-13_10-22-33.png

    Apachebench Nginx tests were single threaded so only really testing each cpu's single threaded performance.

    upload_2018-2-13_10-24-14.png
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    woah huge overhead for MyISAM

    MyISAM and KPTI - Performance Implications From The Meltdown Fix - MariaDB.org

    upload_2018-2-15_12-34-1.png
     
  16. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Good news on Kernel front Spectre & KPTI Get More Fixes In Linux 4.16, Offsets Some KVM Performance Losses - Phoronix

     
  17. Xon

    Xon Active Member

    173
    61
    28
    Nov 16, 2015
    Ratings:
    +229
    Local Time:
    6:41 PM
    1.15.x
    MariaDB 10.3.x
    I've noticed my XenForo dev environment @ home is now vastly slower when doing template rebuilds :(
     
  18. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah the impact is being felt everywhere :( Redis server got hit hard too so I suspect it is also affecting Redis Xenforo caching performance too.
     
  19. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    seems like round 2 is about to start Meltdown-Spectre flaws: We've found new attack variants, say researchers | ZDNet

     
  20. eva2000

    eva2000 Administrator Staff Member

    54,387
    12,198
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,763
    Local Time:
    8:41 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Woah Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it. Bad Intel !